Germany has published a draft Act Implementing the Regulation on Artificial Intelligence, known as KI-MIG, to translate the European Artificial Intelligence Act into national administrative practice. The draft is intended to supplement directly applicable European rules with organisational and procedural measures, especially where national authorities, complaint handling, and enforcement structures need to be defined. The proposal is currently available as a draft from the Federal Government (Bundestag printed paper 21/4594) and must now be debated in the Bundestag. The deadline for the new law already expired on 2 August 2025. It is not yet clear when it will come into force.
The draft places the Federal Network Agency, or Bundesnetzagentur, at the center of market surveillance for Artificial Intelligence systems. It would serve as the main authority responsible for compliance with the Artificial Intelligence Act unless specific statutory responsibilities apply, while also acting as a central contact point for businesses and citizens and coordinating complaints. A coordination and competence centre is also planned to support cooperation between authorities and provide an interface with the EU. For high-risk Artificial Intelligence, the proposal creates an independent market surveillance chamber within the Federal Network Agency, with oversight focused on sensitive fields including law enforcement, border management, justice and democratic processes.
Germany is also pursuing a hybrid supervisory model rather than fully centralizing oversight. Sector-specific authorities would keep responsibility in areas where specialist expertise already exists, including the Federal Financial Supervisory Authority, or BaFin, for Artificial Intelligence in the financial sector, as well as regional authorities for certain public applications. A central complaints office would allow citizens to report potential breaches through a single channel, with cases then forwarded to the relevant authority. This structure is intended to improve transparency around responsibilities and strengthen enforceability from the perspective of affected individuals.
The draft also emphasizes innovation policy alongside enforcement. It proposes Artificial Intelligence real-world laboratories, regulatory sandboxes, advisory services for businesses, especially SMEs and start-ups, and training and information services on applying the Artificial Intelligence Act. On sanctions, the bill adds national rules to the European regime, including fines of up to €50,000 for breaches of cooperation and information obligations. Administrative offences would include failure to carry out a fundamental rights impact assessment or insufficient cooperation with authorities. The draft does not introduce new substantive obligations, but it signals more structured monitoring, clearer reporting lines, and a higher likelihood of audits and inspections, making early internal governance and documentation increasingly important for companies.
