Artificial Intelligence in Australia
Appointed supervisory authority
Information not provided.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Austria
Whilst no supervisory authority has been appointed yet, it is expected that that telecommunications regulator, RTR GmbH, will be the designated authority for Austria. An AI service has already been established by RTR GmbH.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Belgium
Belgium is yet to officially designate the national competent authorities. In an AI Board meeting on 10 September 2024, the Federal Public Service of Economy and the Agence du Numérique (Wallonia) represented Belgium. However, it is noted in the 'Declaration of the Government' (published on 31 January 2025) that the Belgian Institute for Postal Services and Telecommunications (BIPT) will be appointed as the main regulator for the AI Act.
Belgium has published the list of authorities in charge of the protection of fundamental rights under Article 77 of the AI Act. See here for details.
In addition, Belgium has established an Ethics Advisory Council on Data and AI appointed by the Minister of Civil Service and the State Secretary for Digitization.
Belgium has also announced that it will conduct a legal study with a view to setting up national regulatory sandboxes.
The Flemish Government Coalition Agreement has explicitly indicated that it will not carry out so-called ‘gold-plating’, which means going beyond the requirements on AI imposed by European or other international regulation.
A supervisory body with authority for AI has not yet been appointed in Brazil yet by way of statutory appointment. According to the Brazilian AI Bill, once the Bill is sanctioned, the National Data Protection Authority (ANPD) will coordinate a National Artificial Intelligence Regulation and Governance System (SIA), which will be created and integrated by state sector regulation bodies and self-regulation and certification entities, the Artificial Intelligence Regulatory Cooperation Council/Cria and the Committee of Artificial Intelligence Experts and Scientists/Cecia. Amongst the duties of the SIA will be the regulation of high-risk systems, strengthening the powers of the sectoral authorities and the ANPD, harmonising the work of regulatory bodies and carrying out periodic studies and sending an opinion to Congress every four years on the need to improve legislation on AI.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Bulgaria
As of June 2025, Bulgaria has not yet published detailed national implementation plans or designated specific national competent authority/authorities for supervising and enforcing the EU AI Act. There is only an indication that a plan for the establishment of this authority is in motion, based on the priority request placed by the Council of Ministers for obtaining support under the EU Technical Support Instrument for the capacity building of the Ministry of e-government as a competent institution for AI policy development and enforcement of the AI Act (Decision No. 724/24.10.2024).
Pursuant to Article 77 however, Bulgaria has designated seven national public authorities to supervise and enforce in respect of fundamental rights. These are: the Ombudsman, the Central Election Commission, the Commission for Protection against Discrimination, the Commission for Personal Data Protection, the Commission for Consumer Protection, the State Agency for Child Protection, the Executive Agency "General Labour Inspectorate", all designated by Decision of the Council of Ministers No. 398 of 18 June 2025.
A supervisory body with authority for AI has not yet been appointed in Canada by way of statutory appointment. For the deployment of AI in the public sector, the federal government has committed to establishing an AI Centre of Expertise on project support, knowledge sharing, and strategic guidance to support AI adoption and experimentation.
Article 14 of the Chilean AI Bill creates the 'AI Advisory Board' as a consultative and permanent body that will advise the Minister of Science, Technology, Knowledge and Innovation (Science Ministry) on matters related to the development, promotion and continuous improvement of AI systems in the country. The main functions of this entity are to:
- Present to the Science Ministry a proposed list of 'High-Risk' and 'Limited-Risk' AI systems.
- Advise the Science Ministry regarding the scope and mode of compliance with the rules to which operators of 'High-Risk' and 'Limited-Risk' AI systems shall be subject.
- Submit to the Science Ministry a proposal regarding the establishment of guidelines for the development of controlled test sites for AI systems, as well as for the establishment of minimum standards of compliance and accountability for their development.
Article 24 of the Chilean AI Bill establishes that a 'Personal Data Protection Agency' (Agency) will be responsible for the control and sanctioning of the infringements established in the Chilean AI Bill.
While a single national supervisory body with specific authority for AI has not yet been appointed in PRC, the development of AI-related regulations is undertaken collaboratively by various governmental authorities (including the Cyberspace Administration of China/CAC, the Ministry of Education, the Ministry of Science and Technology, the Ministry of Industry and Information Technology /MIIT, the Ministry of Public Security/MPS and the National Radio and Television Administration).
In addition, National Technical Committee 260 on Cybersecurity of SAC ("TC260") plays a pivotal role in organising and executing technical standardisation efforts related to domestic information security matters, and formulates technical standards across an array of domains, including network security technology, security mechanisms, security services, security management and security assessments.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Croatia
In accordance with the obligation set out in Article 77 of the EU AI Act, the Republic of Croatia has designated the following authorities for protecting fundamental rights:
- Ombudsman
- Ombudsman for Children
- Ombudsman for Gender Equality
- Ombudsman for Persons with Disabilities
- Croatian Personal Data Protection Agency
- State Electoral Commission, and
- Agency for Electronic Media, Head of the Legal and Human Resources Department.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Cyprus
The Cyprus Deputy Ministry of Research, Innovation and Digital Policy has notified the European Commission of the national public authorities that will supervise or enforce compliance with the obligations under EU law to protect fundamental rights, in accordance with Article 77 of the EU AI Act. The designated Cyprus authorities are:
- Commissioner for Personal Data Protection
- Commissioner for Administration and the Protection of Human Rights (Ombudsman)
- Attorney-General of the Republic.
From 2 August 2026 these authorities will be granted additional powers under the EU AI Act to facilitate the exercise of their existing responsibilities to protect fundamental rights in cases where the use of AI poses high risks to these rights.
In addition, in compliance with Article 70 of the EU AI Act, the Commissioner of Communications and the Commissioner for Personal Data Protection have been designated as the Market Surveillance Authorities for the implementation of the EU AI Act in Cyprus. The Commissioner of Communications is responsible for Section 3 of the EU AI Act, covering obligations of providers, deployers, and other actors involved with high-risk AI systems, while the Commissioner for Personal Data Protection oversees the remaining provisions. The Commissioner of Communications also serves as the Notifying Authority and Single Point of Contact for enforcement.
To support AI governance more broadly, the Government of Cyprus established a National AI Taskforce in January 2025. Chaired by the Chief Scientist for Research, Innovation and Digital Policy, the National AI Taskforce includes academic and industry experts who advise the President of the Republic of Cyprus on strategic AI policy. The National AI Taskforce holds no formal authority under the EU AI Act.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in the Czech Republic
Based on the approved Proposal for the implementation of the AI Act in the Czech Republic, the Czech Telecommunications Authority (Český telekomunikační úřad) has been designated as the main market surveillance authority, which will ensure compliance with the rules of the EU AI Act within the area of market regulation.
The Czech Office for Standards, Metrology and Testing (Úřad pro technickou normalizaci, metrologii a státní zkušebnictví) has been designated as the notifying authority. It will be responsible for appointing and notifying conformity assessment entities and monitoring their activities in accordance with the requirements of the EU AI Act.
The Czech Standardization Agency (Česká agentura pro standardizaci) is responsible for creating and managing the regulatory sandbox referred to above, which will support innovation and testing of AI technologies. For this, ČAS has already established cooperation with the Czech Association for AI and has signed a Memorandum of Cooperation with it.
Other authorities responsible for supervising key rules include the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), the Czech National Bank (Česká národní banka), and the Public Defender of Rights (veřejný ochránce práv).
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Denmark
Under Law No. 467 of 14 May 2025, which enters into force on 2 August 2025, Denmark has designated three national competent authorities in accordance with Article 70(1) of the EU AI Act. These authorities are responsible for enforcing the EU AI Act within their respective areas of expertise.
The Danish Agency for Digital Government has been appointed as the notifying authority under Articles 28(1) and 70(1) and also serves as Denmark’s single point of contact under Article 70(2). In addition, it acts as the market surveillance authority for most prohibited AI practices, including those that manipulate human behavior, exploit vulnerabilities, or involve social scoring, as outlined in Article 5(1)(a–c), (e), and (f).
The Danish Data Protection Agency oversees prohibited AI practices that raise data protection and privacy concerns. This includes biometric categorization and unlawful data processing, as specified in Article 5(1)(d) and (g), aligning with the agency’s existing role under the GDPR.
The Danish Court Administration is responsible for supervising the use of AI systems by the courts, but only in non-judicial contexts such as administrative or support functions. Judicial decision-making remains outside the scope of this supervision to safeguard judicial independence.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Estonia
Estonia has yet to designate a national competent authority. So far, as required by Article 77 of the EU AI Act, Estonia has designated the following national authorities to protect fundamental rights:
- The Data Protection Inspectorate;
- The Gender Equality and Equal Treatment Commissioner; and
- The Consumer Protection and Technical Regulatory Authority.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Finland
The Finnish authorities protecting fundamental rights under the AI Act:
- Data Protection Ombudsman
- Non-Discrimination Ombudsman
- Ombudsman for Equality
- National Discrimination and Equality Tribunal of Finland
- Chancellor of Justice
- Parliamentary Ombudsman
- Occupational safety and health authorities (Regional State Administrative Agencies)
- Consumer Ombudsman
The government proposal HE 46/2025 also introduces a suggestion of competent market surveillance authorities. which is rather extensive. According to the proposal:
The Finnish Transport and Communications Agency shall take over the role of the notifying authority. It will also monitor compliance with the transparency obligations under Article 50 of the AI Act.
As a market surveillance authority, the Data Protection Ombudsman monitors compliance with the prohibited AI-related practices under Article 5 of the AI Act.
The Financial Supervisory Authority is the authority which shall report to the European Central Bank.
For high-risk AI systems, the proposal suggests that the relevant market surveillance authority may be one of the following, depending on the context:
- Finnish Safety and Chemicals Agency (Tukes)
- Customs
- Finnish Transport and Communications Agency
- Occupational safety and health authorities (Regional State Administrative Agencies)
- Finnish Medicines Agency
- Energy Authority
- Data Protection Ombudsman
- National Supervisory Authority for Welfare and Health
- Financial Supervisory Authority
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in France
France has moved to draft a national law to designate enforcement and oversight powers for the EU AI Act. The French model is decentralised, with multiple market surveillance authorities split by sector and type of AI system addressed in the EU AI Act. For instance, prohibited AI systems relating to emotion recognition in the workplace and education institutions will be enforced by the French data protection supervisory authority (the CNIL) and high-risk AI systems related to medical devices by the ANSM, France’s National Agency for the Safety of Medicines and Health Products.
The framework is complex but looks to uphold the intent of the legislation, which is similar in nature to product-based regulation. To help companies navigate this complex framework, the DGE has published a diagram (see here). The DGCCRF (Direction générale de la concurrence, de la consommation et de la répression des fraudes) notably in charge of fair market practices, consumer protection, and product safety across France, will be responsible for coordinating the market surveillance authorities and will, in this capacity, serve as the single point of contact pursuant to EU AI Act Article 70.2. In parallel, the DGE (a French government agency under the Ministry of the Economy) will continue to support the strategy around the implementation of this text and represent France within the AI Office. Finally, an advanced pooling of expertise and technical tools in AI and cybersecurity is being implemented by the Digital Regulation Expertise Center (PEReN) and the National Cybersecurity Agency (ANSSI) to support authorities in their missions to monitor the compliance of AI systems.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Germany
Germany has so far neither officially designated a notifying authority nor a market surveillance authority in accordance with the EU AI Act. According to the draft implementation act dated September 2025, the German Federal Network Agency (Bundesnetzagentur) (BNetzA) will take a central role with regard to AI market surveillance activities, as well as take over the role of the notifying authority. Market surveillance authorities responsible for product safety matters will be responsible for such matters, even where AI is a component of the product in question. In accordance with Article 74(6) of the EU AI Act, the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht) will be responsible for AI market surveillance in the financial services sector. The German Accreditation Body (Deutsche Akkreditierungsstelle) will be responsible for assessment and monitoring conformity assessment bodies in accordance with Article 28(2) of the EU AI Act.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Greece
Greece has not yet appointed any competent authority pursuant to Article 70 of the EU AI Act.
However, in November 2024, the Ministry of Digital Governance published the list of the national authorities and bodies designated to supervise and enforce the respect for fundamental rights, including the right to non-discrimination, in relation to the high-risk AI systems according to Article 77 (2) of the EU AI Act. The list has been submitted to the European Commission and will be updated when required. The authorities are the following:
- The Hellenic Data Protection Authority (ΑΠΔΠΧ);
- The Greek Ombudsman (Συνήγορος του Πολίτη);
- The Hellenic Authority for Communication Security and Privacy (ΑΔΑΕ); and
- The National Commission for Human Rights (EEΔΑ).
The designated authorities will cooperate with the national competent authority/ies of Article 70 of the EU AI Act and will be granted with powers, such as, inter alia requesting access to documentation produced or maintained by AI system operators to demonstrate compliance with the EU AI Act. They will also be tasked with addressing any request to the market surveillance authority. In order to organize the testing of a high-risk AI system through technical means in cases where documentation provided by AI system operators is not sufficient for determining potential infringement of fundamental rights. These powers will take effect on 2 August 2026.
In June 2025, the Prime Minister announced the renaming of the Ministry of Digital Governance so as to include a reference to Artificial Intelligence, while the relevant Minister presented the establishment of a new Special Secretariat for AI and Data Governance within the Ministry.
Notwithstanding the DPO and PCPD publishing AI guidance, a single supervisory body with authority for regulating and enforcing AI has not yet been appointed in Hong Kong by way of statutory appointment. Instead, at least for now:
- the PCPD will supervise compliance with AI as it pertains to personal data privacy compliance; and
- otherwise, Hong Kong has adopted a sector driven approach to AI regulation, with specific industry regulators releasing guidance, and supervising compliance, on the use and deployment of AI within their field.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Hungary
According to the Hungarian Government Decision 1301/2024 (IX. 30.) on measures necessary for the implementation of the EU AI Act, a new authority will be established under the supervision of the Ministry of National Economy, which will be liable for the implementation of the EU AI Act in Hungary. The Hungarian Artificial Intelligence Council will also be established by legislative actions, consisting of the following bodies:
- National Media and Infocommunications Authority;
- Hungarian National Bank;
- Hungarian Competition Authority;
- Hungarian National Authority for Data Protection and Freedom of Information;
- Supervisory Authority for Regulatory Affairs; and
- Digital Hungary Agency Private Limited Liability Company.
Another development followed with Government Decision 1028/2025 (II. 24.), which appointed Dr. László Palkovics as the Government Commissioner for Artificial Intelligence in Hungary. His mandate includes among others:
- coordinating the implementation of Hungary’s national AI objectives across sectors such as education, healthcare, defense, agriculture, and public administration;
- overseeing the establishment and operation of the national supervisory authority required by the EU AI Act;
- leading the formation and work of the Hungarian Artificial Intelligence Council;
- supervising the Applied AI Research Group and the development of national HPC (High Performance Computing) capacities;
- representing Hungary in EU and international AI-related forums; and
- supporting the use of AI in public administration and among enterprises, including through funding coordination and regulatory proposals.
The Commissioner operates under the direction of the Prime Minister and is supported by an 8-person secretariat within the Ministry of Energy.
Government Decision No. 1149/2025 (V. 14.) further specifies some institutional responsibilities:
- the Minister of National Economy is tasked with operating the market surveillance authority and the single point of contact under Article 70 of the AI Act;
- the National Accreditation Authority is designated as the notifying authority under Article 28; and
- the Ministry, in cooperation with the Government Commissioner, is responsible for preparing the necessary detailed legislation and assessing the budgetary implications of these tasks.
These government decisions represent only the initial steps in Hungary’s implementation of the EU AI Act. The actual legislative instruments that will establish the detailed regulatory framework and operational rules are still pending.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Ireland
Ireland has taken a federated approach to supervision and enforcement of the EU AI Act, by formally designating the following eight competent authorities:
- Central Bank of Ireland
- Commission for Communications Regulation
- Commission for Railway Regulation
- Competition and Consumer Protection Commission
- Data Protection Commission
- Health and Safety Authority
- Health Products Regulatory Authority
- Marine Survey Office
Pursuant to Article 77, Ireland has also designated nine national public authorities to supervise and enforce in respect of fundamental rights. These are:
- The Data Protection Commission
- Coimisiún na Meán (Media Commission)
- Irish Human Rights and Equality Commission
- An Coimisiún Toghcháin (Electoral Commission)
- Ombudsman for Children
- Ombudsman for the Defence Forces
- Financial Services & Pensions Ombudsman
- Environmental Protection Agency
- Ombudsman
The Regulation of Artificial Intelligence Bill is at the preparatory stage of the legislative process, with a target for publication of Q1 2026.
The Bill is intended to give effect to the EU AI Act in Ireland, enable the designated national competent authorities to implement and enforce, and to levy penalties for breach.
The Bill will also provide for a lead authority to coordinate the other authorities. This body is expected to be a newly established Oifig Náisiúnta na hIntleachta Saorga, (National Artificial Intelligence Office).
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Italy
Article 20 of Law No. 132/2025 designates the Agency for Digital Italy (AgID) and the National Cybersecurity Agency (ACN) as the national authorities for artificial intelligence, without prejudice to the supervisory roles of the Bank of Italy, CONSOB, and IVASS in the banking, financial, and insurance markets, in accordance with Article 74(6) of the EU AI Act. Within this framework, AgID is entrusted with notification functions but also with responsibilities relating to the promotion of AI development, as well as the evaluation, accreditation, and monitoring of conformity assessment bodies. ACN, on the other hand, is responsible for the supervision of AI systems, exercising inspection and sanctioning powers, and acting both as the market surveillance authority and as the single point of contact with EU institutions. Sectoral regulators, the Italian Data Protection Authority, and AGCOM retain their respective competences, including the supervision of AI-related processing of personal data and the interaction between the DSA and the AI Act for AI-powered online platforms and services.
A supervisory body with authority for AI has not yet been appointed in Japan yet by way of statutory appointment.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Latvia
According to the Information Report, it is planned that there will be multiple national competent authorities ensuring the market surveillance based on the market area to be surveyed. For example, the compliance and safety of goods, the competent authority is the Consumers Rights Protection Centre, and the competent authority for the surveillance of medical devices is the Health Inspectorate. Regarding the data protection matters and forbidden AI practices, the competent authority will be the Data State Inspectorate, etc.
Whilst the majority of supervisory functions will be carried out by these authorities, other competent authorities will supervise more specific market areas, for example, railway systems, where the competent authority is the National Railway Technical Inspectorate, or marine equipment, where the competent authority will be the Maritime Administration of Latvia.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Lithuania
The Lithuanian 'Innovations Agency' (Innovations Agency) was appointed as the notifying authority for Lithuania in accordance with the amendments to the Law on Technologies and Innovations, which will enter into force on 2 August 2025. The Innovations Agency will also act as supervisor of a sandbox regulatory environment.
The 'Communications Regulatory Authority' was appointed as supervising authority and central contact point authority for Lithuania in accordance with the amendments to the Law on Information Society Service, which entered into force on 1 April 2025.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Luxembourg
The Luxembourg Bill designates the notifying authorities responsible for evaluating and accrediting conformity assessment bodies to ensure they meet the necessary standards for certifying AI systems:
- Luxembourg Office of Accreditation and Surveillance (OLAS, Institut luxembourgeois de la normalisation, de l’accréditation, de la sécurité et qualité des produits et services);
- Luxembourg Agency for Medicines and Health Products (ALMPS, Agence luxembourgeoise des médicaments et produits de santé); and
- Luxembourg State Data Protection Commissioner’s Office (CGP, Commissariat du gouvernement à la protection des données auprès de l’État).
The National Commission for Data Protection (CNPD, Commission nationale pour la protection des données) is the notifying authority for implementing the AI Act when a high-risk AI system is intended to be deployed by law enforcement, immigration, or asylum authorities.
The market surveillance authorities will ensure that AI systems comply with the requirements of the EU AI Act within their respective areas of expertise. This includes as the default market surveillance authority and the primary point of contact in Luxembourg, the National Commission for Data Protection (CNPD, Commission nationale pour la protection des données).
Several market surveillance authorities are designated as exceptions to the CNPD’s jurisdiction:
- Judicial Supervisory Authority (JSA, Autorité de contrôle judiciaire);
- Financial Sector Supervisory Commission (CSSF, Commission de surveillance du secteur financier);
- Supervisory Authority for the Insurance Sector (CCAA, Commissariat aux assurances),
- Luxembourg Institute for Standardization, Accreditation, Safety, and Quality (ILNAS, Institut luxembourgeois de la normalisation, de l’accréditation, de la sécurité et qualité des produits et services);
- Luxembourg Institute of Regulation (ILR, Institut luxembourgeois de régulation);
- Luxembourg Agency for Medicines and Health Products (ALMPS, Agence luxembourgeoise des médicaments et produits de santé); and
- Luxembourg Independent Audiovisual Authority (ALIA, Autorité luxembourgeoise indépendante de l’audiovisuel).
Finally, the Luxembourg Bill mandates the CNPD to establish an AI regulatory sandbox, which will offer businesses and developers a controlled environment to test AI systems. The other authorities have the possibility to do the same and must collaborate with other relevant authorities when they set up a regulatory AI sandbox.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Malta
In accordance with the above-cited Article 70 of the EU AI Act, in Malta the MDIA and the Office of the Information Data Protection Commissioner have been recognised as market surveillance authorities, while the MDIA and the National Accreditation Board have been recognised as notifying authorities. It is understood that the completion of the process of designation will take place by the deadline of August 2, 2025.
In Malta, the authorities or bodies recognised for the task of supervising or enforcing the respect of obligations under EU law protecting fundamental rights in accordance with Article 77 of the EU AI Act are the following:
- Office of the Information and Data Protection Commissioner
- Malta Competition and Consumer Affairs Authority
- National Commission for the Promotion of Equality
- Commission for the Rights of Persons with Disability
- The Office of the Ombudsman
- Department for Industrial and Employment Relations
- JobsPlus Malta
- Malta Broadcasting Authority
- Director for the Protection of Minors
- Electoral Commission Malta
A supervisory body with the authority for AI has not yet been appointed in Mauritius by way of statutory appointment.
However, the Blueprint provides for the establishment of an AI Unit under the aegis of the Ministry of Information Technology, Communication and Innovation, which will act as a cross-cutting enabler, integrating AI across all national digital projects and ensuring AI technologies are responsibly and effectively harnessed to improve public services, economic productivity and social well-being.
A supervisory body with authority for AI has not yet been appointed in Mexico yet by way of statutory appointment.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in the Netherlands
In the Netherlands, the competent authorities for supervising and enforcing the EU AI Act have not yet been formally appointed. The government is in the process of developing a proposal. The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and the Authority for Digital Infrastructure (Rijksinspectie Digitale Infrastructuur) have advised the government to appoint multiple supervisors, adopting a sectoral and centrally coordinated approach to AI supervision.
Not applicable.
No supervisory body has been officially appointed.
The Norwegian Communications Authority (Nkom) has been appointed as the supervisory authority for Norway according to the proposal for the Artificial Intelligence Act.
Pursuant to Article 4 of the AI Law, the National Authority, as the governing body of the National System of Digital Transformation, is the technical and regulatory authority at the national level responsible for directing, evaluating and supervising the use and promotion of the development of artificial intelligence and emerging technologies, in order to achieve the country's objectives in terms of digital transformation and sustainable development objectives in accordance with current regulations.
Article 4 of the AI Law states that the National Authority, within the framework of the digital transformation, is appointed to develop and articulate actions to promote and encourage:
- The development of artificial intelligence and its adoption as a tool to boost the country's development and welfare.
- The training of professionals with competence in the exploitation, development and use of AI in the country.
- The creation and strengthening of digital infrastructure as an enabler for the development of AI.
- The development of a data infrastructure in order to make high quality, reusable and accessible public data available.
- The adoption of ethical guidelines for a sustainable, transparent and replicable use of AI.
- A collaborative AI ecosystem at national and international level.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Poland
Pursuant to the Draft Act, a new body, the Artificial Intelligence Development and Safety Commission (Komisja Rozwoju i Bezpieczeństwa Sztucznej Inteligencji), will be set up to oversee AI systems market. The President of the Commission will be appointed by the Prime Minister for a term of five years from among candidates selected through an open and competitive selection process.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Portugal
Portugal has not appointed national competent authorities under the EU AI Act yet.
Portugal has identified the following entities protecting fundamental rights in relation to Article 77 of the EU AI Act:
- National Communications Authority - Autoridade Nacional de Comunicações /ANACOM - serving as the liaison with the other designated entities below
- General Inspectorate of Finance - Inspeção-Geral das Finanças/IGF
- National Security Office - Gabinete Nacional de Segurança/GNS
- Media Regulatory Authority - Entidade Reguladora para a Comunicação Social/ERC
- General Inspection of National Defence - Inspeção-Geral da Defesa Nacional/IGDN
- General Inspection of Justice Services - Inspeção-Geral dos Serviços de Justiça/IGSJ
- Judicial Police - Polícia Judiciária/PJ
- Inspectorate-General for Internal Administration - Inspeção-Geral da Administração Interna/IGAI
- Inspectorita-General for Education and Science - Inspeção-Geral da Educação e Ciência/IGEC
- Health Regulatory Authority - Entidade Reguladora da Saúde/ERS
- Food and Economic Safety Authority - Autoridade de Segurança Alimentar e Económica/ASAE
- General Inspectorate of the Ministry of Labour, Solidarity and Social Security - Inspeção-Geral do Ministério do Trabalho, Solidariedade e Segurança Social/IGMTSSS
- Authority for Labour Conditions - Autoridade para as Condições do Trabalho/ACT
- Energy Services Regulatory Authority - Entidade Reguladora dos Serviços Energéticos/ERSE
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
A single supervisory body with authority for AI has not yet been appointed in Singapore yet by way of statutory appointment. Instead, at least for now, Singapore adopts a sector driven approach to AI regulation which specific industry regulators releasing guidance on the use and deployment of AI within their field.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
There is currently no primary and/or general supervisory authority under the AI Act in Korea. It is expected that regulatory agencies will handle issues according to their respective domains. For example, PIPC will handle personal information-related issues, KCC communication regulation issues, and the Korea Fair Trade Commission (KFTC) fair trade issues.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
Supervisory authority in Spain
The Spanish Agency for the Supervision of Artificial Intelligence (AESIA) was formally established by the Supervisory Agency Royal Decree, which came into effect on 3 September 2023.
According to the Supervisory Agency Royal Decree, AESIA was scheduled to commence its operations on 3 December 2023. However, according to publicly available information, its operations effectively began in February 2025.
AESIA operates under the Ministry of Economic Affairs and Digital Transformation, specifically through the State Secretariat for Digitalization and Artificial Intelligence. Headquartered in A Coruña, AESIA's responsibilities include overseeing, advising and providing training to both public and private entities to ensure the effective implementation of national and European AI regulations. Additionally, AESIA is tasked with conducting inspections, verifications, and imposing sanctions in accordance with European law.
European Level
The European Commission established the European AI Office (AI Office) on 24 January 2024. The AI Office is a European Commission function and forms part of the Directorate-General for Communications Networks, Content and Technology; it must therefore operate in accordance with the Commission's internal processes. The AI Office is responsible for assisting the European Commission with the oversight, monitoring and enforcement of requirements for GPAI models and systems. It is primarily made up of hired full-time staff from a range of backgrounds such as technology specialists, economists, policy specialists and lawyers.
In addition, the European Artificial Intelligence Board (AI Board) has also been established. The AI Board's core responsibility is to advise and assist the Commission and Member States to facilitate the consistent and effective application of the EU AI Act. The AI Board will include a representative from each Member State and the AI Office and the European Data Protection Supervisor shall participate as non-voting observers.
Member State Level
Article 70 of the EU AI Act concerns the designation of national competent authorities by EU Member States. It specifies that each Member State shall establish or designate as national competent authorities at least one notifying authority and at least one market surveillance authority for the purposes of the general supervision and enforcement of the EU AI Act. Where multiple market surveillance authorities are appointed, one of the market surveillance authorities must act as the single point of contact. The authorities must operate independently and without bias. Member States were required to notify the Commission of their appointed authorities and publicly available information on how to contact them by 2 August 2025. The designation of national authorities has been slower than expected, which may affect early enforcement consistency.
At present, the Electronic Transactions Development Agency (ETDA) has been assigned to review draft laws related to AI in Thailand.
The AI Governance Center (AIGC), under the Electronic Transactions Development Agency (ETDA), has also been established to perform key missions related to AI. These include developing a governance framework for AI in electronic transactions, providing consultation on AI policy and governance and sharing knowledge on AI applications.
A supervisory body with authority for AI has not yet been appointed in Turkey by way of statutory appointment.
There is no unified federal law or emirate level law in the UAE that has a primary focus on regulating AI (and therefore there is no appointed supervisory body with authority for regulating AI).
However, a dedicated government ministry – the Artificial Intelligence, Digital Economy and Remote Work Applications Office (Ministry of AI) – has been established to drive the UAE’s AI initiatives. The Ministry of AI plays a crucial role in shaping policies and strategies relating to AI at a federal level. There are also authorities established in each emirate that are responsible for developing strategies and policies for AI in their respective emirate. For example, the Artificial Intelligence and Advanced Technology Council (AIATC) has been established in Abu Dhabi for “everything related to projects, investments and research related to artificial intelligence and advanced technology”.
The Commissioner of Data Protection is the supervisory authority responsible for regulating data protection in the DIFC, including the provisions in the DIFC’s Data Protection Regulations relating to the processing of personal data in connection with AI systems.
A supervisory body with authority for AI has not yet been appointed in the UK by way of statutory appointment. However, Lord Holmes' proposed AI (Regulation) Bill seeks to create a central statutory AI Authority, which would coordinate oversight across sectors and set governance standards.
The U.S. has no centralized federal regulator specifically dedicated to AI. Instead, federal oversight of AI remains distributed across multiple agencies and advisory bodies. For example, the Trump Administration’s December 2025 EO pushed a national policy framework and strategies to challenge state AI laws but did not suggest the need for a new regulator to oversee such efforts; it relies instead on existing agencies and officials.
Similarly, most states do not charge a single agency with oversight or responsibility for AI-related matters. A growing number of states have adopted AI-specific statutes that embed regulatory or enforcement authority in existing agencies or frameworks, such as consumer protection, and that sometimes designate specialized oversight bodies in particular market sectors.
For example, Colorado’s AG is tasked with regulatory and enforcement responsibilities under the Colorado AI Act, while Utah has designated oversight through its Department of Commerce and an emerging Office of AI Policy. New York’s RAISE Act will create a new agency, within a larger, existing one, to implement that law. At the local level, New York City’s Local Law 144 assigns enforcement to NYC’s Department of Consumer and Worker Protection (DCWP).
In other states, AGs are actively leveraging existing consumer protection, privacy, and anti-discrimination laws to investigate and enforce against AI-related harms. In addition to engaging AGs, several states have empowered consumer protection agencies or other regulatory bodies to oversee AI-related compliance, resulting in a decentralized enforcement landscape where responsibilities vary by jurisdiction.