AI Act in Romania: What Companies Need to Do, and By When

The EU AI Act (Regulation 2024/1689) applies directly in Romania as in all EU member states. Unlike the GDPR, which required national implementation laws, the AI Act's core obligations take effect uniformly across the EU.

High-risk AI systems deployed or provided in Romania must complete conformity assessment (Article 43), maintain technical documentation (Article 11), implement risk management (Article 9), and register in the EU database (Article 60). The compliance date for Annex III high-risk systems is 2 August 2026 as written; the Digital Omnibus provisional agreement of 7 May 2026 moves it to 2 December 2027, pending formal adoption and Official Journal publication. Article 50 transparency obligations are unchanged and apply from 2 August 2026.

National Supervisory Authority (ANSPDCP) will serve as the national market surveillance authority for AI Act enforcement in Romania. This authority will have powers to inspect, audit, and impose penalties on non-compliant AI systems.

Prohibited AI practices under Article 5 (social scoring, subliminal manipulation, real-time biometric identification in public spaces) are banned in Romania as in all EU member states, with limited law enforcement exceptions.

Penalties for non-compliance range up to EUR 35 million or 7% of global annual turnover (whichever is higher) for prohibited practices, and up to EUR 15 million or 3% for other violations (Article 99).

• AI Act High-Risk Classification: How to Determine if Your System Requires Compliance
• AI Act Conformity Assessment: Step-by-Step Guide
• AI Act Fines and Penalties Across EU Member States
• EU AI Act August 2026 Deadline: Complete Checklist
• Free Diagnostic: Is Your AI System High-Risk?