Finland AI Act
Act on the Supervision of Certain AI Systems (Laki eräiden tekoälyjärjestelmien valvonnasta)
Finland's EU AI Act implementation using decentralized supervision model. Traficom serves as single point of contact and coordination authority. Ten market surveillance authorities share enforcement across sectors. New Sanctions Board handles fines over EUR 100,000.
Jurisdiction
Finland
FI
Enacted
Dec 22, 2025
Effective
Jan 1, 2026
Enforcement
Traficom (coordination); Data Protection Ombudsman; Safety and Chemicals Agency; Financial Supervisory Authority; and 7 other sector authorities
Approved December 22, 2025; effective January 1, 2026. Sandbox rules effective February 1, 2026.
What It Requires
Who Must Comply
Safety Provisions
- • Implements all EU AI Act prohibited practices
- • Decentralized supervision across 10 specialized authorities
- • Traficom as single point of contact and sandbox operator
- • Data Protection Ombudsman monitors prohibited AI systems
- • Sanctions Board for administrative fines over EUR 100,000
- • Inspection, documentation, and halt-use powers
Compliance Timeline
Jan 1, 2026
Main provisions take effect
Feb 1, 2026
AI regulatory sandbox rules effective
Enforcement
Enforced by
Traficom (coordination); Data Protection Ombudsman; Safety and Chemicals Agency; Financial Supervisory Authority; and 7 other sector authorities
Penalties
€35M or 7% revenue (whichever higher)
Administrative fines via Sanctions Board (over EUR 100,000) or individual authorities (under EUR 100,000). Aligned with EU AI Act maximums.
Quick Facts
- Binding
- Yes
- Mental Health Focus
- Yes
- Child Safety Focus
- Yes
- Algorithmic Scope
- Yes
Why It Matters
Model for decentralized EU AI Act enforcement. Shows how member states can distribute oversight across existing sector regulators rather than creating new AI authority.
Recent Developments
First EU member state to activate full AI Act enforcement powers. Established novel Sanctions Board structure for high-value fines.
What You Need to Comply
Inherits EU AI Act requirements. Decentralized enforcement means sector-specific authorities (healthcare, finance, etc.) oversee AI in their domains.
NOPE can helpCite This
APA
Finland. (2025). Act on the Supervision of Certain AI Systems (Laki eräiden tekoälyjärjestelmien valvonnasta). Retrieved from https://nope.net/regs/fi-ai-act
BibTeX
@misc{fi_ai_act,
title = {Act on the Supervision of Certain AI Systems (Laki eräiden tekoälyjärjestelmien valvonnasta)},
author = {Finland},
year = {2025},
url = {https://nope.net/regs/fi-ai-act}
} Related Regulations
Hungary AI Act
Hungary's comprehensive AI law implementing the EU AI Act. Designates the National Media and Infocommunications Authority (NMHH) as the primary supervisory authority, with sectoral regulators for specific domains.
Denmark AI Act
First EU member state to fully implement the EU AI Act. Designates three competent authorities, establishes penalty framework aligned with EU maximums, and grants inspection/enforcement powers. Does not add material requirements beyond EU AI Act.
EU AI Act
World's first comprehensive risk-based regulatory framework for AI systems. Classifies AI by risk level with escalating requirements from prohibited practices to high-risk obligations.
DSA
Comprehensive platform regulation with tiered obligations. VLOPs (45M+ EU users) face systemic risk assessments, algorithmic transparency, and independent audits.
Ireland OSMR
Establishes Coimisiún na Meán (Media Commission) with binding duties for video-sharing platforms. One of the cleaner examples of explicit self-harm/suicide/eating-disorder content duties in platform governance.
FR SREN
France's 2024 "digital space" law strengthening national digital regulation and enforcement levers via ARCOM across platform safety and integrity issues.