Detailed overview
Romania is regulated by the EU AI Act and has adopted a national AI strategy for 2024–2027. Romanian AI providers, deployers and other operators must apply the EU AI Act classification model and comply with the relevant obligations for prohibited AI, high-risk AI, transparency-risk AI and general-purpose AI models.
Romania's National Strategy in the Field of Artificial Intelligence 2024–2027 is an official national strategy document. The strategy supports AI adoption in Romania's economy and society and is connected with research, innovation, digitalisation and safe AI development. Official Romanian Government materials describe the strategy as supporting public administration in standardisation, operationalisation and regulation efforts connected with AI.
The Romanian AI strategy is not a separate EU-style AI Act. Binding AI duties for businesses come mainly from the EU AI Act, GDPR, cybersecurity rules, consumer law, employment law, healthcare regulation, financial regulation, public-sector rules and sector-specific regulation.
A high-risk AI system in Romania may include AI used in recruitment, worker management, education, credit, insurance, essential services, biometric identification, critical infrastructure, migration, law enforcement or justice. Providers of high-risk AI must implement risk management, data governance, technical documentation, conformity assessment and post-market monitoring. Deployers must supervise use, follow instructions and inform affected persons where required.
AI systems processing personal data must comply with GDPR. This is especially relevant for AI used in profiling, automated decision support, customer analytics, healthcare, employment, financial services, public administration or biometric systems.
Penalties for AI Act breaches follow the EU framework. Prohibited AI breaches may reach EUR 35 million or 7% of worldwide annual turnover. Many other AI Act breaches may reach EUR 15 million or 3%, while misleading information to authorities may reach EUR 7.5 million or 1%.
Practical requirements & details
Sourced from Regulation (EU) 2024/1689 (the EU AI Act) and Romania's National Strategy in the Field of Artificial Intelligence 2024–2027.
EU AI Act classifications
- Prohibited AI — banned.
- High-risk AI — strict compliance duties.
- Transparency-risk AI — disclosure duties.
- GPAI models — documentation, transparency and copyright-policy duties.
National AI Strategy 2024–2027
- Supports AI adoption in Romania's economy and society.
- Connected with research, innovation, digitalisation and safe AI development.
- Supports public administration in standardisation, operationalisation and regulation efforts.
High-risk areas
- Recruitment, worker management, education, credit, insurance, essential services, biometric identification, critical infrastructure, migration, law enforcement and justice.
Provider duties
- Risk management, data governance, technical documentation, conformity assessment and post-market monitoring.
Deployer duties
- Supervise use, follow instructions and inform affected persons where required.
GDPR & sectoral overlay
- Binding AI duties come mainly from the EU AI Act, GDPR, cybersecurity, consumer, employment, healthcare, financial, public-sector and sector-specific regulation.
Penalties
- EUR 35 million or 7% of worldwide annual turnover — breaches of prohibited AI rules.
- EUR 15 million or 3% of worldwide annual turnover — breaches of many other AI Act operator obligations.
- EUR 7.5 million or 1% of worldwide annual turnover — supplying incorrect, incomplete or misleading information to authorities.
Related entries
See also the European Union entry, which covers the EU AI Act (Regulation (EU) 2024/1689) — the substantive framework that this jurisdiction implements and supervises domestically.