AI laws and regulation in Romania

The overall strength of the regulatory framework for AI in Romania is low due to the lack of specific national rules. There is limited guidance from regulators, and enforcement is rare or unclear.

Existing laws may indirectly apply to AI (e.g., general data protection or consumer protection laws).

Nonetheless, Romania is subject to EU rules, which are likely to drive the development of a more structured and enforceable AI regulatory landscape at the national level in the future. 

There is currently no dedicated AI law in force in Romania.

No specific AI law in Romania. Considerations for EU apply to Romania as well.

Other specific laws that may govern AI-related activities are:

• Data protection:
  • Law 190/2018 on measures to implement the GDPR, relevant for the implementation of the GDPR, which governs personal data processing
  • Law 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector, which transposes the ePrivacy Directive by laying down specific rules in what regards the personal data processing and privacy protection in the electronic communications sector.
• Product safety:
  • Government Emergency Ordinance 140/2021 on certain aspects relating to contracts for the sale of goods, which transposes EU Directive 2019/771. This act is relevant where the AI is incorporated in a product as defined under the law.
  • Government Emergency Ordinance No. 141/2021 on digital content and digital services, transposes EU Directive 2019/770. This act is relevant where the AI is considered digital content or services under the definition of the law.
  • Law 240/2004 on manufacturers' liability for damage caused by defective products, transposing EU Directive 85/374/EEC. This act is relevant where an AI may be considered a defective product causing harm or damage.
• Cybersecurity:
  • Law 58/2023 on Romania's cybersecurity and cyber defense
  • Government Emergency Ordinance 155/2024, transposing the NIS2  Directive. NIS2 obligations can apply in parallel where AI supports essential or important services, overlapping with AI Act compliance.
• Copyright:
  • Law 8/1996 on copyright and related rights, which includes exceptions for text and data mining, in accordance with the EU Directive 2019/790.

Oversight of AI is shared across several bodies. Romania has designated the market surveillance authorities and has notified them to the European Commission. The Romanian Digitalization Authority published the list of national public authorities that supervise or ensure compliance with obligations under EU law protecting fundamental rights, in accordance with Article 77 of the AI Act:

• National Supervisory Authority for Personal Data Processing (ANSPDCP) - specifically for data protection issues
• National Authority for Consumer Protection
• National Council for Combating Discrimination
• People’s Advocate Institution
• National Agency for Equal Opportunities for Women and Men
• National Authority for the Protection of Children's Rights and Adoption
• Ministry of Labor and Social Solidarity / Labor Inspectorate
• National Audiovisual Council
• Permanent Electoral Authority

Currently,  these bodies have only been formally designated, but, according to some press reports,  some of them have not implemented specific policies, procedures, or measures related to AI oversight.

The Romanian Government approved the National Strategy in the field of Artificial Intelligence for the period 2024-2027. It only has strategic implications and does not impose actual rules for the use of this technology. According to the government, the strategic framework is meant to help public administration standardize, operationalize, and regulate AI development. Its goal is "To prepare Romanian society to understand, accept, and capitalize on the transformative processes generated by AI". To this end, the framework promotes education and skills in AI and RDI, the development and use of infrastructure and data sets, and partnerships that support technology transfer and the broader adoption of new technologies across society.

Currently there are no specific AI rules referencing  AI standards. 

The Romanian Parliament has registered two draft laws on the use of AI (Legislative proposal PL-x no. 184/2025 on the responsible use of artificial intelligence and  

Legislative proposal Pl-x no. 336/2024 on Artificial Intelligence), which are under parliamentary debate and contain requirements for transparency, auditing, prohibitions on the use of AI without human supervision, etc.

While the draft laws share common objectives with the EU AI Act, they contain various discrepancies.

Both bills were rejected by the Senate and are now pending consideration by the Chamber of Deputies. Several parliamentary commissions have already issued reports recommending rejection.

As such, it is possible that these will not be adopted. 

• CMS: Romanian Senate reviews draft law regulating AI: Romanian Senate reviews draft law regulating AI
• The National Strategy in the field of Artificial Intelligence: 0730 Bis_BT:Macheta P1.qxd
• EU AI Act - Questions and Answers