AI laws and regulation in Albania

Medium

Albania does not have a standalone law dedicated exclusively to artificial intelligence. AI is governed indirectly through existing horizontal legislation, sector-specific statutes, and regulatory instruments that apply to digital technologies, data processing, cybersecurity, consumer rights, and professional obligations.

In absence of an AI-specific statute, Albanian AI deployments fall under several recently updated or newly adopted laws. The most relevant are:

a) Law No. 124/2024 “On the Protection of Personal Data” (enforced from 31 January 2025):

This is the most important updated law affecting AI. It fully replaces the earlier Law 9887/2008 and is harmonized with the GDPR and Directive 2016/680.

Relevance to AI:

• Applies to all AI systems that process personal data (automated decision-making, profiling, biometric systems, predictive analytics).
• Introduces stricter requirements on transparency, lawfulness, minimization, and accountability.
• Introduces mandatory DPIAs in cases of high-risk automated processing.
• Enhances enforcement power of the Data Protection Commissioner.

b) Law No. 25/2024 “On Cyber Security”:

Adopted in line with EU NIS2 trends. Governs cybersecurity obligations for essential and important entities, incident reporting, risk management, and system integrity.

Relevance to AI:

Any AI system deployed in critical infrastructure, public services, telecommunications, banking, energy, health, or digital-government platforms must comply with cybersecurity standards and incident-reporting obligations. AI vendors integrating into public systems must meet certification and security-by-design expectations.

c) 2025 Sub-legal Acts and Guidance:

• Guidance on CCTV and Biometric Processing issued by the Data Protection Commissioner.
• Guidance No. 05/2025 on Processing Personal Data by Competent Authorities (law enforcement and justice sector) highly relevant when AI is used in policing, surveillance, public safety, or judicial support tools.

These instruments directly affect any AI system using video analytics, facial recognition, biometric categorization, or automated risk scoring.

d) Electronic Communications & Digital Governance:

• Law No. 9918/2008 (Electronic Communications)
• Law No. 10/463/2016 (Electronic Governance and Interoperability)
• Related AKSHI standards for digital government systems

These apply to platform governance, telecom infrastructure, algorithmic traffic management, and digital public-service tools.

e) Consumer Protection:

Law No. 9902/2008 as amended governs AI-driven consumer interactions, algorithmic pricing, and automated recommendation systems in e-commerce.

f) Financial Sector Regulation:

Bank of Albania and AMF rules regarding automated credit scoring, algorithmic fraud detection, AML monitoring tools, and risk-model governance apply to AI in the banking and insurance sectors.

g) Competition Law:

Law No. 9121/2003 “On Protection of Competition” covers algorithmic collusion, AI-enabled market manipulation, dynamic pricing tools, and data-driven dominance.

There is no AI-specific regulator in Albania.

Instead, oversight is distributed among regulators whose mandates intersect with AI-related activities:

Key Authorities:

• Commissioner for the Right to Access Information and Personal Data Protection (IDP Commissioner):
  Most relevant regulator for AI, due to the new 2024/2025 data protection regime. Actively issues guidance, conduct inspections, and impose sanctions.
• National Cyber Security Authority (AKCESK):
  Oversees security obligations under Law No. 25/2024, including AI-related system integrity and risk measures.
• National Agency for Information Society (AKSHI):
  Regulates digital government, procurement standards, interoperability, IT architecture; overseas algorithmic systems used in public administration.
• Bank of Albania / Financial Supervisory Authority:
  Oversee algorithmic credit-scoring, monitoring tools, model-risk management.
• Albanian Competition Authority (ACA):
  Supervises algorithmic collusion, market dominance, data concentration.

Albania has several frameworks shaping its approach to emerging technologies, including AI:

a) National Strategy for Digital Agenda 2022–2026:

Provides strategic objectives for digital transformation, including AI adoption in public services, data-driven governance, and innovation ecosystems.

b) National Cyber-Security Strategy 2025–2030:

Aligns with EU cybersecurity standards, risk-management principles, and digital-sovereignty priorities. Relevant for secure AI deployment.

c) Digital Governance Standards (AKSHI):

Technical standards for digital public services, interoperability, data exchange, and ICT procurement, indirectly relevant to AI tools in e-government.

d) Law-Enforcement and Justice-Sector Digitalization Programs (2025):

Include risk-assessment tools, analytics systems, and automated decision-support mechanisms, regulated indirectly through new data-protection guidance. None of these are binding on AI as a specific technology, but they strongly influence public-sector adoption of AI systems.

Albania’s legal framework does not formally incorporate international AI standards, but the following influence policy development:

• OECD AI Principles:
  Reflected in digital-agenda strategies and responsible-innovation guidance.
• ISO/IEC Standards (e.g., 27001, 27005, 23894):
  Widely used in cybersecurity, ICT procurement, and certification frameworks.
• EU Artificial Intelligence Act (AI Act):
  Albania is expected to align with the EU AI Act during the EU accession process. Although not yet binding, it is the de facto reference model for future regulation.
• NIST AI Risk Management Framework:
  Informally used in cybersecurity training and risk-assessment capacity-building programs.
• Council of Europe Instruments (AI, Human Rights, Rule of Law):m
  Albania participates in CoE developments on AI and automated decision-making.

No formal AI-specific legislation launched to date.

However:

• Albania is preparing internally for approximation with the EU AI Act, which is expected to become the central model for future national AI legislation.
• Technical assessments and institutional readiness reviews are ongoing at the Ministry of Economy, Ministry of Justice, and AKSHI.
• Formal drafting is expected after 2026, aligned with EU accession timetable.

Albania legislates in the digital sector predominantly through EU acquis approximation. The EU AI Act will likely be transposed once Albania progresses further in Chapter 10 (Digital Transformation) negotiations.

• Data Protection Commissioner (IDP): www.idp.al
• National Cyber Security Authority (AKCESK): www.aksk.gov.al
• National Agency for Information Society (AKSHI): www.akshi.gov.al
• Digital Agenda Strategy: https://digital.gov.al
• Competition Authority: www.caa.gov.al

Additional resources:

• Albanian ICT Association (AITA): https://aita-al.org
• Justice and law-enforcement digitalisation updates: https://ceelegalmatters.com
• Digital regulation analysis (2024–2025): https://scidevcenter.org