Spain has taken a new step toward implementing the EU AI Act, publishing detailed guidance aimed at helping organizations comply with the law’s requirements for high-risk AI systems.
In December 2025, the Spanish Agency for the Supervision of Artificial Intelligence (AESIA) released a series of guidance documents and compliance templates designed for both providers and deployers of high-risk AI under the EU AI Act. The materials, currently available only in Spanish, offer practical, non-binding recommendations intended to support organizations as they prepare for enforcement of the regulation.
AESIA said the guidance was developed through Spain’s AI regulatory “sandbox,” a collaborative framework that brought together industry representatives, technical experts, and public authorities. The agency stressed that the documents are “living resources” and will be updated as European Commission guidance evolves or if future amendments to the AI Act—such as the proposed Digital Omnibus package—are adopted.
The guidance is structured into four main sections. Introductory guides provide an overview of the AI Act and its core compliance principles. A series of technical guides then offers practical recommendations on key obligations, including conformity assessments, risk management systems, technical documentation, record-keeping, transparency, and human oversight requirements. A final section includes a toolkit of checklists and downloadable templates designed to help organizations implement the requirements in practice.
Spanish officials say the guidance is intended to give companies a clearer, more operational roadmap for complying with the AI Act, particularly in complex, high-risk use cases. The initiative reflects a broader trend across the EU, where national authorities are developing supplemental guidance to help businesses navigate the new regulatory framework.
Other member states have taken similar steps. Germany has issued guidance on classifying high-risk AI systems and meeting safety standards, while the Netherlands has published an AI Act guide outlining obligations and risk categories. France’s data protection authority, CNIL, has also released recommendations focused on GDPR compliance in AI development, including data governance and model oversight.
Together, these national efforts aim to reduce uncertainty and support consistent implementation of the EU’s first comprehensive AI regulation.
Need Help?
If you have questions or concerns about how to navigate the global AI regulatory landscape, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight, and ensure you’re informed and compliant.
