The EU AI Act (Regulation 2024/1689) applies directly in Croatia as in all EU member states. Unlike the GDPR, which required national implementation laws, the AI Act's core obligations take effect uniformly across the EU.
High-risk AI systems deployed or provided in Croatia must complete conformity assessment (Article 43), maintain technical documentation (Article 11), implement risk management (Article 9), and register in the EU database (Article 60) before August 2, 2026.
Croatian Personal Data Protection Agency (AZOP) will serve as the national market surveillance authority for AI Act enforcement in Croatia. This authority will have powers to inspect, audit, and impose penalties on non-compliant AI systems.
Prohibited AI practices under Article 5 (social scoring, subliminal manipulation, real-time biometric identification in public spaces) are banned in Croatia as in all EU member states, with limited law enforcement exceptions.
Penalties for non-compliance range up to EUR 35 million or 7% of global annual turnover (whichever is higher) for prohibited practices, and up to EUR 15 million or 3% for other violations (Article 99).