AESIA publishes the "AI Act Guides": 16 operational documents (plus checklists) to translate Regulation (EU) 2024/1689 into technical and governance measures.

On the portal of the AESIA – Agencia Española de Supervisión de Inteligencia Artificial a structured collection of practical materials ("Guides") is available designed to accompany companies and administrations in the implementation of the Regulation (EU) 2024/1689 (AI Act), with a clearly grounding cut of requirements (in particular for high-risk).

The collection consists of 16 guides, organized by blocks: two introductory guides (01–02), a nucleus of technical guides (03–15) dedicated to the main requirements of the Regulation and a manual (16) that serves as  a checklist user manual, flanked by a compendium of checklists/examples- In practice, the logic is to bring together a reading "frame" (scope,  roles, obligations and application history) with tools that can be used in design, procurement, risk/compliance and audit trail.

An element that deserves attention, also from a legal perspective, is the context of origin: the guides claim to have been developed as part of the Spanish IA regulatory sandbox pilot, with the involvement of participants, technical assistance, potential national competent authorities and a group of experts. They are also non-binding documents  (they do not replace or "develop" the legislation), conceived as practical recommendations "aligned" with regulatory requirements, pending harmonized standards. Not only that: they are presented as "living" materials, subject to revision and updating as the Commission's standards and guidelines grow, with explicit reference to the update also in relation to the future Digital Omnibus that intervenes on the AI Act.

The checklist manual (Guide 16) clarifies the "operational" approach: the measures collected aim to give indications on "how" to achieve compliance (in addition to the "what" required by the Regulation), supporting self-assessment and the construction of an adaptation plan (with levels of maturity and perceived difficulty) that can become a work outline for governance and internal control.

Finally, the guides do not ignore the technical level: in the guide on technical documentation, standards such as ISO/IEC 42001 (AI management system), ISO/IEC 23894-2 (risk management) and ISO/IEC 24027 (bias) are expressly referred to among the relevant "technical references  ", linking them to the need for reliability, transparency and fairness in the compliance process. aesia.digital.gob.es

For legal and compliance teams, the news is twofold: on the one hand, the AESIA package offers a very "implementation" taxonomy (useful for policies, controls, vendor management and auditability); on the other hand, being soft guidance produced in a sandbox context and admittedly updated over time, it can become a practical reference to be used with caution as a benchmark.  especially until the framework of harmonised standards and EU guidelines stabilises.