RegImpact
eu ai acteffective· Published 8/22/2024

The AI Act: Responsibilities of the EU Member States

If you are unsure who is implementing and enforcing the EU AI Act and what the specific time frames are, you might find this post—and our post on the responsibilities of the European Commission (AI Office)—very helpful. The tables below provide you with a comprehensive list of all obligations and tasks that the AI Act places […]

What this rule actually says

The EU AI Act is a new law that sets up who enforces AI rules across Europe. This explainer covers what EU member states (the countries themselves) are responsible for—basically, which government bodies check compliance and when they need to do it. The key takeaway: there are real enforcement deadlines and specific agencies in each EU country that will be policing AI products.

Who it applies to

  • If you sell AI products to users in any EU country, you're in scope. This includes founders based anywhere in the world.
  • Geographic trigger: The rule applies if your AI product reaches EU residents, regardless of where you're incorporated.
  • Which AI use cases matter: All of them. The broader EU AI Act covers hiring assistants, medical scribes, support chatbots, and most other AI products. High-risk systems (like hiring tools and medical tools) face stricter rules.
  • Data scope: Personal data handling is in scope. If your chatbot or scribe collects, processes, or stores user information, EU data protection rules apply alongside the AI Act.
  • If you only serve non-EU customers: You're not directly affected by this rule (though other jurisdictions may pass similar laws).

What founders need to do

  1. Identify which EU member state(s) oversee your use case (2-3 days). Find out which country's AI office handles enforcement for your product type. Each EU country has designated authorities listed on the AI Office website.
  1. Map your product to AI Act risk categories (2-3 days). Is it high-risk (hiring, medical)? Medium-risk? Low-risk? Higher-risk systems have stricter compliance timelines and documentation needs.
  1. Note the enforcement timeline for your category (1 day). Different rules go live at different times—some were already in effect in 2023-2024, others through 2025. The member state you identified in step 1 will publish their specific deadlines.
  1. Prepare basic documentation (ongoing, 1-2 weeks initial). Start gathering: what data your AI touches, how it makes decisions, any testing you've done. You'll likely need this for regulators.
  1. Join an EU AI compliance tracker or subscribe to updates (1 hour). Set a calendar reminder to check the relevant member state's AI office website quarterly for new enforcement guidance.

Bottom line

If you have any EU users, monitor the specific member state regulator's timeline for your product type—act now if you're high-risk (hiring, medical), monitor closely if not.