With the draft law implementing the European AI Act, the German government is setting out for the first time how the regulatory requirements are to be implemented at national level. The focus is on clear responsibilities, new supervisory structures, and measures to promote innovation. Germany is thus setting a decisive course for the practical application of AI regulation.
In a nutshell
- The draft Act implementing the Regulation on Artificial Intelligence (KI-MIG) is intended to transpose EU Regulation (EU) 2024/1689 – better known as the AI Act – into national law.
- The Act Implementing the Regulation on Artificial Intelligence is currently available as a draft from the Federal Government (Bundestag printed paper 21/4594) and must now be debated in the Bundestag.
- The deadline for the new law already expired on 2 August 2025. It is not yet clear when it will come into force.
What is behind the draft KI-MIG Act?
The present draft of the Act Implementing the Regulation on Artificial Intelligence serves to implement the AI Act, which has been in force since August 2024 and will become directly applicable in large parts from 2 August 2026 (although there are also reform plans in this regard).
The aim of the KI-MIG is to supplement the European requirements that are already directly applicable with national regulations – particularly where organisational and procedural arrangements are required.
At the heart of the European regulation is a risk-based approach to AI systems, which provides, among other things, for bans on certain applications, requirements for high-risk AI, and transparency obligations. The German implementing act establishes the institutional and procedural foundations for this.
Key changes in the KI-MIG at a glance
Federal Network Agency as central AI supervisory authority
The Federal Network Agency (Bundesnetzagentur – BNetzA) is designated as the central market surveillance authority for AI systems – with far-reaching powers to enforce the AI Regulation:
- Responsible for compliance with the AI Act (unless specific statutory responsibilities apply).
- Establishment of a central point of contact for businesses and citizens.
- Forwarding and coordination of complaints.
In addition, a coordination and competence centre will be established to structure cooperation between authorities and act as an interface with the EU.
New supervisory structure for high-risk AI
A key element is the establishment of an independent AI market surveillance chamber within the Federal Network Agency.
This body is intended in particular to monitor high-risk AI systems, for example in sensitive areas such as:
- Law enforcement,
- Border management,
- Justice and democratic processes.
At the same time, sector-specific responsibilities will remain in place, such as:
- Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) for AI in the financial sector;
- Regional authorities for certain public applications.
The result is a hybrid supervisory system combining central control with sector-specific expertise.
Central complaints office for citizens
For the first time, a central complaints office for AI violations is being established:
- Citizens can report potential breaches centrally;
- Complaints are forwarded to the relevant authorities;
- Transparency regarding responsibilities is increased.
This strengthens the enforceability of AI regulation from the perspective of those affected.
Focus on promoting innovation
In addition to regulation, the draft specifically focuses on innovation policy instruments:
- Establishment of AI real-world laboratories (regulatory sandboxes);
- Advisory services for businesses, particularly SMEs and start-ups;
- Training and information services on the application of the AI Act.
The aim is to reconcile regulatory requirements with the capacity for innovation.
Fines and sanctions system
The draft bill supplements the European sanctions regime with national provisions:
- Fines of up to €50,000 for breaches of cooperation and information obligations;
- Administrative offences, including failure to carry out a fundamental rights impact assessment or insufficient cooperation with authorities.
It is important to note that the main substantive sanctions continue to derive primarily from the AI Regulation itself. The German fines could therefore be imposed in addition.
Legal classification of the KI-MIG
The draft of the KI-MIG is a classic implementing act: it does not create new substantive requirements, but rather operationalises the European regulation. What is decisive, therefore, is not so much what is regulated, but how compliance will be monitored in future. It is already clear that companies must expect significantly increased institutional enforcement and monitoring, as is already familiar from the GDPR, for example.
In practical terms, this means:
- On the one hand, more regulatory contacts – on the other, clearer responsibilities. It is essential to establish the correct information channels from the outset and to communicate these within the organisation.
- A higher frequency of audits and inspections is to be expected. Conversely, this means that there is an early need for AI governance structures to ensure that the risk of sanctions does not become too high.
Conclusion
With the Act Implementing the Regulation on Artificial Intelligence, Germany is laying the institutional foundations for the implementation of the AI Act. The central role of the Federal Network Agency, new supervisory structures for high-risk AI, and targeted innovation promotion mark a balanced approach between regulation and competitiveness.
It will be crucial for companies to adapt to the upcoming supervisory practices at an early stage – particularly with regard to documentation requirements, risk assessments and interaction with authorities.