The European Artificial Intelligence Act (Regulation (EU) 2024/1689), applicable as of August 2024, represents the first comprehensive legal framework for artificial intelligence at the EU level. In Slovenia, it is being incorporated through the Act on the implementation of the Regulation (EU) on Harmonised Rules for Artificial Intelligence (ZIUDHPUI), which designates the competent authorities for enforcement and supervision, sets out procedures, minor offences, fines and other measures. The act reflects the core principles of ethical and trustworthy artificial intelligence, with an emphasis on human oversight, safety, privacy, transparency, non-discrimination, proportionality, and legal certainty while safeguarding fundamental rights. It has been in force and applicable from 21 November 2025 on.
1. Notifying authorities, market surveillance authorities and supervision
The act delegates competences among several institutions. The role of notifying authorities will be assumed by the Ministry of the Economy, Tourism and Sport, the Ministry of Infrastructure, the Ministry of Health, the Ministry of Digital Transformation, and the Public Agency for Medicinal Products and Medical Devices. Market surveillance under Regulation (EU) 2024/1689 will be carried out by the Information Commissioner, the Bank of Slovenia, the Insurance Supervision Agency, the Market Inspectorate, and the Agency for Communication Networks and Services (AKOS), which is also designated as the single contact point. Supervision of notified bodies, ensuring compliance with literacy requirements, and the public disclosure of information on AI systems in the public sector will be carried out by the Information Society Inspectorate. Supervision procedures will follow the powers and measures set out in the legislation governing technical requirements for products and conformity assessment, as well as the legislation on inspection, while sector-specific legislation (e.g. insurance law) will apply to certain areas. The act also provides for consultation between market surveillance authorities and other inspection bodies.
The act also provides for the public disclosure of information on supervisory measures and sanctions imposed for violations of the AI Act. Market surveillance authorities will be required to publish on their website’s details of the offender and the person responsible for implementing the measure, the infringement or the nature of the imposed measure, the operative part of the decision, and any subsequent remedy of the infringement or implementation of the measure. Such information will remain publicly accessible for three years following publication, thereby ensuring transparency and deterrence against misconduct. An exception applies to the publication of personal data about a natural person.
2. Measures to support innovation and additional tasks of AKOS
To ensure coordinated action among market surveillance authorities, the act foresees the establishment of a coordination council of supervisory bodies. In addition, AKOS will, among other things, have special competences, including the establishment of regulatory sandboxes (deadline for implementation of the first sandbox is 2 August 2026), maintaining a register of high-risk AI systems in the field of critical infrastructure, managing the data submitted by providers of high-risk AI systems in accordance with Article 49(1) of the AI Act, and more.
The act provides for the establishment of a single contact point to offer guidance to certain businesses and the general public on the implementation of the AI Act. It also regulates the storage of documentation in the event of bankruptcy or cessation of business activities.
3. Support framework for the Implementation of the AI Act
Article 4 of the AI Act requires Member States to promote AI literacy, which is essential for the safe use of AI systems and the protection of fundamental rights. The Slovenian act envisages promotional campaigns on the use of the AI Act, the appointment of the National Council for Ethics in Artificial Intelligence, and training programmes for public officials. However, questions remain as to whether these measures are sufficiently broad – particularly with regard to consumers, employees, and other vulnerable groups most exposed to risks, as well as the encouragement of training for staff who will be directly involved in operating such systems.
4. Sanctions and supervision
Sanctions are foreseen for all key actors in the AI value chain – providers, deployers (e.g. with respect to ensuring AI literacy, transparency, and related obligations), importers, distributors, authorised representatives, and notified bodies. Particular severity is attached to breaches of the prohibited practices set out in Article 5 of the AI Act. Fines may reach up to 35 million euros or up to 7% of the company’s total worldwide annual turnover in the preceding financial year.
Conclusion
With the act, Slovenia follows the European framework and establishes the institutional foundations for supervising a technology, which will have an even greater impact on the economy, public administration, and society at large in the coming years. The act does not create new substantive obligations – these are laid down directly in the EU Regulation – but primarily defines who will exercise supervision, how procedures will be carried out, and what sanctions will apply.
The public consultation highlighted two main tensions: the fragmentation of competences among several authorities, which requires additional staffing and may lead to slower responses, and the need for effective coordination, which the ministry promises to address through a special coordination council. At the same time, the act introduces opportunities, such as regulatory sandboxes for testing new solutions. In practice, however, the rules of implementation will need to be further refined, as only their application will show whether the existing framework is sufficient and effective.
Above all, it will be essential to strengthen AI literacy across all segments of society – not only among regulators and businesses, but also among consumers, employees, and other groups directly exposed to these technologies. Without a clear understanding of how AI systems function and the risks they may pose, even the most sophisticated regulatory framework will fall short of its purpose. It is therefore crucial that implementation does not remain confined to the text of the law, but that its implementation is continuously monitored, evaluated and refined in practice. Only concrete cases will ultimately demonstrate whether the rules are sufficiently appropriate and robust to both safeguard fundamental rights and enable innovation. A further challenge will lie in ensuring the availability of qualified personnel capable of bridging new technologies with long-established legal concepts. Through such integration, Slovenia will be able to establish a framework that reinforces legal certainty and strengthens trust in artificial intelligence.
The upcoming challenge is therefore twofold: on the one hand, regulators must ensure clear, coordinated and professionally supported supervisory and support mechanisms; on the other, companies must adapt their systems to the new requirements as swiftly as possible. It is equally important that individuals understand the basic principles of how artificial intelligence operates, as knowledge reduces resistance and enables more confident use of new technologies. Only in this way will it be possible to achieve the objective of European and Slovenian legislators: artificial intelligence that is competitive, innovative and firmly committed to the protection of fundamental rights.
