Fre­quent­ly Asked Ques­tions

The Act applies to all public and commercial actors, both inside and outside the EU, if the AI system is sold in the EU or its use has an impact on people in the EU.

The obligations apply to both providers and deployers of AI systems. However, there are exceptions: research and development work and testing of prototypes prior to market launch are not covered by these regulations. AI systems developed exclusively for military, defense, or national security purposes are also exempt, regardless of who uses them.

Currently, general-purpose artificial intelligence (GPAI) models are known as large language models (LLMs), which typically consist of artificial neural networks, such as GPT-4 from OpenAI, Gemini from Google, or LLaMA 2 from Meta Platforms. These models, which also include large generative AI models, are often used as the basis for AI systems and integrated into AI systems due to their wide range of applications.

The AI Act defines eight AI practices that are prohibited as of 2 February 2025 due to their potential risks to European values and fundamental rights. Exceptions exist only in a narrow range of areas, in particular for law enforcement, where the use of real-time biometric identification is permitted under certain conditions.

Providers and deployers of certain AI systems must meet specific transparency requirements. Some of these requirements must already be taken into account during development. Most of these requirements aim to disclose the use of an AI system and make its interaction with humans transparent. Since generative AI models make it possible to generate content such as text, images and audio, it is important to indicate that this content was generated by AI and not by a human being.

Article 111 of the AI Act sets out some transitional rules specifically for AI systems that have already been placed on the market or put into service and general-purpose AI models that have already been placed on the market.

From the end of 2030, certain obligations will apply to AI systems that are part of IT systems created by EU law in the areas of freedom, security and justice – such as the Schengen Information System – provided that they were already offered or used before 2 August 2027.

Deployers of high-risk AI systems that were offered or used before 2 August 2026 only have to comply with the requirements of the AI Act if these AI systems have undergone significant design changes.

Deployers of general-purpose AI models (GPAI) that were introduced to the market before 2 August 2025 must comply with the requirements of the AI Act from 2 August 2027 onwards.

Establishment of the single point of contact: The single point of contact pursuant to Article 70 of the AI Act serves as an interface between the European Commission's AI Office and the competent authorities in EU countries, in particular the notifying authorities and market surveillance authorities. Further information can be found here.

Preparation for notification tasks: Bundesnetzagentur is preparing itself in terms of content and organisation for the activities and tasks involved in the notification of high-risk AI systems in accordance with Annex I No. 6 and Annex III No. 1 of the AI Act. Further information can be found here.

Expansion of existing market surveillance activities: Bundesnetzagentur is the competent market surveillance authority within the meaning of Directive 2014/53/EU on the making available on the market of radio equipment. It will therefore also perform the related activities and tasks under the AI Act for radio equipment in future. In addition, market surveillance is being prepared for the areas covered by Annex III of the AI Act. Further information can be found here.

Establishment of a Coordination and Competence Centre: In Germany, a central Coordination and Competence Centre is to be set up at the Bundesnetzagentur to support national market surveillance and notifying authorities in the complex application of the AI Act. Further information can be found here.

Pilot project to simulate an AI regulatory sandbox: In May 2025, Bundesnetzagentur launched a pilot project to simulate an AI regulatory sandbox in collaboration with the Hessian Ministry of Digital Affairs and Innovation and the Federal Commissioner for Data Protection and Freedom of Information. Further information can be found here.

The AI Act includes various guidelines and code of practices that contribute to compliance with the regulations. Some of these guidelines must be completed by specific deadlines, while others can be published at unspecified times.