EU AI Act: 8 Official Sources + Practical Tools 2026

April 27, 2026· Category: EU AI Act · Reading time: 3 min · As of 2026-05-02

Practitioner note: This is not legal advice. For specific situations, consult a qualified attorney or compliance officer.

TL;DR

EUR-Lex for the official Regulation (EU) 2024/1689 text in 24 EU languages
EU AI Office for continuously updated practical FAQs and guidance
BSI and CNIL for German and French national-authority interpretations
AI Act Compass (Bitkom) for a free "Am I in scope?" online check
ENISA + Code of Practice + Stiftung Neue Verantwortung for security, GPAI, and policy tracking

1. EUR-Lex: Regulation (EU) 2024/1689

eur-lex.europa.eu — the official Regulation text in 24 EU languages, with consolidated versions reflecting later amendments (e.g., the Digital Omnibus proposal of Nov 19, 2025 — trilogue ongoing, not yet adopted). Always cite EUR-Lex, not media reproductions.

2. EU AI Office FAQs

digital-strategy.ec.europa.eu — the AI Office (DG CNECT) publishes continuously updated practical FAQs, especially on GPAI, the Code of Practice, and prohibited practices. Bookmark and re-check quarterly.

3. BSI AI fundamentals

bsi.bund.de — the German Federal Office for Information Security (BSI) covers the security side of AI: minimum standards, threat modeling, model robustness. Useful for technical documentation under Art. 11 EU AI Act.

4. CNIL AI guidance

cnil.fr — the French data-protection authority publishes detailed practical guidance, often EU-relevant given France's leadership on AI policy. Strong on GDPR + AI Act intersection.

5. AI Act Compass (Bitkom + federal IT)

aiact-compass.de — free online questionnaire that determines whether and how the EU AI Act applies to a given AI use case. Good first-pass screening for SMEs.

6. ENISA AI Threat Landscape

enisa.europa.eu — the EU Cybersecurity Agency publishes annual updates on AI security threats. Cross-reference with NIS2 and ISO/IEC 27001 controls.

7. Code of Practice for GPAI

digital-strategy.ec.europa.eu/en/library/general-purpose-ai-code-practice — the final General-Purpose AI Code of Practice (April 2025), continuously extended. Serves as compliance presumption for GPAI Providers under Art. 56.

8. Stiftung Neue Verantwortung — AI policy tracker

stiftung-nv.de — ongoing tracking of EU and DACH AI legislation. Useful for keeping up with Member-State implementing laws and parliamentary developments.

Summary

Eight bookmarks cover the full EU AI Act information stack: regulation text, official guidance, national authorities, screening tools, security threats, GPAI compliance, and policy tracking. Re-check the AI Office FAQ and Code of Practice quarterly as they evolve faster than the regulation itself.

View EU AI Act Kit →

Frequently Asked Questions

Which source is most important?

EUR-Lex + EU AI Office FAQs. These two are primary.

How often should sources be updated?

Quarterly review. The EU AI Office continuously publishes new FAQs.

Sources

As of: 2026-05-02

Regulation (EU) 2024/1689 (AI Act) — EUR-Lex EN full text (As of: 2026-05-02)
Regulation (EU) 2024/1689 — AI Act (English consolidated) (As of: 2026-05-02)
European Commission — AI Office (As of: 2026-05-02)
European Commission — GPAI Code of Practice (As of: 2026-05-02)
European Commission — Digital Omnibus proposal (press release) (As of: 2026-05-02)
AI Act Service Desk (article full texts) (As of: 2026-05-02)

Tools & self-assessments

EU AI Act Quick Check Classifies your AI system by risk tier (Art. 6, Annex III). Fining Calculator Calculate the potential fining risk for your organisation. EU AI Act Self-Assessment Classification plus obligation mapping for all AI systems in your organisation. AI Inventory Quick Check Systematic recording of your AI applications in 8 steps.