Belgium’s Implementation Status
Belgium’s approach to EU AI Act implementation reflects both its strengths and challenges as a federal state with complex institutional structures. The country has demonstrated strong awareness and interest in AI governance, building on its established GDPR expertise, but formal institutional setup has lagged behind the EU’s aggressive timeline.[1]
Current State of Implementation
As of late 2025, Belgium has made significant progress in several areas while gaps remain in others:
Completed
- Designated BIPT as main AI Act regulator (January 2025)
- Published list of fundamental rights authorities per Article 77
- Established Data and AI Ethics Advisory Committee (May 2024)
- FOD Economy coordinating implementation efforts
In Progress
- Full designation of national competent authorities
- Coordination between federal and regional authorities
- National penalty rules and enforcement measures
- AI regulatory sandbox establishment
National AI Strategy Context
Belgium’s AI Act implementation builds on existing national AI initiatives. In 2022, Belgium launched its National Convergence Plan for the Development of Artificial Intelligence, structured around nine pillars including promoting ethical and responsible AI, guaranteeing cybersecurity, boosting national competitiveness, and integrating AI into healthcare.[6]
The country also operates the Applications and Research for Trustworthy Artificial Intelligence (ARIAC) project with a budget of EUR 32 million for 2021–2026, addressing real-world AI challenges in healthcare, energy, and public services. This research foundation provides technical expertise that will inform regulatory implementation.[6]
National Competent Authority Structure
The EU AI Act requires each member state to designate at least one notifying authority and one market surveillance authority as national competent authorities (Article 70). Belgium’s approach distributes responsibilities across multiple existing institutions.[4]
Primary Regulator: BIPT
Belgian Institute for Postal Services and Telecommunications (BIPT)
Belgisch Instituut voor Postdiensten en Telecommunicatie / Institut Belge des Services Postaux et des Télécommunications
As announced in the Government Declaration of January 31, 2025, BIPT serves as the main regulator for the AI Act in Belgium. BIPT brings experience in telecommunications and digital services regulation, positioning it to address AI systems deployed across digital infrastructure.
Key responsibilities: Market surveillance, conformity assessment oversight, coordination with EU AI Office, cross-border enforcement cooperation.
Supporting Institutions
FOD Economy / SPF Économie
Federal Public Service Economy coordinates overall AI Act implementation in Belgium. Provides guidance materials, coordinates between federal and regional levels, and leads awareness initiatives for businesses.[2]
GBA / APD (Data Protection Authority)
The Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de Protection des Données) addresses AI systems processing personal data, ensuring GDPR–AI Act coordination. Issues thematic guidance and awareness materials.[1]
FAMHP / AFMPS
Federal Agency for Medicines and Health Products oversees AI systems classified as medical devices, coordinating with the EU Medical Device Regulation requirements for AI-based diagnostics and treatment systems.
FSMA / Financial Services Authority
Financial Services and Markets Authority has oversight of AI systems in financial services, particularly those used for creditworthiness assessment, insurance pricing, and algorithmic trading—all high-risk categories under Annex III.
Implementation Timeline
Belgian organizations must comply with EU-wide deadlines regardless of national implementation progress. The AI Act’s phased approach provides a structured path to compliance, but with limited runway remaining.[4]
EU AI Act Deadlines for Belgium
| Date | Milestone | Impact for Belgian Organizations |
|---|---|---|
| Feb 2, 2025 | Prohibited AI practices banned | Social scoring, manipulative AI, untargeted facial recognition scraping now illegal. AI literacy obligations begin. |
| Aug 2, 2025 | GPAI obligations + governance | General Purpose AI model requirements. National competent authorities must be designated (Belgium behind schedule). |
| Aug 2, 2026 | High-risk AI full compliance | All Annex III high-risk systems must meet Articles 9–15 requirements. Employment, credit, insurance AI affected. |
| Aug 2, 2027 | Annex I high-risk systems | Medical AI devices and other EU harmonization legislation products. Extended timeline for pharma sector. |
Belgium as Host to EU Institutions
Brussels’ status as the de facto capital of the European Union creates unique dynamics for Belgian AI Act compliance. Organizations operating in Belgium benefit from proximity to regulatory bodies but also face increased scrutiny.
EU Institutions in Brussels
- European Commission: Primary legislative and enforcement body, including DG CONNECT responsible for digital policy
- European AI Office: Newly established within the Commission, exclusive competence over systemic-risk GPAI models, coordinates cross-border enforcement
- European Parliament: Co-legislator that passed the AI Act with 523 votes in favor
- European AI Board: Expert group promoting consistent application across member states
Implications for Belgian Organizations
The concentration of EU institutions in Brussels creates several practical considerations:
Strategic Considerations
- 1. Higher visibility: Non-compliance by Belgian organizations may attract earlier attention from EU-level regulators located nearby
- 2. EU institution contracts: Organizations providing AI services to EU institutions face heightened compliance requirements and scrutiny
- 3. International organizations: NATO, numerous NGOs, and international bodies headquartered in Brussels may require AI Act compliance from vendors
- 4. Faster enforcement response: Proximity to the European AI Office could mean faster response times to complaints or incidents
High-Risk Sectors in the Belgian Market
Belgium’s economy includes several sectors heavily affected by high-risk AI classifications under Annex III. Understanding sector-specific exposure is critical for compliance prioritization.
Pharmaceutical and Life Sciences
Belgium is a global pharmaceutical hub—approximately 20% of all European clinical trials for cancer drugs occur in Belgium, with companies investing EUR 15 million daily in R&D.[5] AI applications in this sector face particular scrutiny:
Pharma AI Risk Categories
- High-Risk: AI-based medical devices for diagnosis/treatment (EU MDR integration), clinical trial patient selection, drug safety monitoring systems
- Limited Risk: AI chatbots for patient support (transparency obligations), drug information systems
- Minimal Risk: Internal R&D optimization, supply chain forecasting, manufacturing quality control (non-safety)
Medical AI devices have an extended compliance timeline through August 2027, providing additional preparation time for notified body assessments under both the AI Act and Medical Device Regulation.[4]
Financial Services
Belgium’s financial sector includes major banks (KBC, Belfius, BNP Paribas Fortis) and insurance companies (AG Insurance, Ethias) deploying AI across operations. High-risk applications include:
- Creditworthiness assessment: Loan approval AI, credit scoring systems (Annex III, Category 5)
- Insurance pricing and underwriting: Risk assessment AI, claims processing automation (Annex III, Category 5)
- Employment decisions: Recruitment AI, performance monitoring, promotion recommendations (Annex III, Category 4)
Public Sector and Administration
Belgian federal and regional governments deploy AI in citizen services, creating high-risk exposure in multiple categories:
- Social benefits assessment: Automated eligibility determinations (essential services category)
- Migration and asylum: Document verification, risk assessment (federal competence)
- Law enforcement: Predictive policing concerns (federal and local police)
Logistics and Port Operations
The Port of Antwerp-Bruges is Europe’s second-largest port, with extensive AI deployment in operations, customs processing, and safety systems. Critical infrastructure AI may fall under high-risk categories requiring conformity assessment.
Article 12: Logging Requirements
Article 12 of the EU AI Act establishes mandatory logging capabilities for high-risk AI systems—a requirement that poses significant technical challenges for Belgian organizations deploying complex AI systems.[4]
Core Requirements
High-risk AI systems must be designed and developed with logging capabilities that ensure:
- Art. 12(1): Automatic recording of events (“logs”) throughout the AI system’s operation
- Art. 12(2): Logging capabilities ensuring traceability of system functioning throughout its lifecycle
- Art. 12(3): Logging appropriate to the intended purpose of the high-risk AI system
- Art. 12(4): For biometric systems: recording of input data periods, reference databases, and persons verifying results
Practical Implications for Belgian Organizations
Article 12 logging presents several challenges specific to the Belgian context:
Technical Requirements
- → Tamper-evident log storage
- → Input/output traceability
- → Model version tracking
- → Human oversight documentation
- → Retention period compliance
Regulatory Access
- → BIPT may request log access
- → Format suitable for authority review
- → Cross-border requests possible
- → Incident investigation support
- → Conformity assessment evidence
Trilingual Requirements
Belgium’s three official languages—Dutch, French, and German—create documentation complexity for AI Act compliance. The regulation requires information to be provided in a language easily understood by authorities and users.
Language Requirements by Document Type
| Document Type | Language Requirement | Practical Guidance |
|---|---|---|
| Technical Documentation (Annex IV) | Language of competent authority | English typically accepted for EU-wide submission; BIPT may request Dutch/French |
| Instructions for Use (Article 13) | Language of end users | Must be in Dutch, French, or German depending on user region |
| Transparency Disclosures (Article 50) | Language of affected persons | Chatbot disclosures, deep fake labels in user’s language |
| EU Declaration of Conformity | Language of market placement | May need trilingual versions for Belgian market |
| Risk Assessments | Internal language + authority request | Keep English master; prepare for translation requests |
Regional Considerations
- Flanders: Dutch documentation for end-user materials in the Flemish Region
- Wallonia: French documentation for the Walloon Region
- Brussels-Capital: Bilingual (Dutch/French) for the capital region
- German-speaking Community: German for the eastern cantons
Conformity Assessment Pathway
Belgian organizations must complete conformity assessments before placing high-risk AI systems on the market. Two pathways exist under Articles 43–44.[4]
Internal Control (Self-Assessment)
Available for most high-risk AI systems. Provider conducts assessment based on:
- • Technical documentation (Annex IV)
- • Quality management system
- • Post-market monitoring plan
- • EU declaration of conformity
Cost: Internal resources | Timeline: 3–6 months
Notified Body Assessment
Required for biometric identification systems and products under EU harmonization legislation:
- • Biometric ID/categorization systems
- • Medical AI devices (most)
- • Machinery safety components
- • Products requiring CE marking
Cost: EUR10,000–100,000 | Timeline: 3–12 months
Belgian Notified Bodies
Belgium must designate notified bodies for AI Act conformity assessments. Organizations requiring third-party assessment should monitor the NANDO database (New Approach Notified and Designated Organisations) for Belgian notified bodies as they are designated. Existing notified bodies under the Medical Device Regulation (such as SGS Belgium) may extend scope to cover AI Act assessments.
Enforcement and Penalties
While Belgium has not yet adopted national rules specifying additional penalties or enforcement measures, the EU AI Act’s penalty structure applies directly.[3]
EU AI Act Penalty Structure (Applicable in Belgium)
| Violation Type | Maximum Fine | Examples |
|---|---|---|
| Prohibited AI practices | EUR35M or 7% global revenue | Social scoring, manipulative AI, biometric databases |
| High-risk non-compliance | EUR15M or 3% global revenue | Missing risk management, inadequate logging, no human oversight |
| GPAI non-compliance | EUR15M or 3% global revenue | Missing technical documentation, copyright violations |
| Incorrect information | EUR7.5M or 1% global revenue | False statements to authorities, document falsification |
Note: Whichever amount is higher applies. For Belgian SMEs, the maximum fine amounts may exceed company value. For multinationals headquartered in Belgium, 7% of global turnover could reach billions of euros.
Compliance Roadmap for Belgian Organizations
Organizations should implement a phased approach aligned with regulatory deadlines, accounting for Belgium’s institutional context and sector-specific requirements.
EU AI Act Compliance for Belgian Organizations
AI System Inventory & Belgian Context Assessment (Month 1)
Catalog all AI systems deployed in Belgium or serving Belgian/EU users. Classify per Annex III risk categories. Identify systems serving EU institutions (higher scrutiny), trilingual user bases (documentation requirements), and sector-specific regulators (FAMHP for pharma, FSMA for finance). Document GDPR overlaps requiring GBA/APD coordination.
Gap Analysis Against Articles 9–15 (Month 1–2)
For high-risk systems, assess current state against each requirement: risk management (Art. 9), data governance (Art. 10), technical documentation (Art. 11), logging (Art. 12), transparency (Art. 13), human oversight (Art. 14), accuracy/robustness/cybersecurity (Art. 15). Prioritize by business criticality and compliance gap severity. Determine notified body vs. internal control pathway.
Article 12 Logging Infrastructure (Month 2–4)
Implement automated logging capabilities ensuring traceability. Design tamper-evident log storage, input/output recording, model version tracking, and human oversight documentation. Ensure logs are retrievable for BIPT or sector regulator requests. Consider GLACIS for cryptographic evidence generation meeting Article 12 requirements without manual documentation burden.
Technical Documentation & Language Preparation (Month 3–6)
Prepare Annex IV technical documentation covering system description, development process, data governance, and risk management. Develop trilingual user-facing materials (instructions for use, transparency disclosures) for Dutch, French, and German-speaking users as applicable. Establish translation workflows for ongoing documentation updates.
Conformity Assessment & QMS (Month 4–9)
Establish quality management system per Article 17. For systems requiring notified body assessment (biometrics, medical devices), initiate engagement 6–9 months before deadline. Monitor NANDO database for Belgian notified body designations. For internal control pathway, prepare EU declaration of conformity and CE marking documentation.
Post-Market Monitoring & Continuous Compliance (Ongoing)
Implement post-market monitoring per Article 72. Establish serious incident reporting procedures (Article 73)—report to BIPT within 15 days. Maintain relationships with sector regulators (FAMHP, FSMA) for coordinated compliance. Prepare for market surveillance inspections under Article 74. Update documentation as systems evolve.
Belgium-specific insight: Organizations waiting for complete national implementation will face capacity constraints and rushed timelines. EU-level deadlines apply regardless of Belgian institutional readiness. Start now—proximity to EU institutions means early scrutiny, not leniency.
How GLACIS Helps with Article 12 Compliance
Article 12 logging requirements present one of the most technically demanding aspects of EU AI Act compliance. GLACIS provides automated Article 12 compliance through continuous monitoring and cryptographic evidence generation.
Automated Logging Infrastructure
- Continuous input/output recording
- Model version and configuration tracking
- Human oversight decision logging
- Tamper-evident cryptographic storage
Regulatory-Ready Evidence
- Export formats for BIPT requests
- Conformity assessment evidence packages
- Incident investigation support
- Cross-framework mapping (ISO 42001, NIST AI RMF)
Unlike manual documentation approaches, GLACIS generates evidence that controls execute—not just policies documenting intent. This distinction matters for Belgian organizations facing scrutiny from BIPT, sector regulators, or the European AI Office.
Frequently Asked Questions
Who is the national competent authority for the EU AI Act in Belgium?
Belgium has designated the Belgian Institute for Postal Services and Telecommunications (BIPT) as the main regulator for the EU AI Act, as announced in the Government Declaration of January 31, 2025. The FOD Economy (FPS Economy) coordinates overall implementation. The Belgian Data Protection Authority (GBA/APD) also plays a role regarding AI systems processing personal data. Sector-specific authorities like FAMHP (medicines) and FSMA (financial services) oversee AI in their respective domains.
What are the EU AI Act deadlines for Belgian organizations?
Belgian organizations face the same EU-wide deadlines: prohibited AI practices banned from February 2, 2025; GPAI model obligations from August 2, 2025; full high-risk AI system compliance by August 2, 2026. National competent authorities must be designated by August 2, 2025 (Belgium behind schedule). Medical AI devices have extended timelines through August 2027.
Do Belgian organizations need trilingual AI documentation?
The EU AI Act requires documentation in a language easily understood by authorities and users. In Belgium, this means Dutch, French, or German depending on the region and user base. For EU-wide deployment, English is typically accepted for technical documentation. Instructions for use (Article 13) and transparency disclosures (Article 50) should be in the language of end users—requiring trilingual versions for organizations serving all Belgian regions.
How does Belgium’s role as EU institution host affect AI Act compliance?
Brussels hosts the European Commission, European AI Office, and many EU institutions. Belgian organizations providing AI services to EU institutions face heightened scrutiny and may need to demonstrate compliance earlier. The proximity to regulators means faster enforcement response and greater visibility for non-compliance. International organizations headquartered in Brussels (NATO, NGOs) may also require AI Act compliance from their vendors.
What are Article 12 logging requirements for Belgian companies?
Article 12 requires high-risk AI systems to have automatic logging capabilities ensuring traceability throughout the system lifecycle. Logs must include input data periods, reference databases, and persons involved in verification. Belgian market surveillance authorities (BIPT and sector regulators) can request access to these logs. GLACIS provides automated Article 12 compliance through cryptographic evidence generation, eliminating manual documentation burden while producing regulator-ready evidence.
What penalties apply to Belgian organizations under the EU AI Act?
Belgian organizations face the same EU-wide penalties: up to EUR35 million or 7% of global annual turnover for prohibited AI practices; up to EUR15 million or 3% for high-risk non-compliance; up to EUR7.5 million or 1% for providing incorrect information. Belgium has not yet adopted national rules specifying additional penalties or enforcement measures, but the EU-level penalties apply directly as the AI Act is a regulation, not a directive.
References
- [1] Technology’s Legal Edge. “State of the Act: EU AI Act implementation in key Member States.” November 2025. technologyslegaledge.com
- [2] FOD Economie / SPF Économie. “Verordening inzake artificiële intelligentie.” 2025. economie.fgov.be
- [3] MetaMetris. “Implementing the AI Act in Belgium: Scope of Application and Authorities.” Policy Brief, 2025. metametris.com
- [4] European Union. “Regulation (EU) 2024/1689 of the European Parliament and of the Council.” Official Journal of the European Union, July 12, 2024. EUR-Lex 32024R1689
- [5] Chambers and Partners. “Digital Healthcare 2025 - Belgium.” Global Practice Guides, 2025. chambers.com
- [6] OECD. “Progress in Implementing the European Union Coordinated Plan on Artificial Intelligence: Belgium.” 2024. oecd.org
- [7] EU Artificial Intelligence Act. “Overview of all AI Act National Implementation Plans.” 2025. artificialintelligenceact.eu
- [8] KPMG Law Belgium. “AI Act published – Start of the phased implementation.” 2024. kpmglaw.be
- [9] Norton Rose Fulbright. “Artificial Intelligence Regulation – Belgium.” 2024. nortonrosefulbright.com
- [10] European Commission. “Governance and enforcement of the AI Act.” Digital Strategy, 2024. ec.europa.eu