GovCompass
Knowledge base
Analysis

Regulatory Sandboxes: Innovation Under EU AI Act Supervision

Updated: June 2026 — full revision to Validai quality standard

Introduction: The Sandbox as Innovation Policy Tool

The EU AI Act's regulatory sandbox framework (Art. 57–63) acknowledges a tension inherent in technology regulation: rules designed to address today's risks can inadvertently prevent tomorrow's innovation. Regulatory sandboxes are the legislative response — a structured environment in which AI systems can be developed, tested, and validated under regulatory supervision, with reduced compliance obligations during the development phase.

What Is a Regulatory Sandbox?

A regulatory sandbox under the EU AI Act is a controlled testing environment established by national competent authorities. Within the sandbox, participants may develop and test AI systems — including potentially high-risk systems — without the full compliance obligations that would normally apply to market deployment. The sandbox is time-limited and operates under a supervised framework: the authority monitors the testing and participants must comply with the terms of their sandbox agreement.

Who Can Apply?

Art. 57 provides that national authorities shall establish at least one regulatory sandbox within each member state. Priority access is given to:

  • Startups and SMEs
  • Micro-enterprises
  • Innovative organisations developing novel AI approaches

Larger organisations may access sandboxes, but the selection criteria explicitly prioritise smaller innovators with limited resources to navigate full compliance frameworks.

Benefits of Sandbox Participation

  • Reduced compliance burden during testing: Sandbox participants are not required to meet all Art. 9–27 obligations during the testing phase
  • Regulatory guidance: Direct access to supervisory authority expertise — invaluable for navigating grey areas in the regulation
  • Liability protection: Art. 62 provides that market surveillance authorities shall not impose fines for violations that occur in good faith during sandbox testing, subject to conditions
  • Regulatory certainty post-sandbox: Testing under supervisory oversight builds the evidentiary record that supports full market deployment approval

The Dutch Sandbox

In the Netherlands, the Autoriteit Persoonsgegevens (AP) is the designated authority for EU AI Act regulatory sandboxes. The AP has announced its sandbox programme structure and is accepting expressions of interest. Dutch organisations interested in sandbox participation should contact the AP's AI regulatory team directly.

Sandbox vs Market Deployment

The sandbox does not provide a permanent exemption. Once testing concludes, organisations must achieve full compliance before market deployment. The sandbox is best understood as a fast-track pathway to compliance — with regulatory guidance that accelerates the journey — rather than an alternative to compliance.

Compliance Checklist

  1. Are any of your AI development projects at a stage where sandbox participation would be beneficial?
  2. Have you assessed whether your organisation qualifies for priority sandbox access (SME/startup)?
  3. Have you reviewed the AP's sandbox programme terms?
  4. Is there an internal process for evaluating sandbox applications?