ENG

Germany

Is there a specific enacted legislation regulating AI in your jurisdiction?

Germany has not enacted a dedicated AI law to date. There are currently no specific statutes or regulations that comprehensively regulate artificial intelligence at the national level. The government has instead relied on existing, technology-neutral laws. In practice, AI systems in Germany are governed by general laws (e.g. the Civil Code, Product Liability Act, data protection law, etc.) rather than an AI-specific act.

A comprehensive AI regulation takes place only at the EU level through the EU AI Act.

Is there a proposed legislation regulating AI in your jurisdiction?

To date, no new AI-specific legislation has been formally proposed in Germany. The German government has taken a cautious approach and is largely awaiting the EU’s regulatory framework instead of pursuing a separate national AI act.

However, German officials have indicated through policy statements that they are continuously evaluating whether additional national rules might be needed.

Are there any guidelines/ codes of conduct/ recommendations / reports / policies in connection with AI in your jurisdiction?

Although formal legislation is absent, Germany has developed a  framework of strategies, guidelines, and ethical codes related to AI ("soft law"). Key non-binding instruments and policy documents include:

  • National AI Strategy (Nationale KI-Strategie) – In November 2018, the Federal Government adopted a comprehensive AI Strategy, updated in December 2020, with the goal of promoting “AI made in Germany” in a human-centric, trustworthy manner. In November 2023, the government launched an AI Action Plan as an update to the strategy, committing additional funding (over €1.6 billion by 2024) and focusing on priority areas like healthcare, climate, robotics, and education.
  • Data Ethics Commission (Datenethikkommission) Report 2019 – An expert commission appointed by the government issued 75 recommendations on governing data and AI. Notably, it proposed a risk-based regulatory framework for algorithms, suggesting stricter requirements (up to possible bans) for AI applications with higher damage potential.
  • Enquete Commission on AI (Parliamentary Study Commission) – The German Bundestag convened a multi-stakeholder Enquete Commission on “Artificial Intelligence – Social Responsibility and Economic Potential,” which delivered its final report in October 2020. This 800-page report, supported by all major parties, endorsed a vision of “human-centered AI”, stressing that AI applications should uphold human dignity and societal well-being.

It should be noted that many of these documents were primarily intended to bridge the gap until binding AI regulations were in place. After the EU AI Act comes into effect, many (though not all) of these initiatives will likely take a back seat.

Any additional relevant news regarding AI / or anticipated future changes (e.g. white papers, policy statements about AI regulation)?

German policymakers are actively preparing for upcoming AI regulation and monitoring emerging issues:

  • Implementation of the EU AI Act: Germany has been closely involved in the EU’s AI Act negotiations and is gearing up for its implementation and enforcement.
  • AI Action Plan 2023: As mentioned in the previous answer, in November 2023 the Federal Government (led by the Education and Research Ministry, BMBF) issued a new AI Action Plan to accelerate AI innovation.
  • Focus on AI and Discrimination: In August 2023, the Federal Anti-Discrimination Commissioner (Ferda Ataman) publicly called for legal changes to address “digital discrimination” by AI systems. Ataman presented a government-commissioned legal study titled “Automatisch benachteiligt?” (“Automatically Disadvantaged?”) that found Germany’s current anti-discrimination law (the AGG) is not fully equipped to handle algorithmic bias. 

Is AI specifically addressed in IP laws? Are there any guidelines / soft laws relating to AI? 

German IP laws do not expressly reference AI or grant AI-specific rights, but AI is indirectly addressed through interpretations and recent case law. There is currently no special IP statute for AI (and no sui generis IP right for AI-generated inventions or works). However, existing patent and copyright frameworks have been applied to AI-related scenarios. 

Is AI specifically addressed in data protection laws? Are there any guidelines / soft laws relating to AI?

Germany’s data protection regime is primarily governed by the EU’s General Data Protection Regulation (GDPR) and the supplemental Federal Data Protection Act (BDSG). Neither of these explicitly mentions “artificial intelligence.” In other words, no German privacy law is AI-specific – but AI systems must comply with general data protection principles whenever they process personal data.

One relevant general provision is GDPR Article 22, which gives individuals the right not to be subject to decisions based solely on automated processing that have significant effects (like algorithms denying a loan with no human involvement). This rule directly applies to AI systems engaged in profiling or automated decisions.

In the absence of AI-specific statutes, German data protection authorities (DPAs) have issued extensive guidance and “soft law” for AI. 

Who are the competent AI supervisory authorities in your jurisdiction? 

Germany has not designated a single national “AI regulator.” Oversight of AI currently falls to various existing authorities depending on the context of the AI’s use. Key competent authorities include: Data Protection Authorities (DPAs), Sectoral Regulators, Consumer Protection and Competition Authorities, Federal Office for Information Security (BSI).

As Germany prepares for the EU AI Act, there are ongoing discussions about which authority will be the national AI supervisor. The current draft of the German AI Market Surveillance Act gives first information on the potential market surveillance authority. According to the proposal, the Federal Network Agency (‘Bundesnetzagentur’, ‘BNetzA’) will be designated as the central market surveillance authority and notifying authority. It will also be responsible for operating AI sandboxes and establishing a coordination and competence centre (‘Koordinierungs- und Kompetenzzentrum KI-VO’, ‘KoKIVO’) to especially provide the agency itself technical expertise and also support other authorities.

Are there any publicly known enforcement actions in relation to AI?

Given the lack of AI-specific legislation, Germany has not seen any enforcement action “against AI” as such – there’s been no penalty under an AI law (since none exists). However, regulators have begun enforcing existing laws in cases where AI systems caused violations.

Are there any other sector specific laws or guideline / soft laws (e.g. finance, healthcare etc.) where AI is specifically addressed?

In certain regulated sectors, Germany has introduced specific laws or soft-law guidelines that address AI applications. These are not “AI laws” per se, but sectoral regulations that explicitly incorporate AI-driven technology or regulators’ guidance on AI use in that field. Key examples:

  • Automotive (Autonomous Driving): Germany is a pioneer in autonomous vehicle legislation. In 2017, it amended the Road Traffic Act (StVG) to allow conditional automated driving (Level 3) with requirements for a human fallback. Going further, in July 2021 Germany enacted a law permitting Level 4 autonomous vehicles (highly automated, no human driver needed in defined operating areas) on public roads.
  • Healthcare (Digital Health Applications and Medical AI): The healthcare sector has integrated AI via the concept of “digital health applications” (Digitale Gesundheitsanwendungen or DiGA).
  • Finance (Banking/Insurance): The financial regulators have been proactive on AI. BaFin conducted a major study “Big Data meets Artificial Intelligence” in 2018  and in June 2021 published “Supervisory Principles for the Use of Algorithms in Decision-Making Processes” for financial institutions.
  • HR / Works Constitution: Some sections of the Works Constitution Act (BetrVG) refer to works counsil consultations when using AI. 

*Information is accurate up to 30 April 2025