The EU Regulation on Artificial Intelligence (AI Act) will enter into full force in August 2026—presenting companies with the challenge of developing and deploying AI systems in compliance with regulations. The Federal Network Agency has now simulated a regulatory sandbox for AI implementation in a pilot project to test precisely these processes. In collaboration with the Federal Commissioner for Data Protection and Freedom of Information and the Hessian Ministry for Digital Affairs, legal, organizational, and communication aspects were examined. For sustainability and AI officers in companies, this experiment provides valuable insights—particularly regarding how AI governance models must be structured to meet future requirements.
What the AI Regulatory Sandbox Means for Companies
The regulatory sandbox served as a controlled test environment in which providers of AI products could go through the entire compliance process—from risk classification to documentation requirements to communication with authorities. Key findings relate to three areas:
- Legal Clarity: The simulation showed that many companies still have uncertainties when classifying their AI systems into risk categories. High-risk AI is subject to stricter requirements—such as bias assessments or transparency obligations.
- Organizational Structures: It is not sufficient to operate AI projects in isolation. Cross-departmental governance structures are necessary that integrate data protection, compliance, and technical development.
- Communication with Authorities: Dialogue with supervisory authorities should begin early. The regulatory sandbox demonstrated that proactive communication reduces uncertainties and accelerates approval processes.
Relevance for Sustainability and AI Strategies
The regulatory sandbox is particularly relevant for companies that use AI in sustainability contexts—such as for supply chain optimization, ESG data analysis, or climate risk assessments. Depending on the area of application, such applications can be classified as high-risk AI, for example when they automate decisions about supplier audits or compliance assessments. The simulation showed: those who establish governance processes now can act faster and more securely from 2026 onwards. Companies should examine whether their AI readiness meets future requirements—a structured AI potential analysis can help identify gaps.
Recommendations for Action: From Simulation to Practice
The insights from the regulatory sandbox can be translated into concrete steps:
- Create an AI inventory: Document all deployed and planned AI systems, classify them according to risk levels as defined by the AI Act.
- Build cross-functional teams: AI governance only works when IT, Legal, Compliance, and business departments collaborate.
- Establish documentation processes: For high-risk AI, comprehensive technical documentation, risk analyses, and conformity assessments are mandatory.
- Seek dialogue with authorities: Use advisory services from the Federal Network Agency or data protection authorities before products go live.
The Federal Network Agency’s AI regulatory sandbox is a blueprint for the AI implementation of the future. Learn more about the pilot project here in the Federal Network Agency’s press release
