German businesses must comply with the EU AI Act directly — it is an EU regulation, not a directive. The BfDI (data protection authority) is expected to play a key role in enforcement alongside a new national AI authority.
EU AI Act in Germany: What German Businesses Must Do
Key Compliance Requirements
As an EU regulation, the AI Act applies directly in all member states without national transposition. EU AI Act in Germany companies must comply with the same requirements as businesses throughout the EU.
The primary obligations are: Article 4 AI literacy (in force since February 2025), Article 5 prohibited practices (in force since February 2025), and high-risk AI system requirements (from 2 August 2026).
Practical Steps for Compliance
Step 1: Conduct an AI inventory — document all AI tools used in your organisation, their purposes, and the data they process.
Step 2: Classify each AI system against Annex III high-risk categories. Most business tools (email assistants, translation, content generation) are not high-risk.
Step 3: Implement AI literacy measures for all staff using AI tools. Document your training and policies.
Step 4: For any high-risk AI systems, begin preparing conformity documentation per Articles 9-15.
National Enforcement and Resources
Each EU member state must designate national competent authorities for AI Act enforcement by 2 August 2025. Check with your national data protection authority or digital affairs ministry for the latest guidance.
Free compliance resources are available from the EU AI Office and national authorities. MmowW provides free AI compliance assessments at mmoww.net/ai/readiness-check/.
Check your AI compliance readiness — free.
Take the Readiness Check 3 minutes · 10 questions · no signup requiredThis article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.