Advocates pushing for privacy rights call for immediate government intervention regarding Artificial Intelligence policies - Federal Data Protection Officer Issues Alert on Government's AI Interventions
The German Federal Government has taken action to address the oversight of Artificial Intelligence (AI), as urged by Hamburg's Data Protection Commissioner, Thomas Fuchs. In response, the government has introduced a draft bill—the AI Market Surveillance Act (KI-Marktüberwachungsgesetz)—which designates competent authorities for implementing the EU's AI Act.
The draft law, released in January 2025, assigns existing market surveillance authorities to oversee compliance with the EU AI Act in their specific sectors. For instance, the German Federal Financial Supervisory Authority (BaFin) will oversee financial services, while the Federal Network Agency (Bundesnetzagentur) will oversee areas lacking designated authorities. This approach addresses the previous lack of a competent AI supervisory authority in Germany.
The German Government's draft law implements the European AI Regulation by defining which existing authorities will act as market surveillance and notifying authorities across different sectors. The EU's AI Act, which became effective in August 2024, has been in effect since February 2025 and will be fully applicable by August 2026.
Meanwhile, the German Data Protection Authorities, including the Conference of Data Protection Authorities (DSK), continue to provide extensive guidance on AI usage under GDPR principles, emphasising transparency, fairness, and accountability.
High-risk AI systems, such as those used for credit scoring, must meet strict requirements under the EU's AI Act. Some AI applications are outright banned under the regulation. The EU's AI Act categorises AI applications into risk groups, with the highest-risk systems requiring the most stringent oversight.
The lack of a binding point of contact for questions about the AI regulation in Germany has put the country at a competitive disadvantage. Member states have two years to implement most provisions of the EU's AI Act into national law. The federal government is expected to designate authorities to monitor the AI market before the August 2026 deadline.
The Hamburg Data Protection Commissioner, Thomas Fuchs, is not directly involved in the EU's AI Act. The EU's AI Act is a regulation pertaining to Artificial Intelligence, overseen by the European AI Board.
Recent expert seminars have discussed the critical topic of human oversight of AI, a requirement under the EU AI Act’s high-risk AI systems. The challenges of effective and ethical AI control have been highlighted during these discussions.
In conclusion, Germany has taken concrete legislative steps to fulfil the EU's mandate, including establishing oversight frameworks, while data protection bodies are actively guiding AI use from a privacy and ethical standpoint. The government's draft law and ongoing regulatory discussions signal a proactive approach to the EU's AI Act, ensuring compliance and competitive advantage in the AI market.
The government's draft law, implementing the European AI Regulation, designates existing market surveillance authorities to oversee compliance with the EU AI Act in their specific sectors, such as vocational training in technology and artificial-intelligence. The EU's AI Act, which categorises AI applications into risk groups, requires strict regulations for high-risk AI systems, like those used for vocational training, to ensure transparency, fairness, and accountability.
