Glossary · EU AI Regulation AI Office (European AI Office (within DG CNECT))
The EU body responsible for implementing and enforcing the AI Act at the Union level. Established within the European Commission's DG CNECT, operational since 2024. Powers include classification of general-purpose AI models, codes of practice development, regulatory sandbox coordination, and direct enforcement against GPAI providers.
## What the AI Office actually is
The European AI Office is the EU body responsible for enforcing the [AI Act](/en/glossary/eu-ai-act/) at the Union level, particularly for general-purpose AI models. Established by the AI Act itself (Article 64 and related provisions) and operational since 2024, the AI Office sits within the European Commission's Directorate-General for Communications Networks, Content and Technology (DG CNECT).
The AI Office is structurally important because it represents the first time the EU has created a centralised enforcement body for AI — analogous to ENISA for cybersecurity or the European Data Protection Board for data protection.
## What the AI Office does
The Office has four operational mandates under the AI Act:
### 1. General-Purpose AI (GPAI) classification and supervision
The AI Office is responsible for assessing whether general-purpose AI models pose **systemic risk** (a defined AI Act category). Models flagged as systemic-risk face additional obligations including model evaluations, adversarial testing, incident reporting, and cybersecurity protections.
This applies particularly to foundation-model providers including OpenAI, Anthropic, Google, Meta, Mistral, Aleph Alpha, and other major LLM operators.
### 2. Codes of Practice development
The AI Office coordinates the development of voluntary Codes of Practice for GPAI providers. The first GPAI Code of Practice was finalised in 2025, covering transparency, copyright compliance, safety/security, and broader responsible-AI practices. Adherence is voluntary but operates as a presumption-of-compliance for AI Act obligations.
### 3. AI regulatory sandbox coordination
Member State AI regulatory sandboxes (under AI Act Article 57) are coordinated through the AI Office. The sandboxes enable supervised testing of high-risk AI systems before market entry — particularly useful for novel AI use cases in healthcare, mobility, financial services, and public administration.
### 4. Direct enforcement against GPAI providers
For systemic-risk GPAI models, the AI Office has direct enforcement powers including investigations, conformity assessment requests, and penalties (up to 3% of global annual turnover for GPAI provider violations).
## Why the AI Office matters
### 1. Centralised AI enforcement model
Pre-AI Office, EU AI enforcement would have been highly fragmented across 27 Member State authorities. The AI Office creates a Union-level coordination point particularly important for GPAI models that operate globally rather than nationally.
### 2. The GPAI lever
The AI Act's GPAI provisions only apply meaningfully because the AI Office has the operational capacity to enforce them. Without centralised enforcement, GPAI obligations would have been functionally optional for non-EU providers.
### 3. Code of Practice as norm-setter
The voluntary Codes of Practice are setting global norms for how foundation-model providers document and disclose AI system characteristics. Even non-EU customers of foundation models are increasingly relying on Code of Practice disclosures.
### 4. Sovereignty signal
The AI Office's existence — and the EU's ability to staff and operationalise it — is a meaningful sovereignty signal. The Office has hired hundreds of technical and policy staff and is recruiting actively for specialised AI expertise.
## AI Office organisational structure
The Office is structured into five units within DG CNECT:
1. **Excellence in AI and Robotics** — non-regulatory innovation support
2. **Regulation and Compliance** — high-risk AI system supervision (working with Member State authorities)
3. **AI Innovation and Policy Coordination** — strategic policy work
4. **AI Safety** — risk assessment for systemic GPAI models
5. **AI for Societal Good** — public-sector AI deployment support
The AI Office Director reports to the Director-General of DG CNECT. Staff includes seconded national experts from Member State authorities and Commission policy and technical staff.
## What it means in practice
### For AI deployers in the EU
The AI Office is the primary contact point for compliance questions about general-purpose AI use. For Member State-level high-risk AI compliance, your national AI competent authority remains the relevant supervisor.
### For foundation-model providers
The AI Office is your primary EU regulator. Even non-EU providers (OpenAI, Anthropic, Google) interact with the AI Office for compliance work, Code of Practice participation, and (for systemic-risk classified models) direct supervision.
### For AI startups and SMEs
The AI Office provides guidance documents, model contracts, and outreach specifically targeted at SMEs. Regulatory sandbox access (via your Member State authority) is significantly easier to navigate with AI Office coordination.
### For Member State authorities
The AI Office coordinates the AI Board (representing Member State AI authorities) and supports national authorities' enforcement work, particularly where issues cross borders or involve GPAI providers.
## AI Office vs Member State authorities
| Aspect | AI Office | Member State Authority |
|--------|-----------|------------------------|
| Subject | Union-level + GPAI | National + high-risk AI systems |
| GPAI direct enforcement | ✅ | ❌ |
| Member State coordination | Hub | Implements |
| Sandboxes | Coordinates | Operates |
| AI Board membership | Secretariat | Members |
| Penalties for GPAI | Direct | Refers to AI Office |
The Office complements rather than replaces Member State authorities.
## Practical implications
- **For AI users**: the AI Office is the federal regulator; your national authority is the day-to-day regulator. Compliance documentation should reference both
- **For AI developers**: monitor AI Office publications (Codes of Practice, guidance, enforcement actions) as the primary EU AI regulatory signal
- **For foundation-model providers**: AI Office engagement is essentially mandatory for serious EU market presence
- **For policy and legal teams**: AI Office is now a meaningful regulatory body to track alongside DPAs, financial regulators, and competition authorities
The AI Office's first enforcement actions in 2025-2026 are setting precedent for how the AI Act actually operates in practice. Its decisions are early shapers of the global AI governance landscape.
Was this helpful?
Thanks for your feedback!