AESIA's AI Guidelines: Spain steps into the AI spotlight

When the EU Artificial Intelligence Act entered into force, many organizations across Europe asked the same question: where do we start? While the regulation sets out an ambitious framework, it deliberately leaves room for interpretation — and it is precisely in that space between legal text and practical implementation that uncertainty emerges.

Spain has moved quickly to fill that gap. With the creation of the Agencia Española de Supervisión de la Inteligencia Artificial, Spain became the first EU member state to establish a dedicated national AI authority, placing itself at the forefront of European AI governance.

The publication of AESIA's 16 AI guidelines is a natural extension of that leadership. Developed within Spain's AI regulatory sandbox pilot, the guidelines draw on real-world testing of AI systems under regulatory supervision. These guidelines constitute one of the firsts structured set of interpretative criteria issued by a public authority in Europe. While formally nonbinding and addressed to the Spanish market, their relevance is likely to extend much further. In practice, they may influence how other regulators approach AI Act compliance.

This institutional momentum is not limited to AESIA. In parallel, Spain's data protection authority, the Agencia Española de Protección de Datos, has recently published its own guidance on agentic AI systems — those capable of pursuing goals with a high degree of autonomy — raising early warnings about opacity, manipulation and user control. Together, these initiatives reflect a coordinated national effort to translate the AI Act's principles into practical safeguards for high-impact AI.

A practical structure for AI Act compliance