Luxembourg AI Regulation

Overview

EU AI ACT

–The EU AI Act (Regulation 2024/1689) applies directly across all member states. Prohibitions on unacceptable-risk AI systems have been in force since 2 February 2025; GPAI model rules since 2 August 2025. High-risk AI obligations are due from 2 August 2026, subject to the Digital Omnibus proposal which may defer enforcement. For the full implementation timeline, governance structure, and current status, see the European Union overview.

Key Sources

EU AI Act (Regulation 2024/1689)View ↗

CNPD — lead/default MSAView ↗

EU AI Act National Implementation TrackerView ↗

Luxembourg National AI StrategyView ↗

Council of Europe Framework Convention on AI (CETS 225)View ↗

This content is for informational and educational purposes only and does not constitute legal advice.

COUNTRY SUMMARY

Draft Bill PL8476, presented to the Chamber of Deputies in June 2025, proposes a multi-authority framework extending the mandates of existing institutions rather than creating a new dedicated body. CNPD (Commission Nationale pour la Protection des Données) is designated as default market surveillance authority, single point of contact, and national coordinator. Sector-specific market surveillance authorities are: CSSF (financial sector); CAA (insurance); ILNAS (product safety and critical infrastructure under Annex I); ILR (high-risk AI deployers operating essential or important services under NIS2); ALMPS (medicines and healthcare products); and ALIA (audiovisual AI-generated content). CNPD is also proposed as notified body for high-risk AI systems used by law enforcement and asylum/immigration authorities. Formal designation is subject to enactment of PL8476.