Status of the AI Regulations

The EU AI Act is addressed separately here: AI watch: Global regulatory tracker - European Union, and our EU AI Act Handbook is available here.

Chapters I and II of the EU AI Act, which lay down scope and definitions (Chapter I) and prohibit certain AI practices (Chapter II), have been in effect since February 2, 2025 (Art.113). Therefore, these provisions are directly applicable in Germany.³ The EU AI Act will be fully effective as of August, 2 2026.

At present, there are no specific laws or regulations in Germany that directly regulate AI, except for those noted above.

To date, Germany has not enacted either any legislation to implement the EU AI Act. Some of the key implementation requirements include: the establishment of a system of market surveillance authorities by August 2, 2025 (Art.70(1), (2)), the establishment of AI sandboxes (Art.57 (1)) and the development of a framework of enforcement (Art.99).

As stated above, in December 2024, the Federal Ministry for Economic Affairs and Climate Action and the Federal Ministry of Justice jointly published an initial draft bill for the KIMÜG.⁴ However, due to the change in government the draft bill has not advanced, and it remains unclear whether the new administration will continue to work on it.

The new German government has committed to significantly strengthening and investing in AI as a "key infrastructure."⁵ One of its main tasks will be the implementation of the EU AI Act. According to the newly established Federal Ministry for Digitalization and State Modernization, the implementation of the EU AI Act will be "innovation-friendly" – aiming to avoid excessive bureaucracy and ensure coordinated market supervision.⁶

Additionally, the coalition has announced plans to assess whether the European liability framework for AI should be revised.⁷ The new government has also expressed an intention to expand the role of AI across various sectors, including the labor market, public administration, education, defense and even culture.

Other laws affecting AI

There are various laws that do not directly seek to regulate AI but may affect the development or use of AI in Germany. A non-exhaustive list of key examples includes:

• The German Civil Code (BGB)
• The Product Liability Act (ProdHaftG)
• The Copyright Act (UrhG), in particular Sections 44b and 60d concerning text and data mining
• Intellectual property laws that may affect several aspects of AI development and use

Definition of “AI”

Chapter I of the EU AI Act, which sets out key definitions, has been effective since February 2025. Therefore, the definition of an "AI system" in Art.3(1) is directly applicable in Germany and expected to be applied widely.

For example, the previous German Federal Data Protection Commissioner had adopted this definition for use in guidelines on data protection and AI for federal security authorities, both of which are not covered by the EU AI Act.⁸

Territorial scope

Art.2 of the EU AI Act, which outlines the territorial scope of the Act, has been effective since February 2025, and is therefore applicable in Germany.

There are no further specific laws or regulations in Germany that directly regulate AI, other than minor references to AI in German labor law that concern works councils in certain companies that maintain operations in Germany. Beyond that, there is no specific territorial scope at this stage.

Sectoral scope

The EU AI Act is not limited to specific sectors. Thus, the provisions of the Act already in effect in Germany apply to all sectors.

Other than those discussed above, there are currently no specific laws or regulations in Germany that directly regulate AI. Therefore, there is no further sectoral scope at this stage.

Compliance roles

For the provisions of the EU AI Act already in effect, the compliance roles of the Act set out in Art.2(1) and Art.3 (3-8) apply. These provisions apply to the entirety of the AI value chain, ranging from providers and product manufacturers of AI systems to affected persons by AI systems.

Core issues that the AI Regulations seek to address

As discussed, the provisions of Chapter I and II of the EU AI Act are applicable in Germany. The EU AI Act intends to balance the promotion of AI systems while safeguarding health, safety, fundamental rights, democracy, and the rule of law (see Art.1(1)). National implementation measures will have to adhere to those principles.

There are currently no additional specific laws or regulations in Germany that directly regulate AI, other than the minor references to AI in German labor law concerning works councils.

Germany's Independent Federal Anti-Discrimination Commissioner has in the past highlighted discrimination risks posed by AI systems as a core issue, and called for improved statutory protections.⁹ The German Conference of Independent Data Protection Authorities has urged the new German government to ensure consistent and robust data protection in the development of AI.¹⁰

Discrimination and data protection issues are also addressed by the 2018 National AI Strategy and its 2020 Update.¹¹ There have been political discussions about enacting a German national law on employee data protection (in addition to the EU GDPR), which would contain dedicated provisions on AI. However, it remains unclear whether such a law will be passed.

Both the 2018 National AI Strategy and its 2020 Update emphasize that the development and use of AI must be based on human rights and fundamental rights. They identify IT and cyber security, product safety, transparency and the availability and quality of data as further key issues. The 2023 AI Action Plan stresses that a balance must be struck between regulating AI risks and over-regulation, which could inhibit innovation and result in unexploited potential.¹²

Risk categorization

The EU AI Act introduces its own system of risk categorization. Art.5 of the EU AI Act, which has been effective since February 2, 2025, prohibits certain AI practices altogether. For example, AI systems that are used to manipulate the behavior of natural persons or evaluate and classify personal behavior.

There are currently no additional laws or regulations in Germany that directly regulate AI, other than the minor references to AI in German labor law concerning works councils. These provisions do not set out an AI-related risk categorization.

Key compliance requirements

As noted above certain AI practices are prohibited under Art.5 of the EU AI Act, which is directly applicable in Germany since February 2025. Compliance obligations, and the penalties for non-compliance are not in effect yet.

There are currently no additional specific laws or regulations in Germany that directly regulate AI, other than the minor references to AI in German labor law concerning works councils.

Regulators

The formation of the new German federal government has also brought changes to the actors involved in AI regulation at the federal level. As the government is still in the early stages of its work, final responsibilities are yet to be determined. Relevant actors include:

• The newly established Federal Ministry for Digitalization and State Modernization will play a key role in the regulatory process. It will be responsible for promoting AI use in administration and the economy, and working with the Ministry of Justice and Consumer Protection to implement EU AI Act.
• The Federal Ministry of Education, Research and Space Travel (responsible for developing the 2023 AI Action Plan) will participate in the development of AI regulation moving forward.
• As the newly formed coalition has announced plans to strengthen AI across various sectors, it is expected that several other ministries will be involved in the relevant regulatory processes.

As noted above, there are currently ongoing discussions as to which authority will be designated the competent market surveillance authority under the EU AI Act. According to Art.70 (1) Member States have to designate at least one market surveillance and one notifying authority by August 2, 2025.

The KIMÜG of the former German government proposed that the authorities who are responsible for market surveillance and notification in fully harmonized areas of product regulation, should also assume these roles under the AI Act. In areas without existing structures, the Federal Network Agency would serve as both the market surveillance and notifying authority.¹³

The new German government has pledged to avoiding a "splintering of market surveillance".¹⁴ Although the proposed system of market surveillance designates the Federal Network Agency as the central authority, the proposed regulation would lead to a variety of existing market surveillance agencies having responsibility.¹⁵

Regulators at the level of the German states have also been dealing with AI and every German state has published at least one AI-related document.¹⁶

Enforcement powers and penalties

As noted above, there are currently no specific laws or regulations in Germany that directly regulate AI, other than the minor references to AI in German labor law concerning works councils. As such, enforcement and penalties relating to the creation, dissemination and/or use of AI are governed by: (i) the EU AI Act; and (ii) related violations in non-AI specific regulation. The detail of the EU AI Act is not discussed here.

_{1 See the draft bill available here.
2 An English translation of the Works Constitution Act is available here.
3 See also an announcement of the German government available here.
4 See the draft bill available here.
5 See page 70 of the Coalition Agreement available here.
6 See the website of the newly founded Federal Ministry of Digitalization and State Modernization available here.
7 See page 70 of the Coalition Agreement available here.
8 See page 5 of the Guidelines available here.
9 See Germany's Independent Federal Anti-Discrimination Commissioner’s comments available here.
10 See Press Release available here.
11 The 2018 National AI Strategy is available here; the 2020 Update is available here; and the 2023 AI Action Plan is available here.
12 The 2018 National AI Strategy is available here; the 2020 Update is available here; and the 2023 AI Action Plan is available here.
13 See §§ 2 and 7 of the draft bill available here.
14 See page 70 of the Coalition Agreement available here.
15 An article by Tagesspiegel Background on this issue is available here.
16 See an article on the Digital Society Blog of the Alexander von Humboldt Institute for Internet and Society (HIIG), available here.}

_{White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.}

_{This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.}

_{© 2025 White & Case LLP}

Annkathrin Lindert (Legal Intern, White & Case, Berlin) contributed to this publication.