Romania is taking its first formal steps toward implementing the European Regulation on Artificial Intelligence. A government memorandum published on March 12, 2026, proposes the institutional framework through which our country will apply the provisions of Regulation (EU) 2024/1689—seven months after the deadline set for August 2, 2025.
The central piece of the proposed mechanism is ANCOM (National Authority for Administration and Regulation in Communications) designated as both the market surveillance authority and the single national contact point. The financial sector benefits from a sector-specific approach: ASF (Financial Supervisory Authority) and BNR (National Bank of Romania) are proposed as supervisory authorities for high-risk AI systems used by the financial institutions they regulate.
In sensitive areas related to biometrics, law enforcement, migration, asylum, border control, justice, and democratic processes, supervisory authority rests with the ANSPDCP (National Supervisory Authority for Personal Data Processing. The Romanian Digitalization Authority) is designated as the notifying authority, responsible for evaluating and monitoring conformity assessment bodies.
The memorandum is accompanied by an annex designating the national authorities competent for market surveillance regarding high-risk AI systems, in line with the product categories covered by the Regulation.
Responsibilities are allocated as follows: the Labor Inspectorate for technical equipment, protective systems in explosive atmospheres, and personal protective equipment; ANMDM (National Agency for Medicines and Medical Devices of Romania) for medical devices and in vitro diagnostic devices; ISCIR (State Inspection for Boilers, Pressure Vessels and Hoisting Installations) for gas-fired appliances, cable installations, pressure equipment, and elevators; ANPC (National Authority for Consumer Protection) for toy safety; ANCOM (National Authority for Management and Regulation in Communications) and ANPC jointly for radio equipment; the Romanian Naval Authority for recreational craft and personal watercraft.
At the same time, the memorandum stipulates that the supervisory authorities’ activities would be supported by the DNSC (National Directorate for Cyber Security) regarding aspects related to cyber security, confidentiality, integrity, availability, and resilience.
„Starting August 2, 2026, most of the substantive obligations set forth in Regulation (EU) 2024/1689 on AI will become fully applicable. Romania’s enforcement framework is still being strengthened, but the Regulation applies directly. The absence of fully operational national procedures does not suspend companies’ obligation to comply. The consequences of non-compliance are significant. The Regulation provides for administrative fines calculated as a percentage of the company’s global annual turnover, depending on the nature and severity of the violation. Beyond financial penalties, authorities may impose corrective measures, including restrictions or even bans on placing the AI system on the European market ” explains Ioana Chiper Zah, Managing Associate at Hațegan Attorneys.
In conclusion, the memorandum is intended to lay the groundwork for the future national legislation implementing the AI Act, through a hybrid model comprising a central coordinating authority, specific sectoral authorities, and a separate notification authority. All of these proposals outline Romania’s first institutional framework for the oversight of artificial intelligence.
Founded in 2004, Hațegan Attorneys is a boutique law firm based in Timișoara and is the only law firm in Romania that is a member of the GGI Global Alliance. The attorneys at Hațegan Attorneys provide legal advice in German, English, Italian, and French.
