BE·EU AI Act series·Belgium implementation·Updated April 2026
The EU AI Act in Belgium: BIPT in the lead, twenty-one rights bodies behind.
Belgium’s Government Declaration of 31 January 2025 designated BIPT as the country’s main market-surveillance authority for the EU AI Act, and the 2025–2029 Federal Government Agreement confirmed that role. Twenty-one specific bodies cover Article 77 fundamental-rights supervision. GBA/APD handles personal-data overlap; FAMHP and FSMA cover sectoral high-risk AI. Belgium missed the August 2025 governance deadline and is still closing that gap.
The 2025–2029 Federal Government Agreement reaffirmed BIPT as Belgium’s main EU AI Act market-surveillance authority, building on the 31 January 2025 Government Declaration. BIPT has continued to publish operator-facing guidance during this quarter while statutory implementing measures progress.
Twenty-one specific bodies are designated under Article 77 to supervise fundamental rights — the highest count in any member state. Belgium missed the August 2025 governance deadline, and the government continues to close that gap; the Digital Omnibus on AI in trilogue does not change the working baseline of 2 August 2026 for high-risk obligations.
Who supervises what in Belgium
BIPT carries the main market-surveillance mandate; sectoral regulators retain their domains; the Article 77 fundamental-rights supervision is spread across twenty-one specific bodies. The table below reflects the working allocation as of April 2026 and will be tightened by implementing legislation.
| Authority | Mandate | EU AI Act role (April 2026) |
|---|---|---|
| BIPT | Belgian Institute for Postal Services and Telecommunications | Main market-surveillance authority. Conformity-assessment supervision, technical compliance, single point of contact for high-risk providers and deployers (Government Declaration 31 January 2025; 2025–2029 Federal Government Agreement). |
| FOD Economy / SPF Économie | Federal Public Service Economy | Coordination across the federal level; consumer-facing AI; commercial-manipulation prohibitions in cooperation with BIPT. |
| GBA / APD | Belgian Data Protection Authority | Personal-data overlap; GDPR enforcement on AI training and inference; biometric and emotion-recognition prohibitions where personal data is processed. |
| FAMHP | Federal Agency for Medicines and Health Products | Healthcare AI sectoral regulator; medical-device conformity overlap (MDR/IVDR); ambient documentation, clinical decision support, diagnostic AI. |
| FSMA | Financial Services and Markets Authority | Financial-sector high-risk AI: credit scoring, insurance underwriting, anti-fraud, market-conduct AI. Coordinates with NBB on prudential aspects. |
| 21 Article 77 bodies | Fundamental-rights supervisors | The largest count in any member state. Includes Federal Institute for Human Rights, Unia (interfederal anti-discrimination), the Combat Poverty Service, regional ombudspersons, and the Federal Mediator. |
Belgium is a federal state and several AI Act-relevant competences (education, regional employment, public administration) sit with the Flemish, Walloon, and Brussels-Capital regions and the language Communities. The implementing legislation will need to allocate roles across federal and regional levels, particularly for Annex III education and employment systems.
Belgian sector overlays
The substantive Articles 9–15 obligations apply EU-wide. Belgium’s differentiator is the supervisory stack and the federal–regional split. The most common combinations:
| Sector | Belgian regulators on top of the AI Act |
|---|---|
| Healthcare AI | FAMHP for medical-device conformity (MDR/IVDR); RIZIV–INAMI on reimbursement of AI-aided diagnostic and therapeutic services; GBA/APD on patient-data lawful basis. Hospitals and university hospitals operate as deployers. |
| Pharma | FAMHP for AI-aided drug development and pharmacovigilance; the AI-in-clinical-trials Decree where AI affects trial conduct; EMA reach-through where applicable. |
| Financial services | FSMA on conduct (algorithmic trading, recommendation, treating customers fairly); NBB on prudential and AML; GBA/APD on customer-data lawful basis. AMLD overlap for anti-fraud models. |
| Public sector and EU institutions | Brussels hosts the European Commission, the AI Office, EU agencies, NATO and many international bodies. Belgian operators serving these institutions face concentrated visibility, even before implementing legislation lands. |
| Workplace AI | Federal labour inspection plus regional employment competences; works-council co-determination under the CCT 39 framework. Prohibited-practice line on emotion recognition and biometric categorisation in workplaces remains BIPT/GBA territory. |
| Education | Competence sits with the Flemish, French, and German-speaking Communities. Annex III education AI (admissions, exam scoring) requires per-Community guidance in addition to the federal AI Act regime. |
Trilingual operating reality
Article 13 instructions for use must reach deployers in a language they readily understand; Article 50 transparency disclosures must reach end users similarly. In Belgium that typically means Dutch, French and German depending on the deployment region — and English for pan-EU institutions. Belgian regulators do not require a single national language for technical documentation, but court-facing or consumer-facing material must follow the regional language regime. Operators commonly maintain three artefact sets plus an English master.
Regulatory sandbox
Article 57 sandbox arrangements are foreshadowed in the BIPT operator guidance; statutory authority will follow with the implementing legislation. Healthcare deployers can use the FAMHP medical-device pilot routes and the Belgian Health Data Authority (BHDA) data-access framework as parallel innovation routes during the interim period. The Brussels Cybersecurity Centre offers technical-evaluation arrangements for cybersecurity and resilience aspects under Article 15.
References
- European Union. Regulation (EU) 2024/1689 (EU AI Act). EUR-Lex 32024R1689.
- BIPT. Application of the AI Act. bipt.be.
- Belgian Federal Government. 2025–2029 Federal Government Agreement (selected AI-related provisions).
- Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD). Guidance on AI and personal data. gegevensbeschermingsautoriteit.be.
- Technology’s Legal Edge. State of the Act: EU AI Act implementation in key Member States, November 2025. technologyslegaledge.com.
- European Parliament. AI Act delayed application; ban on nudifier apps, March 2026. europarl.europa.eu.
Build the evidence trail
Belgian operators: Article 12 logs on demand, ahead of BIPT.
The Glacis Agent Runtime Security & Evidence Sprint produces signed evidence receipts and a tamper-evident Article 12 log from your AI’s actual runtime behaviour — runtime controls run inside your infrastructure with zero sensitive-data egress. BIPT inspectors, FAMHP reviewers, and the GBA receive verifiable evidence packs in place of written assertions.
10 business days. One named workflow. Signed evidence pack on day ten.