The Bundestag adopted the Gesetz zur Marktüberwachung und Innovationsförderung im Bereich der Künstlichen Intelligenz (KI-MIG) on 11 June 2026 by a vote of CDU/CSU and SPD in favour, with AfD, Bündnis 90/Die Grünen, and Die Linke voting against. The act implements EU Regulation 2024/1689 in German domestic law and establishes the institutional structure for AI market oversight in Germany. It does not introduce new substantive compliance obligations for operators; those flow directly from the AI Act itself.
The KI-MIG designates the Bundesnetzagentur (BNetzA) as Germany's market surveillance authority under Articles 70 and 71 of EU Regulation 2024/1689, except where sector-specific competence rests with the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin), the Bundesamt für Sicherheit in der Informationstechnik (BSI), or other specialist regulators. The act also establishes a KI-Kompetenz- und Koordinierungszentrum at the BNetzA, which serves as Germany's single contact point for European institutions under Article 70(8) and coordinates enforcement across federal agencies.
Providers and importers of AI systems marketed in Germany must direct AI Act compliance notifications and market surveillance inquiries to the BNetzA for general-purpose AI models and high-risk AI applications outside a sector regulator's remit. Financial institutions, credit institutions, and payment service providers deploying AI in credit-scoring, anti-money laundering, or automated advice functions remain under BaFin's oversight. Employers using AI for hiring, monitoring, or performance evaluation must separately satisfy co-determination requirements under the Betriebsverfassungsgesetz, which apply alongside the KI-MIG. High-risk AI obligations under the AI Act take effect on 2 August 2026.
The KI-MIG does not resolve the allocation of enforcement competence for AI systems spanning multiple sectors; inter-agency coordination guidelines from the BNetzA are expected to follow. The act also leaves open which federal body will supervise AI deployed by government ministries. The interaction between the KI-MIG enforcement structure and the BSI Act for cybersecurity-relevant AI systems remains under active discussion between the BNetzA and the BSI.
Licentium advises operators on AI Act compliance across EU Member States, including authority allocation between the BNetzA, BaFin, and sector regulators in Germany. We assist with conformity assessments, incident notification procedures, and enforcement authority engagement. Work we undertake includes AI Act compliance programme design, BaFin-regulated AI deployment review, cross-border EU AI regulatory mapping, and high-risk AI system documentation.