AI Act: Federal Government Sets AI Law in Motion - Bundesnetzagentur Named Central AI Regulator
The Federal Cabinet has moved its draft law to implement the EU AI Act forward. Under the KI-Marktüberwachungs- und Innovationsförderungsgesetz (KI-MIG), the Bundesnetzagentur would become Germany's central AI supervisory authority. The EU's risk-based framework has been phasing in since 2024; this national law still needs approval from the Bundestag and Bundesrat.
What changes for public bodies and regulated sectors
The Bundesnetzagentur is set to act as the central coordination and competence center, market surveillance authority, and notifying authority for AI. Rather than building a new agency, the plan is to use existing capacities at the Bundeskartellamt, BaFin, BSI, and federal and state data protection authorities to avoid duplicate structures.
The agency's remit keeps expanding. Beyond telecoms, post, energy, and rail, it already coordinates the EU Digital Services Act in Germany and supervises major online platforms. AI oversight would add another critical layer to that portfolio.
Risk-based obligations and key prohibitions
Organizations developing or using AI must classify systems by risk level and meet matching obligations. Higher risk means stricter requirements on transparency, safety, data governance, human oversight, and post-market monitoring.
The EU AI Act bans AI that scores people based on social behavior. Emotion recognition at work or in schools is not allowed. Facial recognition in public spaces is generally prohibited, with limited exceptions for law enforcement investigating specified offenses.
Government position
Federal Digital Minister Karsten Wildberger argues the approach is "innovation-friendly" and "lean," emphasizing the use of existing structures and expertise at the Bundesnetzagentur to serve the economy without creating a new bureaucracy.
Points of contention
Data protection authorities at federal and state level had pushed to lead AI supervision and received support from European counterparts. Some stakeholders also favored creating a dedicated new authority. Centralizing oversight at the Bundesnetzagentur remains contested.
Industry groups want the EU framework adjusted. The German Electrical and Digital Industries Association (ZVEI) warns of dual regulation, legal uncertainty, and higher compliance costs. They argue that sectors already covered by instruments like the Machinery Regulation or the Medical Devices Regulation should be carved out of the AI Act.
What to do now - checklist for agencies and public contractors
- Map current and planned AI use. Flag any functions that could be prohibited (e.g., emotion recognition in HR or education) and classify preliminary risk.
- Prepare documentation: data sources, model purpose, evaluation results, human oversight measures, incident logs, and change controls.
- Assign an AI compliance lead and set up a working group with legal, IT security (BSI alignment), data protection, and procurement.
- Update procurement templates: require vendors to state risk level, conformity assessment status, prohibited-feature deactivation, and incident reporting.
- Coordinate early with sectoral regulators and data protection authorities; be ready to interface with the Bundesnetzagentur once guidance is issued.
- Stand up incident response for AI systems, including rollback plans and user notification procedures.
- Train staff who build, buy, or operate AI systems so obligations are understood and applied consistently.
What's next
The draft now moves to the Bundestag and Bundesrat. Expect guidance from the Bundesnetzagentur on supervision processes, templates, and market surveillance once the law is finalized. Public bodies should monitor updates and align internal policies early to reduce compliance friction.
For background on the EU framework, see the European Commission's overview of the AI regulatory framework: EU AI policy. Agency information is available at the Bundesnetzagentur.
If your team needs skills support for AI governance and compliance, explore role-based learning paths here: Complete AI Training - Courses by Job.
Your membership also unlocks:
