Romania and AI Regulation: Between European Alignment and National Readiness

Article by Alexandrescu Alexandru -Romanian, Lawyer specializing in commercial and real estate transactions, with a focus on EU regulation and artificial intelligence.

Romania’s approach to artificial intelligence (AI) regulation is currently defined by a transition phase: from strategic intent to institutional implementation. While the European framework is already in force, the national architecture remains under development, creating a gap between legal applicability and administrative readiness.

The European Framework: Immediate Applicability, Gradual Enforcement

The cornerstone of AI regulation in Romania is Regulation (EU) 2024/1689 (the AI Act), which entered into force on 1 August 2024 and is currently scheduled to become fully applicable on 2 August 2026 (note that there have been ongoing discussions at EU level regarding a potential extension or postponement of the timeline for full applicability, although no formal amendment has been adopted to date). To this end, several provisions already produce legal effects, including prohibitions and AI literacy obligations applicable since February 2025.

The Regulation introduces a risk-based approach, distinguishing between prohibited practices, high-risk systems, and lower-risk applications. High-risk AI systems, particularly those used in employment, financial services, or public administration, are subject to strict requirements, including transparency, human oversight, and risk management.

Importantly, the AI Act applies directly across all Member States, including Romania, regardless of the stage of national implementation. As such, companies operating in Romania are already required to assess their exposure and ensure compliance, even in the absence of a fully operational national supervisory framework.

National Implementation: Institutional Design and Structural Constraint

Romania has recently taken its first formal step toward implementing the AI Act through the Government memorandum adopted on 12 March 2026, which outlines the designation of competent authorities and the creation of a single national contact point.

The proposed model relies on existing institutions rather than the creation of a new centralized authority. The National Authority for Management and Regulation in Communications (ANCOM) is expected to act as the main supervisory authority and single contact point, while sectoral regulators, such as the National Bank of Romania (BNR), the Financial Supervisory Authority (ASF), and the National Supervisory Authority for Personal Data Processing (ANSPDCP), will oversee specific categories of high-risk AI systems.

This approach reflects a broader European trend, where Member States distribute supervisory powers across existing regulators rather than establishing new institutions. However, Romania’s implementation is marked by delay, as the deadline for designating competent authorities expired on 2 August 2025.

More importantly, the memorandum highlights a structural limitation: the lack of financial and human resources necessary to effectively supervise complex AI systems. The Government explicitly acknowledges the difficulty of competing with the private sector in attracting AI specialists, raising concerns about the practical enforceability of the regulatory framework.

Strategic Direction: Policy Ambition vs. Regulatory Maturity

Beyond the immediate implementation challenges, Romania’s broader AI policy landscape is shaped by the National Artificial Intelligence Strategy 2024–2027, which positions AI as a key driver of digital transformation and economic growth.

The strategy promotes a “human-centric” approach aligned with EU values, emphasizing fundamental rights, cybersecurity, and innovation. It also establishes governance mechanisms such as interministerial coordination and supports the development of regulatory sandboxes for testing AI systems.

Despite these ambitions, Romania’s regulatory maturity remains limited. There is currently no dedicated national AI law, and existing rules apply only indirectly, through frameworks such as data protection or consumer law. Legislative initiatives have been proposed, including draft laws addressing responsible AI use and sector-specific regulation, but these remain at an early stage.

This creates a dual dynamic. On one hand, Romania is closely aligned with the European regulatory model and actively building its institutional framework. On the other, the effectiveness of this framework will depend on administrative capacity, technical expertise, and the ability to translate strategic objectives into enforceable rules.

Conclusion

Romania’s AI regulatory landscape is best understood as a system in formation. The legal framework is already in place at EU level, and national authorities are beginning to take shape. However, the transition from formal compliance to effective enforcement remains incomplete.