AI Act in Spain: What Companies Need to Do Before August 2, 2026

The EU AI Act (Regulation 2024/1689) applies directly in Spain as in all EU member states. Unlike the GDPR, which required national implementation laws, the AI Act's core obligations take effect uniformly across the EU.

High-risk AI systems deployed or provided in Spain must complete conformity assessment (Article 43), maintain technical documentation (Article 11), implement risk management (Article 9), and register in the EU database (Article 60) before August 2, 2026.

Agencia Española de Protección de Datos (AEPD) will serve as the national market surveillance authority for AI Act enforcement in Spain. This authority will have powers to inspect, audit, and impose penalties on non-compliant AI systems.

Prohibited AI practices under Article 5 (social scoring, subliminal manipulation, real-time biometric identification in public spaces) are banned in Spain as in all EU member states, with limited law enforcement exceptions.

Penalties for non-compliance range up to EUR 35 million or 7% of global annual turnover (whichever is higher) for prohibited practices, and up to EUR 15 million or 3% for other violations (Article 99).

• AI Act High-Risk Classification: How to Determine if Your System Requires Compliance
• AI Act Conformity Assessment: Step-by-Step Guide
• AI Act Fines and Penalties Across EU Member States
• EU AI Act August 2026 Deadline: Complete Checklist
• Free Diagnostic: Is Your AI System High-Risk?