AIRiskAware
Europe Hub
๐Ÿ‡ฉ๐Ÿ‡ช
Germany

AI Governance in Germany

Germany's AI governance is shaped by the EU AI Act, BaFin and BSI sector requirements, strict GDPR enforcement, and the unique Betriebsrat co-determination rights that are mandatory before deploying workplace AI.

Key Regulators

BaFin, Federal Financial Supervisory Authority, financial services AI governance
BSI, Federal Office for Information Security, AI cybersecurity guidance
BfDI, Federal Commissioner for Data Protection, federal GDPR enforcement
State DPAs, 16 state data protection authorities, regional GDPR enforcement
Betriebsrat, Works councils, co-determination rights on workplace AI
BAuA, Federal Institute for Occupational Safety, AI in workplace safety

AI Governance by Industry

Germany-specific obligations across key sectors.

๐Ÿฆ

Financial Services

BaFinBundesbankBaFin/ESMAEBA
  • โ†’ FEAT-aligned model risk management
  • โ†’ Explainability for credit and underwriting AI
  • โ†’ MaRisk/BAIT IT governance requirements
๐Ÿ‘ฅ

Workplace & HR

BetriebsratFederal Labour CourtState DPAs
  • โ†’ BetrVG ยง87(1) No.6 co-determination for monitoring AI
  • โ†’ GDPR Article 22 automated employment decisions
  • โ†’ Works agreement (Betriebsvereinbarung) required
โšก

Critical Infrastructure

BSIBNetzAKRITIS authorities
  • โ†’ BSI AI security framework
  • โ†’ KRITIS AI risk assessment
  • โ†’ NIS 2 Directive cybersecurity + AI systems
๐Ÿญ

Manufacturing & Automotive

TรœVKBABAuAEU Type Approval
  • โ†’ EU Machinery Regulation AI requirements
  • โ†’ ISO 26262 functional safety for automotive AI
  • โ†’ Worker AI governance under BetrVG

Related Articles