AI Regulatory Sandbox: Definition, How It Works, and Who Can Use It

An AI regulatory sandbox is a controlled environment created by a competent authority where providers — or prospective providers — of AI systems can develop, train, validate and test an innovative AI system under regulatory supervision, for a limited time and pursuant to a sandbox plan. The term is defined in Article 3 of Regulation (EU) 2024/1689. Participants gain legal certainty and direct regulator access during development, without being exempted from the Act's substantive obligations.

The EU AI Act definition

Article 3 of Regulation (EU) 2024/1689 defines terms that apply throughout the Act. Point 55 gives the sandbox its formal shape: it is a controlled framework established by a competent authority, offering providers or prospective providers of AI systems the possibility to develop, train, validate, and test — where appropriate in real-world conditions — an innovative AI system, pursuant to a sandbox plan, for a limited time and under regulatory supervision.

Four elements in that definition do real legal work. "Controlled framework" signals that the sandbox is not a deregulated zone — the authority sets the terms. "Pursuant to a sandbox plan" means participants submit and gain approval for a structured programme before they enter; ad hoc experimentation does not qualify. "Limited time" reflects that the sandbox is a development and pre-market tool, not an ongoing operational licence. And "innovative AI system" orients the mechanism toward genuinely novel technologies where the regulatory path is uncertain, rather than incremental product updates that the standard conformity route can handle.

The sandbox does not suspend the Act. Participants remain bound by its obligations, including the prohibitions in Article 5, the data-governance requirements in Article 10, and the transparency duties in Article 13. What the sandbox provides is regulatory presence: access to the competent authority during development so that questions of classification, documentation, and testing methodology can be resolved before market launch rather than after.

How sandboxes work

Establishment: Article 57

Article 57 places the establishment duty squarely on Member States. Each Member State must ensure that at least one AI regulatory sandbox is operational at national level by 2 August 2026. The article also permits joint establishment — two or more Member States may create a shared sandbox, which makes particular sense for smaller economies and for AI systems that will immediately target a multi-country market.

The 2 August 2026 deadline is a hard establishment requirement, not an aspiration. It is one of the few genuinely mandatory institutional-setup milestones the Act sets. By the time the high-risk obligations for stand-alone Annex III systems come into force on 2 December 2027 (per the Digital Omnibus agreed in May 2026), national sandboxes are expected to have been running for over a year.

Detailed arrangements: Article 58

Article 58 sets out the procedural mechanics that govern how sandboxes operate. It covers the conditions for admission, the rights and obligations of sandbox participants during operation, the supervisory relationship with the competent authority, and the arrangements for exit. The key design principle embedded in Article 58 is proportionality: the supervision is calibrated to the novelty and risk profile of the AI system being developed, not applied uniformly across all participants.

Participants who complete a sandbox successfully, and whose system subsequently enters the conformity-assessment track, can present the outcomes of sandbox testing as part of their technical documentation under Article 11. This direct evidential chain — from supervised sandbox testing to the Annex IV documentation file — is one of the most practical benefits the mechanism offers.

Personal data processing: Article 59

Article 59 addresses a specific tension. Developing and testing AI systems — particularly in real-world conditions — often requires access to personal data, and the ordinary GDPR rules may make that access difficult or impossible without consent that is hard to obtain at scale. Article 59 permits the further processing of personal data in the sandbox under strict conditions, where the processing is necessary for developing AI systems that serve defined public-interest purposes (such as public health, safety, and environmental protection).

The conditions are not a blanket waiver of data-protection rules. They require, among other things, that the personal data be processed only within the sandbox, that appropriate technical and organisational safeguards be in place, and that the data not be used for any purpose outside the approved sandbox plan. The competent authority and, where applicable, national data-protection supervisory authorities retain oversight. For developers building in health, public-safety, or infrastructure domains, Article 59 can make the difference between a viable real-world testing programme and one that is limited to synthetic or anonymised data.

Benefits for smaller companies

Priority access and reduced fees: Article 62

Article 62 of the Act sets out specific support measures for smaller companies. Competent authorities must give priority access to AI regulatory sandboxes for smaller companies, including start-ups. This is not merely an administrative preference — it reflects the legislative recognition that the Act's conformity infrastructure was designed with larger, resource-rich organisations in mind, and that smaller companies need a structured route to demonstrate compliance without the overhead of a full conformity cycle run in isolation.

Article 62 also provides for reduced conformity-assessment fees proportionate to the size of the company. The mechanism is distinct from the sandbox-access provision — it applies more broadly to the conformity-assessment process — but in combination, priority sandbox access and proportionate fees mean that a twenty-person fintech or a seed-stage health-tech company has a genuine, costed route to the market for a high-risk AI system.

Legal certainty during development

The practical value of sandbox participation for smaller companies goes beyond fee reductions. The most expensive compliance failure is the one discovered after launch: a product that has been classified incorrectly, documented inadequately, or tested in ways that a notified body or market-surveillance authority will not accept. Sandbox participation gives developers direct access to the competent authority while choices are still reversible. If a classification question — say, whether a recruiting tool's use of profile data triggers the Article 6(3) filter — is resolved in the sandbox, it does not need to be relitigated at the conformity-assessment stage.

No exemption from obligations

The sandbox provides regulatory proximity, not regulatory distance. Participants in a sandbox remain subject to all of the Act's requirements. A system tested in the sandbox that falls within Annex III must still pass the Article 43 conformity assessment, compile the Article 11 technical documentation in the format required by Annex IV, and register in the EU database under Article 49 before it goes to market. The sandbox is a supervised development environment, not a compliance shortcut. Any communication or marketing that characterises sandbox participation as a form of pre-approval or reduced-obligation status is inaccurate.

Why it matters

The regulatory sandbox mechanism matters most for two categories of developer: those building genuinely novel AI systems where the classification and documentation requirements are unsettled, and those who need to run real-world tests to generate the evidence their technical file requires.

For the first group, the sandbox resolves interpretive uncertainty before it becomes expensive. The Act's classification rules, particularly the Article 6(3) exemption filter and the Annex III boundary conditions, leave genuine room for disagreement about where a system lands. A competent authority that has reviewed a sandbox application and approved a sandbox plan has, in effect, engaged with that question — and the resulting regulatory record is far stronger than a self-assessment completed in isolation.

For the second group — typically developers of AI systems in health, public safety, or infrastructure — Article 59's personal-data provisions make real-world testing legally viable in a way that the standard data-protection framework often does not. The alternative is testing on synthetic or heavily anonymised data that may not adequately represent the conditions of actual deployment.

The relevance is sharpened by the 2 December 2027 deadline for stand-alone high-risk AI systems under the Digital Omnibus. That deadline is not imminent, but the documentation and testing work required for a full Article 43 conformity assessment takes months to assemble. A company that begins sandbox engagement in 2025 or 2026 is building the evidential foundation of its conformity file while the development process is still live. A company that starts that work in the autumn of 2027 is not.

Smaller companies building in the Annex III space — recruitment tools, credit-decisioning systems, biometrics, public-safety applications — should identify the relevant national competent authority, understand the admission criteria under Article 58, and assess whether sandbox participation fits their development timeline. The mechanism exists precisely because the EU legislator recognised that innovation in regulated AI does not stop at the door of the highest-risk categories.

---

Frequently Asked Questions

Does participating in an AI regulatory sandbox mean a system is automatically compliant?

No. The sandbox is a supervised development environment, not a certification or pre-approval process. A system that exits the sandbox still needs to complete the Article 43 conformity assessment, compile the Article 11 / Annex IV technical documentation, and register in the EU database under Article 49 before it can be placed on the market. Sandbox outcomes — testing records, supervisory correspondence, classification decisions reached during the plan — contribute to the technical file, but they do not replace it.

When must each Member State have a sandbox operational?

Article 57 of Regulation (EU) 2024/1689 requires each Member State to ensure that at least one AI regulatory sandbox is operational at national level by 2 August 2026. Two or more Member States may establish a joint sandbox to fulfil this requirement.

Can smaller companies access sandboxes on the same terms as large organisations?

Article 62 requires competent authorities to give priority access to sandboxes for smaller companies, including start-ups. In practice, this means applications from smaller companies should be processed ahead of those from large incumbents, and conformity-assessment fees are required to be proportionate to company size. The intent is to ensure that the Act's compliance infrastructure does not systematically exclude the companies most likely to need a supervised path to market.

What happens to personal data processed in a sandbox?

Article 59 permits further processing of personal data in the sandbox, but only where the processing is necessary for developing AI systems that serve defined public-interest purposes, and subject to strict conditions: data must remain within the sandbox, appropriate safeguards must be in place, and the data cannot be used outside the approved sandbox plan. Data-protection authorities retain oversight, and the processing does not create a general waiver of GDPR obligations.

Is a sandbox only for high-risk AI systems?

The statutory definition in Article 3 refers to "innovative AI systems" without restricting the sandbox to the high-risk tier. However, the practical demand for sandbox participation is concentrated among developers of high-risk systems under Annex III and Article 6, where the conformity obligations are heaviest and the classification questions most complex. Developers of limited-risk or minimal-risk systems generally do not need the supervised development environment the sandbox provides, though access is not statutorily barred.

What is the difference between a sandbox plan and a conformity assessment?

A sandbox plan is the development programme submitted to and approved by the competent authority before sandbox entry. It sets out what the AI system is, what development, training, validation and testing activities will occur, over what period, and under what supervisory conditions. A conformity assessment under Article 43 is the formal pre-market procedure — whether internal self-assessment (Annex VI) or notified-body review (Annex VII, required for most biometric systems under Annex III point 1) — that a provider must complete before placing a high-risk AI system on the market. The sandbox precedes and informs the conformity assessment; it does not substitute for it.

---

Related terms

• EU AI Act timeline and key dates
• EU AI Act compliance guide for companies
• What is the EU AI Act?
• Conformity assessment under the EU AI Act
• Intended purpose
• AI system — definition and scope