Skip to content

Menu

Network by SubjectChannelsBlogsHomeAboutContact
AI Legal Journal logo
Subscribe
Search
Close
PublishersBlogsNetwork by SubjectChannels
Subscribe

Spain Issues Guidance Under the EU AI Act

By Anna Oberschelp de Meneses on December 18, 2025
Email this postTweet this postLike this postShare this post on LinkedIn

In December 2025, the Spanish Agency for the Supervision of Artificial Intelligence (AESIA) published a set of detailed guidance documents and templates aimed at helping providers and deployers of high-risk AI systems under the EU AI Act comply with the relevant requirements of the law. All materials are currently available in Spanish only.

Developed through Spain’s AI regulatory “sandbox” with input from industry, technical experts, and authorities, the guidance is non-binding and offers practical recommendations to providers and deployers of high-risk AI systems. AESIA emphasizes that these documents are living resources, subject to regular updates to reflect evolving standards and European Commission guidelines. They will be updated if the Digital Omnibus amending the Act is adopted.

What Is in the Guidance?

The guidance is divided into four main parts:

  • Introductory Guides (01–02): Overview of the AI Act and key compliance principles.
  • Technical Guides (03–15): Practical recommendations relating to:
    • Conformity assessments
    • Risk management systems
    • Technical documentation
    • Record-keeping and transparency
    • Human oversight requirements
  • Toolkit of Checklists and Templates (16 and zip file): Guide 16 explains how to use compliance checklists, and is complemented by a free, downloadable toolkit with ready-to-use templates and examples to aid implementation.

Why Does It Matter?

The guidance offers a practical roadmap for compliance with the AI Act and reflects Spain’s collaborative approach centered on its national AI sandbox, bringing together regulators, industry, and technical experts. Several EU countries are taking similar steps to support organizations seeking to comply with the AI Act. Germany, for instance, has issued guidance on high-risk AI classifications and safety standards. The Netherlands published an AI Act Guide outlining obligations and risk categories with practical compliance steps. The French CNIL also has issued recommendations focused on GDPR compliance, including data annotation, development security, and model governance—complete with checklists—helping companies navigate personal data use in AI systems. These efforts, like Spain’s, seek to equip organizations with the necessary tools that will allow them to comply with the AI Act.

*          *          *

The Covington team continues to monitor regulatory developments on AI, and we regularly advise the world’s top technology companies on their most challenging regulatory and compliance issues in the EU and other major markets. If you have questions about AI regulation, or other tech regulatory matters, we are happy to assist with any queries.

  • Posted in:
    Privacy & Data Security
  • Blog:
    Inside Privacy
  • Organization:
    Covington & Burling LLP
  • Article: View Original Source
LexBlog logo
Copyright © 2026, LexBlog. All Rights Reserved.
Legal content Portal by LexBlog LexBlog Logo