The AI Act needs more than just a law – it needs effective enforcement
With the adoption of the implementing legislation for the European AI Act, Germany has taken an important step forward. After months of uncertainty, companies that develop or use artificial intelligence are finally gaining greater clarity on which authorities will be responsible for oversight, implementation and support in future.
The decision to establish the Federal Network Agency as the central coordinating body is, in principle, understandable. The agency already has extensive experience in regulating digital infrastructure and is increasingly taking on tasks at the interface between technology, market supervision and digitalisation. Given the complex structure of responsibilities in Germany, this approach appears pragmatic.
But the real test is only just beginning.
The European AI Act pursues an ambitious goal: uniform rules for the use of artificial intelligence within the European single market. Companies should be able to rely on comparable requirements, assessment criteria and supervisory mechanisms applying regardless of their location. It is precisely this harmonisation that is regarded as one of the key prerequisites for ensuring that Europe does not lose competitiveness in the global AI race due to regulatory fragmentation.
However, the reality of German administration could stand in the way of this ambition.
Bitkom’s concern about a federal patchwork quilt is by no means unfounded. Particularly with regard to AI applications in the public sector of the federal states, there is a risk of differing interpretations, divergent assessment criteria and varying enforcement practices. The consequence would be more than just additional bureaucratic burdens. Companies might have to adapt to differing requirements in individual federal states – a situation that would fundamentally contradict the European aim of harmonisation.
The challenge here is not purely legal in nature. Artificial intelligence is developing at a pace that often overwhelms traditional regulatory processes. Differing interpretations of regulatory requirements would further slow down innovation cycles. Small and medium-sized enterprises in particular could find themselves in a situation where legal uncertainty and compliance costs become significant barriers to market entry.
There is a further problem: artificial intelligence does not stop at administrative borders. AI applications are increasingly being developed, trained and deployed in the cloud. Data streams, platforms and business models operate across borders and are highly interconnected. Against this backdrop, fragmented national oversight appears only marginally appropriate.
This is precisely why the Federal Network Agency has a key role to play. Its remit must not be limited to a coordinating, facilitating role. If Germany genuinely wishes to achieve consistent implementation of the AI Act, the authority requires sufficient powers to establish binding guidelines and ensure uniform application of the regulations.
At the same time, the discussion should not be reduced solely to questions of jurisdiction. Ultimately, the success of the AI Act will not be measured by how many supervisory structures are created, but by whether it enables innovation and security in equal measure. Rules that are applied too restrictively or inconsistently could stifle precisely those developments that Europe urgently needs in the face of international competition.
Germany thus exemplifies a fundamental dilemma of modern technology policy: on the one hand, artificial intelligence requires clear rules, transparency and trust. On the other hand, regulation and enforcement must not themselves become a barrier to innovation.
The Bundestag resolution creates the institutional foundation. Whether this actually results in a functioning and innovation-friendly regulatory framework will, however, depend largely on whether the federal and state governments are prepared to consistently implement the idea of joint AI governance. Otherwise, particularly in the case of a technology that thrives on connectivity and scalability, there is a risk of regulation resulting in 16 different interpretations – and thus achieving the opposite of what the European AI Act actually aims to do.
