The EU AI Act (Regulation 2024/1689) applies directly in Romania as in all EU member states. Unlike the GDPR, which required national implementation laws, the AI Act's core obligations take effect uniformly across the EU.
High-risk AI systems deployed or provided in Romania must complete conformity assessment (Article 43), maintain technical documentation (Article 11), implement risk management (Article 9), and register in the EU database (Article 60) before August 2, 2026.
National Supervisory Authority (ANSPDCP) will serve as the national market surveillance authority for AI Act enforcement in Romania. This authority will have powers to inspect, audit, and impose penalties on non-compliant AI systems.
Prohibited AI practices under Article 5 (social scoring, subliminal manipulation, real-time biometric identification in public spaces) are banned in Romania as in all EU member states, with limited law enforcement exceptions.
Penalties for non-compliance range up to EUR 35 million or 7% of global annual turnover (whichever is higher) for prohibited practices, and up to EUR 15 million or 3% for other violations (Article 99).