AI Act in practice: the Czech adaptation actadaptation act defines competences, procedures and sanctions

The Ministry of Industry and Trade has prepared an adaptation act for Regulation (EU) 2024/1689 on Artificial Intelligence (AI Act). The purpose of the draft is to supplement the directly applicable EU requirements with national procedural rules, to allocate responsibilities among the competent public authorities in the field of AI, and to introduce offences and related provisions necessary for the practical application of the AI Act in the Czech legal environment.The draft has already undergone the interministerial comment procedure and is now awaiting discussion by the government.

Given that the key provisions of the AI Act will start to apply from 2 August 2026, it can be expected that the Adaptation Act will be adopted so as to take effect in alignment with this date

1) AI Act – Basic Framework of Obligations for AI Development and Use

The AI Act is a directly applicable EU regulation introducing uniform rules for the development, placing on the market and use of artificial intelligence systems within the EU. Its requirements depend on the purpose for which AI is used and the level of risk that such use may pose.Certain uses of AI are explicitly prohibited. For high‑risk systems, the AI Act establishes the strictest set of obligations, typically including requirements on risk management, data governance and data quality, technical documentation, record-keeping enabling traceability, the design of human oversight, and standards for accuracy, robustness and resilience against misuse and errors.

For other, less risky applications, the regulation primarily imposes transparency obligations – such as clearly informing users that they are interacting with an AI system, or indicating that specific content has been generated or modified using AI.

The scope of obligations also varies depending on the role of the entity in relation to the AI system. The AI Act imposes duties primarily on the following actors:

• Developer (provider): The key responsibility is to ensure that the system—particularly if it falls under the high‑risk regime—complies with the requirements of the AI Act and that such compliance can be properly demonstrated. In practice, this means implementing a risk‑management system and maintaining the necessary technical and compliance documentation.
• Deploying entity (organisation using AI, typically in business or public administration): The key responsibility is to ensure the proper and safe use of the system in accordance with its intended purpose and applicable conditions. In practice, this typically means establishing internal rules for the use of AI in processes where outputs can affect individuals, including designating responsible persons and implementing appropriate oversight of the system’s outputs..
• Distributor: The essential duty is to refrain from placing on the market or further distributing any solution that clearly fails to meet the applicable requirements (for example, where mandatory information, documentation or accompanying materials are missing).

The Czech adaptation act builds on this practical dimension. It does not introduce new substantive obligations beyond the AI Act, but instead establishes institutional and procedural mechanisms to ensure that it is clear which authorities will supervise compliance in the Czech Republic, how selected procedures will operate, and how breaches of obligations will be addressed.

2) Allocation of Powers and Cooperation Between Authorities

The market surveillance authorities within the meaning of the AI Act are to be the Czech Telecommunication Office (ČTÚ), the Czech National Bank (ČNB) and the Office for Personal Data Protection (ÚOOÚ). ČTÚ will hold general (residual) competence and will supervise compliance with the obligations arising from the AI Act and the Adaptation Act in all areas not falling within the remit of the ČNB or the ÚOOÚ. The ČNB will be responsible for supervising compliance among regulated financial institutions, specifically in relation to activities for which it grants authorisation (typically licensed financial services). The ÚOOÚ will have a special competence with respect to obligations related to high‑risk systems used in law enforcement, justice, electoral matters, border management and migration. In the area of conformity assessment, the draft designates the Czech Office for Standards, Metrology and Testing (ÚNMZ) as the competent authority. In a manner similar to other regulated products, ÚNMZ will have the power to evaluate and approve notified bodies, i.e. specialised private entities authorised to issue certificates confirming that an AI system conforms to the legislative requirements.

3) Procedural Rules and Language of Documentation

The draft further clarifies the procedural framework for selected proceedings before the competent authorities, particularly for permits and authorisations connected with activities in the field of AI. It defines who may be a party to such proceedings and sets out the basic time limits governing the conduct and decision‑making of public authorities..

Importantly, the draft excludes the so-called “fiction of consent” in cases where approval would otherwise be deemed granted automatically due to the authority’s inactivity within a statutory deadline. This rule will apply in particular to requests for testing high-risk AI systems in real-world conditions.

Another practically significant feature concerns the language regime of documentation. Key documents may be maintained in English, including in particular:

• certificates of conformity issued by conformity assessment bodies
• documentation and information demonstrating compliance
• the EU declaration of conformity issued by the provider

This option may significantly reduce the administrative burden for organisations using standardised documentation across multiple jurisdictions.

4) Regulatory Sandbox

The draft provides for the establishment of an AI regulatory sandbox, to be operated by the Czech Agency for Standardisation (ČAS).

A regulatory sandbox is, in simplified terms, a controlled testing environment in which innovative solutions can be developed and validated under pre‑defined conditions and under the supervision of regulatory authorities. Its purpose is to allow participants to test their systems in practice with reduced legal risk and with clearly structured formal requirements — typically including well‑defined rules, documentation obligations and regulatory oversight throughout the testing process. In the context of AI regulation, the sandbox is intended primarily to help verify and fine‑tune compliance with the AI Act’s requirements before the solution is deployed more broadly.

Participation in the sandbox arises upon the conclusion of an agreement; the submission of an application — even if the applicant meets the eligibility criteria — does not in itself create a right to be admitted. The selection criteria and conditions of participation are to be set by ČAS and published on its website.

5) Administrative Offences, Sanctions and Remedial Measures

The adaptation act builds on the sanctions framework of the AI Act, which provides for alternative penalties calculated either as a percentage of annual turnover or a fixed monetary amount, depending on the severity of the violation.

The proposal explicitly reflects that small and medium-sized enterprises (SMEs) are subject to the lower of the two sanction limits.

The draft also introduces a mechanism comparable to “effective repentance” for less serious breaches. The supervisory authority may notify the responsible entity and invite it to remedy the breach. If the issue is corrected within the specified timeframe and the remedy is duly reported, the authority may refrain from initiating administrative offence proceedings.

The draft adaptation act effectively completes the “national chapter” of the AI Act. It clarifies who will enforce the regulation, how key procedures will operate, and what consequences may follow from non-compliance.

Although the final wording may still undergo changes, it is already clear that for entities operating in the AI domain, this act will — alongside the AI Act itself — form an everyday operational framework, covering everything from documentation and testing to supervision and potential sanctions. Should you have any questions regarding the interpretation of the draft or its practical implications, we remain at your disposal.