The EU AI Act is law. The infrastructure to enforce it is still being built.
According to recent reporting, EU member states are engaged in active implementation work, establishing national supervisory authorities, defining conformity assessment procedures, and standing up the regulatory sandbox structures the Act requires. The structural obligations are not in dispute. Per the official AI Act framework, every member state must designate national competent authorities for AI supervision. That requirement is law. Whether any specific member state has finalized its approach as of this week is less clear, the journalism sources that would confirm current progress were inaccessible at time of publication.
The hard deadline is August 2, 2026. Article 57 of the AI Act requires each member state to establish at least one national AI regulatory sandbox by that date. That’s roughly four months away. Sandboxes aren’t optional procedural features, they’re the mechanism through which AI providers can test high-risk systems under regulatory supervision before full market deployment. Member states that haven’t stood one up by August will be out of compliance with their own implementation obligations.
The focus areas reportedly include both supervisory authority structures and the precise procedures for conformity assessment, the process by which high-risk AI systems demonstrate they meet the Act’s requirements before deployment. These are not novel bureaucratic questions. They’re the same ones the EU worked through with GDPR, and the answers matter enormously for companies that operate across multiple member states. A multinational facing a conformity assessment in France and another in Hungary needs both processes to be substantively equivalent. If they aren’t, that’s not a minor administrative inconvenience. It’s duplicated compliance cost and legal exposure.
That risk, divergent national interpretations producing a fragmented compliance landscape, is a recurring pattern in EU multi-jurisdiction regulation. It’s worth watching here, though it should be noted this is an analytical observation about implementation dynamics, not a confirmed report of specific fragmentation occurring in April 2026.
What to watch in the coming months: which member states publish their national supervisory authority designations and sandbox frameworks ahead of August 2. The European Commission’s digital strategy portal and the official AI Act resource at artificialintelligenceact.eu are the authoritative tracking points. Member states that move early set the de facto template that slower movers tend to follow, GDPR’s story played out exactly this way, with Germany and France’s early interpretive choices shaping the broader EU enforcement landscape.
The August 2 deadline is four months out. Compliance teams serving high-risk AI system operators should be mapping which member states their clients operate in, monitoring for sandbox framework announcements, and starting to assess whether their conformity assessment preparation can flex across different national procedural interpretations, because those interpretations aren’t locked in yet.