Enforcement Design Patterns in EU Law: An Analysis of the AI Act

In recent decades, the enforcement of European Union (EU) law has transitioned from being primarily the responsibility of Member States to becoming an increasingly shared or centralised task at the EU level. Drawing on the concept of legal design patterns, this article presents these two broadly understood enforcement approaches as decentralised and centralised enforcement patterns, and examines the AI Act through this conceptual lens. The objective of this exploration is to highlight that the choice of enforcement mechanisms for EU laws comes with different sets of challenges, in general, and to contribute to the understanding of the AI Act’s enforcement structure, in particular. In this paper, we ground our analysis on the theoretical framework of legal design patterns in order to reduce the regulatory complexity into comparable problem-solving elements. Under this framework, we (1) examine the enforcement framework of the AI Act, and we (2) draw comparative lessons from the General Data Protection Regulation (GDPR), an EU legislation which is based on the largely decentralised enforcement model. On this basis, we (3) discuss some of the potential implications of the decentralised enforcement of the AI Act, and consider the possible reasons behind this choice of enforcement model.