EU AI Act: 8 Official Sources + Practical Tools 2026

April 27, 2026· Category: EU AI Act · Reading time: 3 min · As of 2026-05-02

Practitioner note: This is not legal advice. For specific situations, consult a qualified attorney or compliance officer.

TL;DR

EUR-Lex for the official Regulation (EU) 2024/1689 text in 24 EU languages
EU AI Office for continuously updated practical FAQs and guidance
BSI and CNIL for German and French national-authority interpretations
AI Act Compass (Bitkom) for a free "Am I in scope?" online check
ENISA + Code of Practice + Stiftung Neue Verantwortung for security, GPAI, and policy tracking

1. EUR-Lex: Regulation (EU) 2024/1689

eur-lex.europa.eu — the official Regulation text in 24 EU languages, with consolidated versions reflecting later amendments (e.g., the Digital Omnibus proposal of Nov 19, 2025 — trilogue ongoing, not yet adopted). Always cite EUR-Lex, not media reproductions.

2. EU AI Office FAQs

digital-strategy.ec.europa.eu — the AI Office (DG CNECT) publishes continuously updated practical FAQs, especially on GPAI, the Code of Practice, and prohibited practices. Bookmark and re-check quarterly.

3. BSI AI fundamentals

bsi.bund.de — the German Federal Office for Information Security (BSI) covers the security side of AI: minimum standards, threat modeling, model robustness. Useful for technical documentation under Art. 11 EU AI Act.

4. CNIL AI guidance

cnil.fr — the French data-protection authority publishes detailed practical guidance, often EU-relevant given France's leadership on AI policy. Strong on GDPR + AI Act intersection.

5. AI Act Compass (Bitkom + federal IT)

aiact-compass.de — free online questionnaire that determines whether and how the EU AI Act applies to a given AI use case. Good first-pass screening for SMEs.

6. ENISA AI Threat Landscape

enisa.europa.eu — the EU Cybersecurity Agency publishes annual updates on AI security threats. Cross-reference with NIS2 and ISO/IEC 27001 controls.

7. Code of Practice for GPAI

digital-strategy.ec.europa.eu/en/library/general-purpose-ai-code-practice — the final General-Purpose AI Code of Practice (April 2025), continuously extended. Serves as compliance presumption for GPAI Providers under Art. 56.

8. Stiftung Neue Verantwortung — AI policy tracker

stiftung-nv.de — ongoing tracking of EU and DACH AI legislation. Useful for keeping up with Member-State implementing laws and parliamentary developments.

Summary

Eight bookmarks cover the full EU AI Act information stack: regulation text, official guidance, national authorities, screening tools, security threats, GPAI compliance, and policy tracking. Re-check the AI Office FAQ and Code of Practice quarterly as they evolve faster than the regulation itself.

View EU AI Act Kit →

Frequently Asked Questions

Which source is most important?

EUR-Lex + EU AI Office FAQs. These two are primary.

How often should sources be updated?

Quarterly review. The EU AI Office continuously publishes new FAQs.

Sources

Regulation (EU) 2024/1689 — EU AI Act (EUR-Lex) (As of: 2026-05-02)
European Commission — AI Office (As of: 2026-05-02)
European Commission — GPAI Code of Practice (As of: 2026-05-02)