Spain moved first. On May 26, 2026, the Spanish Council of Ministers approved a new organic law on artificial intelligence governance, designed to ensure responsible use of the technology and to translate the EU AI Act into binding national rules. Not a declaration of intent. A law. With practical guidelines built specifically for small and medium-sized enterprises, the same businesses that usually absorb regulation without receiving the support to comply with it.
What the EU AI Act Changes for Businesses in 2026
The EU AI Act is the world’s first binding framework to regulate artificial intelligence by risk level. It covers prohibited practices, high-risk systems, and transparency obligations for general-purpose AI models. The regulation entered into force in August 2024 and applies in successive phases. Penalties are anything but symbolic: according to the European Commission, fines reach up to €35 million or 7% of annual global turnover for prohibited practices. Spain’s law fills the space the AI Act deliberately leaves to member states: who supervises, with what powers, and through what procedures for businesses operating locally. Madrid chose to write those rules early and write them clearly.
KEY DATA
Spanish law approved............. May 26, 2026
EU AI Act entry into force....... August 2024
Max fine for prohibited practices. up to €35M or 7% of turnover
General-purpose AI (GPAI) rules.. from August 2025
High-risk systems................ full obligations from 2026-2027
Stated focus of Spanish law...... responsible use and SME support
Source: Spanish Council of Ministers, European Commission, May 2026
The Timeline Is Closer Than Most Businesses Realise
Functionally, the widespread assumption is that the AI Act is still a distant concern. The compliance calendar says otherwise. Obligations are entering into force in phases, and once that process begins, it doesn’t reverse. For companies using AI in sensitive processes, from credit scoring and HR decisions to healthcare, the 2026 and 2027 deadlines are fast approaching.
EU AI Act: phased implementation timeline
Source: European Commission, 2024-2027
Where Does the Rest of Europe Stand?
Spain’s speed is striking when set against a broader European backdrop of slower national implementation. Other member states have opened institutional working groups on digital assets and AI governance, but the gap between policy discussion and operational rules remains wide. Businesses already integrating autonomous agents into their workflows, a trend visible in deployments by firms like McKinsey and JPMorgan, need clarity on compliance requirements now, not after further regulatory delay. The same urgency applies to infrastructure builders, from autonomous payment systems involving Visa, Coinbase and Nevermined to the new generation of AI agents in crypto.
A Template Others May Follow
The significance of Spain’s law goes beyond its technical contents. It sends a signal. When a member state is first to codify its own implementing rules, it creates a reference point that others tend to observe. The same dynamic played out in crypto with the MiCA regulation, where alignment between national competent authorities became the real competitive battleground. For European SMEs the practical message is direct: AI governance is no longer a theoretical exercise but a compliance obligation with real deadlines and real fines.
One detail makes the picture concrete. Spain didn’t just transpose EU rules: it built guidelines designed for businesses without in-house legal teams, which describes the vast majority of the productive fabric across Europe. That is where the difference between a regulation that stifles and one that supports is actually decided. The authoritative reference remains the European Commission’s AI regulatory framework. For a broader view of how AI is already reshaping real business processes, the AI section of SpazioCrypto is a useful starting point.
