Bottom line: EU Member States must establish AI regulatory sandboxes by August 2026. These controlled environments promote innovation, improve legal certainty, and facilitate market access for SMEs and startups. Implementation approaches vary significantly across countries, ranging from operational systems to early planning phases.
EU Member States must establish national AI regulatory sandboxes by August 2026 to support companies in developing and testing AI systems under regulatory guidance. Implementation approaches vary considerably across countries.
AI regulatory sandboxes create controlled environments where AI systems can be developed and tested before market launch. They offer improved legal certainty, support regulatory compliance, enable the processing of personal data, and facilitate market access for SMEs and startups.
Pursuant to Article 57 of the EU AI Act, each Member State must establish at least one national AI sandbox by August 2, 2026. Participation in a sandbox enables providers to use their compliance documentation as evidence of compliance with the EU AI Act. As long as providers follow the guidelines of the competent national authority in good faith, they are exempted from administrative fines.
Implementation varies significantly among Member States. While some countries such as Denmark already have operational sandboxes with concrete plans, others are still in early planning phases. Institutional approaches also differ: in some Member States, data protection authorities lead the initiative, elsewhere new centralized AI agencies are emerging, while some countries prefer decentralized models with coordinated regulators.
Historical examples from other sectors demonstrate positive effects: companies that successfully completed testing in the UK FCA sandbox received 6.6 times more fintech investments than their competitors. Additionally, the UK FCA sandbox reduced the average approval time by 40 percent compared to the regular approval process.
National competent authorities provide guidance, monitoring, and support for risk identification and ensuring compliance with the EU AI Act and other applicable legislation. Providers remain liable for damages to third parties arising from testing, but benefit from exemption from administrative fines.
Source: artificialintelligenceact.eu