Europe Builds AI Enforcement

The Netherlands plans to split enforcement of Europe’s AI law across 10 regulators, turning one rulebook into sector-by-sector oversight. (rijksoverheid.nl) The Dutch government said on April 20 that the Autoriteit Persoonsgegevens, the Authority for Digital Infrastructure, the Health and Youth Care Inspectorate, the Human Environment and Transport Inspectorate, the Dutch Central Bank and five other watchdogs will supervise different parts of the European Union Artificial Intelligence Act. (rijksoverheid.nl) Pinsent Masons reported on April 23 that the plan would leave Dutch companies answering to different supervisors depending on where an AI system is used, from finance to medical devices to consumer products. (pinsentmasons.com) The European Union’s Artificial Intelligence Act is already taking effect in stages. The first bans and AI literacy duties started on February 2, 2025, more rules arrive on August 2, 2026, and the full law applies on August 2, 2027. (autoriteitpersoonsgegevens.nl) For companies, the next hard date is August 2, 2026, when requirements for high-risk AI systems begin to apply. Those systems include tools used in areas such as employment, education, critical infrastructure and some law-enforcement and migration uses listed in the regulation’s annexes. (eur-lex.europa.eu) Article 9 is the part that tells providers to run AI risk management like a standing safety program, not a one-time checklist. The process must continue through the system’s lifecycle, be regularly reviewed, and identify, test and reduce risks to health, safety and fundamental rights. (eur-lex.europa.eu; artificialintelligenceact.eu) That requirement connects to other articles that demand technical documentation, automatic logs, human oversight and accuracy, robustness and cybersecurity controls. In practice, firms need records that show what the model was supposed to do, what it actually did, and what changed after testing or incidents. (eur-lex.europa.eu; artificialintelligenceact.eu) The Dutch setup shows how that evidence may be checked in Europe: not by a single national AI cop, but by existing agencies with sector mandates. A bank selling an AI system and a hospital deploying one may face the same European law but different frontline supervisors. (rijksoverheid.nl; pinsentmasons.com) The Dutch data protection authority has told organizations to start preparing now, warning that irresponsible AI can lead to discrimination, restrictions on freedoms and manipulation. The government said the national bill setting out supervisory powers and penalties is expected to go to parliament in the second quarter of 2026. (autoriteitpersoonsgegevens.nl; rijksoverheid.nl) For any company selling AI into Europe, the message from The Hague is operational, not theoretical: by August 2026, compliance will be checked by regulators that already know their sectors and will expect audit trails to match. (pinsentmasons.com; rijksoverheid.nl)