The EU AI Act’s general application date of 2 August 2026 is now less than four months away. Yet according to a European Parliament briefing published in April, the readiness picture across member states is fragmented. Only 8 of 27 EU member states have designated national enforcement contacts, and the rollout of mandatory AI regulatory sandboxes remains patchy.

Under Article 57 of the AI Act, each member state must ensure that at least one AI regulatory sandbox is operational at the national level by the August deadline. The current status varies widely: five member states are actively implementing their sandboxes, four have declared their intention to do so, and 16 have not yet communicated their plans. Spain is the most advanced, having opened its sandbox in 2025 and begun hosting 12 high-risk AI systems under the supervision of AESIA, the Spanish AI supervisory authority.

The uneven progress raises practical concerns for organisations operating cross-border. Fragmented enforcement could result in some national authorities receiving more resources than others, leading to inconsistent capacity and potentially inconsistent regulatory expectations. There is also a risk that AI providers may seek out less stringent sandboxes, creating a form of regulatory arbitrage that undermines the Act’s objective of a harmonised framework.

The EU-funded Regulatory Sandboxes for AI (EUSAiR) project is working to develop common frameworks and enhance technical and legal capacities across member states, but with the deadline approaching rapidly, the gap between the regulation’s ambitions and national-level implementation is widening.

Acompli perspective: Regardless of where individual member states stand, the obligations in the AI Act do not wait for national infrastructure to catch up. Organisations deploying or developing AI systems should be mapping their systems against the high-risk classification criteria now, documenting their risk assessments, and building the evidence base for compliance. Structured risk management and clear internal governance will be essential whether enforcement is led by a well-resourced sandbox authority or a regulator still standing up its team.