Europe enforces AI Act

The European Union’s AI Act is moving from rulebook to enforcement, with the Netherlands proposing a national system run by ten existing regulators. (rijksoverheid.nl) (pinsentmasons.com) The Dutch government put its AI Act implementation bill into public consultation on April 20, 2026, and set a June 1, 2026 deadline for responses. State Secretary Zsolt Aerdts said the law is meant to make national supervision possible under the European rules. (rijksoverheid.nl) (internetconsultatie.nl) Under the proposal, regulators would supervise AI inside their own sectors instead of creating one new AI watchdog. The Dutch Data Protection Authority and the State Inspectorate for Digital Infrastructure would coordinate the system, and the inspectorate would also help run the AI Act’s regulatory sandboxes. (rijksoverheid.nl) (rdi.nl) That is landing ahead of the AI Act’s main application date of August 2, 2026, when the regulation’s general enforcement framework starts to apply across the bloc. Some parts already apply, including the ban on certain prohibited AI practices from February 2, 2025, while some high-risk obligations tied to Article 6(1) are delayed until August 2, 2027. (ai-act-service-desk.ec.europa.eu) (commission.europa.eu) The AI Act works like a product-safety law for software, sorting systems by risk level and attaching heavier duties to systems that can affect health, safety, or fundamental rights. The European Commission says high-risk systems include tools used in areas such as medical software and recruitment, while some uses such as social scoring are banned outright. (commission.europa.eu) For companies, that means AI oversight will not sit neatly apart from privacy compliance. The International Association of Privacy Professionals said this week that the AI Act and the General Data Protection Regulation intersect on bias monitoring, impact assessments, and automated decision-making. (iapp.org) Its chart notes that certain deployers of high-risk AI must carry out a fundamental rights impact assessment before first use, while the General Data Protection Regulation can separately require a data protection impact assessment when personal-data processing creates high risk. It also points to overlap between AI Act human-oversight rules and the General Data Protection Regulation’s limits on solely automated decisions. (iapp.org) The Dutch government has framed the multi-regulator model as a way to keep supervision close to agencies businesses already know. Pinsent Masons said the draft bill names sectoral bodies including the Health and Youth Care Inspectorate, the Netherlands Food and Consumer Product Safety Authority, and the Dutch Labour Inspectorate. (rijksoverheid.nl) (pinsentmasons.com) The European Union finished writing the AI Act in 2024. In 2026, the harder job is building the national machinery that will decide which regulator calls, which forms get filed, and which AI systems get stopped. (commission.europa.eu) (rijksoverheid.nl)