• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About
  • Gowling WLG
  • Legal information
  • Privacy statement
  • Cookie Policy
  • Home
  • About
  • Posts
  • Blogs
    • The IP Blog
    • Public Law & Regulation
    • AI
    • The Unified Patents Court

LoupedIn

The EU AI Act and Germany’s New AI Law: New Obligations, Hefty Fines – What Employers Must Do Now

July 9, 2026, Nadine Birke

The EU AI Act and Germany’s New AI Law: New Obligations, Hefty Fines – What Employers Must Do Now

Getting your Trinity Audio player ready...

From algorithmic CV screening and automated shift scheduling to AI-driven analyses of turnover risks, pay structures and employee feedback – artificial intelligence is no longer a future prospect but an everyday reality in businesses. Yet as the technology grows more powerful, so does the regulatory framework around it: What many companies have not yet realised is that from 2 August 2026, significantly tightened obligations will apply throughout the EU. Businesses that fail to comply risk fines of up to EUR 35 million or 7% of their worldwide annual revenue – whichever is higher. And with Germany’s new Act on Market Surveillance and Innovation Promotion of Artificial Intelligence (KI-MIG), German legislators are adding a robust national enforcement layer. What does this mean in practice – and where are the biggest pitfalls?

The AI Act – A Risk-Based Regulatory Framework

The European AI Regulation (AI Act), which entered into force in August 2024 and will become fully applicable from August 2026, follows a clear principle: the higher the risk, the stricter the requirements. The AI Act creates a harmonised European legal framework for AI-based products and services, while simultaneously safeguarding fundamental rights, democracy and the rule of law.

What Does This Mean in Practice?

If a company uses AI software that automatically evaluates and ranks incoming job applications, this constitutes a high-risk AI system. The same applies to AI-driven performance and behavioural monitoring of employees – for example, tools that track home-office productivity or automatically analyse attendance data. Such systems are subject to particularly strict requirements, including comprehensive risk mitigation and information obligations.

Some AI applications go too far in the eyes of the legislator and are outright prohibited: Employers who deploy software designed to detect employee emotions at the workplace – whether through facial analysis in video calls or sentiment analysis of emails – are in breach of the AI Act. The same applies to the use of such systems in the recruitment process.

National Implementation of the AI Act: The KI-MIG – and Who Will Be in Charge

To implement the AI Act at national level, the German Bundestag adopted the Act on Market Surveillance and Innovation Promotion of Artificial Intelligence (KI-MIG) on 11 June 2026. The Act primarily regulates government oversight: The Federal Network Agency (Bundesnetzagentur) will become the central market surveillance authority, empowered to monitor and enforce compliance with the AI Act.

However, the substantive compliance obligations for businesses (e.g. training, documentation and oversight requirements) – i.e. what truly matters in day-to-day operations – continue to flow directly from the AI Act itself.

What Do Businesses Need to Consider Going Forward?

The AI Act does not replace existing law but adds a further regulatory layer on top. For example, an employer deploying an AI-based recruitment tool must already comply with the GDPR today (legal basis for data processing, information obligations, potentially a data protection impact assessment) and with anti-discrimination legislation such as the German General Equal Treatment Act (no discrimination based on gender, age, ethnic origin, etc.). Going forward, the specific requirements of the AI Act will be added – including transparency, information, documentation and registration obligations (see details below) that go beyond existing rules. In short: these regulatory frameworks complement each other; none renders the other dispensable.

Importantly, the AI Act does not only capture AI systems developed in-house – purchased off-the-shelf software solutions are equally covered. A company that uses an AI-based HR tool from an external provider qualifies as a “deployer” under the AI Act and must fulfil its own compliance obligations. Businesses that develop AI systems themselves or substantially modify existing ones may even become “providers”, which triggers even more extensive duties.

Depending on the risk level, obligations include in particular:

  • Transparency and information obligations – affected individuals (e.g. employees and job applicants) must know that an AI system is preparing or making decisions about them;
  • Documentation obligations – the purpose, functioning and data basis of the AI system must be documented without gaps;
  • Registration obligations – high-risk AI systems must be registered in an EU database;
  • (Human) oversight obligations – there must always be a “human in the loop” who can review and override AI decisions;
  • Reporting obligations for serious incidents – e.g. when an AI system produces discriminatory decisions;
  • Training obligations – all employees working with AI systems must develop an adequate level of AI competence;
  • Fundamental rights impact assessments – particularly for high-risk AI systems in HR, a systematic assessment of the impact on the fundamental rights of affected individuals is required before deployment;
  • Risk management systems for high-risk AI – for the ongoing identification, minimisation and control of risks to health, safety and fundamental rights throughout the entire life cycle of the AI system.

Takeaways for Employers

“Our software provider takes care of all that” – this widespread assumption is a dangerous fallacy. It is not possible to pass these obligations on to the software provider. Businesses remain responsible as deployers. And the consequences for non-compliance are severe as already mentioned above: fines of up to EUR 35 million or 7% of worldwide annual revenue – whichever amount is higher.

Businesses should therefore act now: identify all AI systems in use, classify them by risk category and implement the corresponding obligations under the AI Act. Particularly in HR, where nearly every AI system is likely to be classified as high-risk, businesses should expect rigorous scrutiny from the authorities.

Don’t Forget the Works Council!

There is another point that is frequently overlooked in practice: Wherever the deployment of AI systems is planned, employers in Germany must observe the statutory co-determination rights of the works council. The introduction and use of AI-based systems for monitoring employee behaviour or performance is subject to co-determination. Employers who fail to involve the works council in a timely manner risk the introduction of the AI system being blocked altogether.

High-risk AI systems, transparency obligations, fines in the millions – what do the AI Act and the KI-MIG mean specifically for your business? If you have any questions on the topics discussed, please contact Nadine Birke at nadine.birke@gowlingwlg.com.

This blog post was written by Nadine Birke in collaboration with Katharina Schapfeld, a labor law trainee.

About the author(s)

Nadine Junghenn
Nadine Birke
Principal Associate at Gowling WLG |  See recent postsBlog biography

Nadine Birke is a German qualified lawyer working for the employment & labour law practise of Gowling WLG's Frankfurt office.

  • Nadine Birke
    ECJ: Ride in the Back Seat = Working Time?
  • Nadine Birke
    Mass Layoff: Termination Without Proper Notification? Invalid!
  • Nadine Birke
    Artificial Intelligence at work: co-determination is a must, not a nice-to-have
  • Nadine Birke
    The year 2025 begins with good news for employers: German employment contract evidence requirement greatly simplified and now possible electronically

Filed Under: Blogs, Blogs aus Deutschland Tagged With: Employment, employment law, Labour Law

Views expressed in this blog do not necessarily reflect those of Gowling WLG.

NOT LEGAL ADVICE. Information made available on this website in any form is for information purposes only. It is not, and should not be taken as, legal advice. You should not rely on, or take or fail to take any action based upon this information. Never disregard professional legal advice or delay in seeking legal advice because of something you have read on this website. Gowling WLG professionals will be pleased to discuss resolutions to specific legal concerns you may have.

Primary Sidebar

Recent Posts

  • The EU AI Act and Germany’s New AI Law: New Obligations, Hefty Fines – What Employers Must Do Now
  • UKJT publishes Legal Statement on Liability for AI Harms
  • ECJ: Ride in the Back Seat = Working Time?

Tags

Artificial Intelligence (AI) (67) Autonomous vehicles (11) b2022 (19) Birmingham 2022 (8) Birmingham 2022 Commonwealth Games (15) Brands and designs (7) Brexit (23) Climate change (18) COP26 (11) Copyright (11) COVID-19 (23) Cyber security (8) Data protection (8) Defined contribution (7) Dispute Resolution (15) Employment (19) employment law (18) Environment (19) Environmental Societal Governance (9) ESG (56) ESG and pensions (13) General Election 2024 and pensions (8) Intellectual Property (91) IP (13) Life sciences (9) litigation funding (9) net zero (6) Patents (41) Pensions (54) Pension Schemes Act 2021 (11) Pensions dashboards (7) Pensions in 2022 (10) Pensions law (45) Procurement (7) Public Law & Regulation (39) Real Estate (29) Retail (8) sustainability (22) Tech (59) The Week In Pensions (11) Trademarks (16) UK (15) unified patents court (9) UPC (40) Week in HR (8)

Categories

Archives

Gowling WLG is an international law firm comprising the members of Gowling WLG International Limited, an English Company Limited by Guarantee, and their respective affiliates. Each member and affiliate is an autonomous and independent entity. Gowling WLG International Limited promotes, facilitates and co-ordinates the activities of its members but does not itself provide services to clients. Our structure is explained in more detail on our Legal Information page.

Footer

  • Home
  • About
  • Gowling WLG
  • Legal information
  • Privacy statement
  • Cookie Policy

© 2026 Gowling WLG