This repository provides a structured, governance-oriented analysis of the draft implementing act on AI regulatory sandboxes under the EU AI Act.
Its purpose is to contribute to the ongoing policy discussion by examining how regulatory sandboxes can effectively support innovation while remaining interoperable, secure, and production-relevant across sectors, particularly in regulated and high-impact environments.
The content is based on practical experience in large-scale digital infrastructure, public-sector IT, and software architecture, with a particular focus on:
- interoperability across organisational and national boundaries,
- operationalisation beyond isolated pilot environments,
- and production-grade prototyping as a prerequisite for security, compliance, and investment certainty.
Rather than treating regulatory sandboxes as experimental playgrounds, this repository approaches them as learning infrastructures that should reduce fragmentation, enable regulatory learning, and create reliable transition paths from experimentation to real-world deployment.
While the objectives of AI regulatory sandboxes are clearly defined at the level of Regulation (EU) 2024/1689 – Artificial Intelligence Act, the draft implementing act primarily focuses on procedural alignment rather than on operational or technical concretisation of those objectives.
The repository is intentionally maintained in a transparent and versioned manner to reflect the iterative nature of both software development and modern collaboration in large-scale agile contexts such as regulatory initiatives, large-scale pilots, and complex multi-stakeholder environments.
This repository relates to the European Commission’s targeted stakeholder consultation on the draft implementing act for AI regulatory sandboxes under the EU AI Act. The consultation page provides the official background, scope, and submission details:
“The Commission is collecting feedback on the rules to set for the establishment and operation of AI regulatory sandboxes as mandated by the AI Act.
The AI Act offers the possibility for (prospective) providers to develop, train, validate and test their innovative AI system for a limited time under regulatory supervision in a controlled framework set up by a competent authority. This can also be done where appropriate in real-world conditions.
AI regulatory sandboxes will support the objective of the AI Act to foster AI innovation and support compliance with the AI Act. The Commission will adopt an implementing act to set out the common rules for the establishment and operation of AI regulatory sandboxes as mandated by the AI Act.”
This repository uses Git as its primary medium as a deliberate methodological choice.
Regulatory sandboxes under the EU AI Act are designed as learning instruments. They evolve over time, involve multiple stakeholders, and require transparency around assumptions, changes, and outcomes. Git provides a proven and widely understood mechanism to support these characteristics.
Using Git enables:
- transparent documentation of evolving regulatory and architectural reasoning,
- explicit versioning of assumptions, analyses, and conclusions,
- traceability of changes over time rather than static snapshots,
- and structured collaboration without requiring centralised control.
In this context, Git is treated as a neutral infrastructure for shared understanding, whereby GitHub serves as a publicly accessible hosting and versioning platform rather than as a user-facing participation interface.
The choice of Git does not imply a preferred submission channel. Regulatory feedback may be provided through web-based consultation forms, email, written submissions, or other accessible means, depending on the context and needs of contributors.
The distinction is intentional: participation interfaces should remain flexible and inclusive, while the mechanisms used to consolidate, process, and learn from regulatory feedback benefit from being structured, versioned, and machine-readable.
From an architectural perspective, different submission channels can be understood as interfaces that feed into a common backend. APIs can be used to integrate feedback originating from web forms, documents, or other systems into a centrally maintained, version-controlled repository under the responsibility of the European Commission.
Such an approach allows the Commission to retain full control over the authoritative record of regulatory feedback, while enabling transparency, traceability, and iterative refinement. In this model, Git-based repositories function as a single source of truth that supports orchestration, comparison, and long-term regulatory learning across consultation cycles.
The use of Git is not intended to replace accessible consultation formats, but to complement them by providing a transparent, traceable, and referenceable knowledge base.
© 2025-2026 Sascha Block / Rock the Prototype
This work is licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0).