Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NLยทEN
Guide

Real-world testing and regulatory sandboxes (Articles 57-60)

Adopted 2026-06-22 ยท ≈ 2 min read ยท Dirk Baaijen

The AI Act offers two controlled testing routes: regulatory sandboxes under supervision (Articles 57-59) and testing in real-world conditions outside the sandbox (Article 60). Both carry strict safeguards, such as informed consent and the right to have data erased.

Short answer: The AI Act wants to give innovation room without giving up protection. It does so through two testing routes: the regulatory sandbox, a controlled environment under the supervision of the competent authority (Articles 57-59), and testing in real-world conditions outside the sandbox (Article 60). Both require a plan, safeguards and โ€” where people are involved โ€” informed consent.

The regulatory sandbox (Articles 57-59)

Each Member State sets up at least one AI regulatory sandbox (alone or shared) within two years of entry into force. In the sandbox, providers can develop, train, test and validate an innovative AI system under guidance before market entry, within an agreed plan and a limited period.

The authority gives advice and guidance and can check compliance with the regulation. Participation does not exempt the provider from its high-risk obligations, but it shields against fines for infringements that occur within the sandbox plan and in good faith. Personal data may, under conditions, be processed to develop AI in the public interest.

Testing in real-world conditions (Article 60)

Sometimes a system must be tried outside the lab. Article 60 allows a high-risk system to be tested in real-world conditions outside a sandbox, provided there is an approved testing plan and strict conditions are met:

  • the test is registered and has a defined, in principle limited duration;
  • there are safeguards against risks to health, safety and fundamental rights;
  • decisions with legal effects can be reversed or disregarded;
  • the provider can immediately stop the test and erase the data.

This is expressly not a placing on the market: the system has not yet been declared conform.

Protecting test subjects

Where natural persons are involved in the test, informed consent applies: the subject knows they are taking part, understands what the test involves, and can withdraw without detriment. The provider keeps the consent and makes the relevant documentation available to the authority.

Why this matters in the chain

The sandbox and real-world test are the phase before the roles of importer and distributor: only after a successful conformity assessment does the system truly reach the market. The testing routes lower the threshold for making innovation demonstrably safe.

What to do

  • Choose the right route: sandbox for guidance and legal certainty, real-world test for field validation.
  • Write a testing plan covering duration, risks, safeguards and a stop-and-erase procedure.
  • Arrange consent where people are involved and keep the evidence.
  • Notify and register the test with the competent authority.
  • Anchor it in governance: include testing routes in your AI governance framework.

The testing rules are the AI Act's invitation to innovate in full view of the regulator โ€” not around it.

Sources

  1. https://artificialintelligenceact.eu/article/57/
    AI Act Article 57: establishment of AI regulatory sandboxes by Member States.
  2. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act), Articles 57-60 on sandboxes and real-world testing.

Share on LinkedIn

Read next

U

AI regulatory sandboxes: can I test my AI safely under supervision?

Yes. By 2 August 2026 at the latest every Member State must offer at least one AI regulatory sandbox: a controlled environment to develop and test innovative AI under supervision, with guidance. It does not exempt you from liability.

W

The authorised representative for non-EU providers (Article 22)

A provider established outside the EU must appoint a written authorised representative in the Union before placing a high-risk AI system on the market. Article 22 makes that person the European point of contact for authorities, with its own duties and power to end the mandate.

U

The AI Office: role, tasks and enforcement powers

The AI Office within the European Commission coordinates implementation of the AI Act and is the exclusive supervisor of GPAI models. It draws up codes of practice, conducts investigations and can have fines imposed on model providers.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject โ€” programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method โ†’

A project or programme? Work with YRproject โ†’

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.