EU AI Act Art.62 SME Support 2026: Regulatory Sandboxes, Testing Facilities & Priority Access
Post #1422 in the sota.io EU AI Act SME Compliance Series
Most EU AI Act coverage focuses on what you must do — documentation, conformity assessments, registration, incident reporting. Far less attention goes to what the regulation gives you: dedicated support infrastructure for SMEs and start-ups built directly into the law.
Article 62 is that infrastructure. It mandates priority access to AI regulatory sandboxes, reduced conformity assessment fees, simplified documentation templates, and dedicated testing facilities. For a small business building AI systems, these measures can mean the difference between compliant and overwhelmed. This post breaks down what Article 62 actually provides, how to access it, and what to expect from the sandboxes already launching across EU Member States.
The Policy Context: Why Art.62 Exists
The EU AI Act's main obligations — risk management systems under Art.9, technical documentation under Art.11, conformity assessments under Art.43 — were designed for organisations with legal teams, compliance officers, and engineering resources. The drafters knew this was a problem for companies under 250 employees.
Article 62 is the legislative answer. Its title is explicit: "Measures for providers and deployers, in particular SMEs, including start-ups." The operative word is "measures" — not soft guidance, but concrete obligations placed on Member States and the Commission to create an SME support ecosystem.
The logic is deliberate: if the burden falls entirely on small companies without support, two bad outcomes follow. Either SMEs cannot comply and face penalties disproportionate to their size, or they exit the EU AI market entirely, concentrating AI development in large incumbents. Article 62 is designed to prevent both outcomes.
What Article 62 Provides: The Four Pillars
Pillar 1 — Priority Access to AI Regulatory Sandboxes
The EU AI Act's regulatory sandbox framework lives in Article 57. Sandboxes are controlled environments where providers can develop, train, test, and validate AI systems before market placement — with direct engagement from national competent authorities (NCAs). They allow deviation from some regulatory requirements under monitored conditions, specifically to accelerate innovation without sacrificing oversight.
Article 62 gives SMEs and start-ups priority access to these sandboxes. This is not a best-efforts aspiration — Member States are required to ensure that SME applications receive preferential processing. The practical implication: when a national sandbox has limited capacity, SME applicants move to the front of the queue ahead of large enterprise applicants.
What "priority access" means in practice:
- Faster admission decisions (target timelines vary by Member State, but the intent is weeks not months)
- Dedicated sandbox tracks for high-risk AI systems where an SME cannot run a full conformity assessment alone
- Early access to sandbox slots before they open to general applicants
- Paired NCA support during the sandbox period — a named contact who understands your technical context
For SMEs building high-risk AI (medical devices, hiring tools, creditworthiness systems, biometrics), this is significant. Without sandbox access, a small company faces the full conformity assessment cost immediately. Inside a sandbox, you can develop, test, and iterate with regulatory oversight before committing to a notified body assessment.
Pillar 2 — Reduced Fees and Financial Relief
Conformity assessments for high-risk AI systems can cost tens of thousands of euros when conducted by accredited third-party notified bodies. Registration obligations under Article 49 — adding systems to the EU database of high-risk AI — also carry administrative costs.
Article 62 requires Member States to reduce or waive these fees for qualifying SMEs and start-ups. The specific mechanism varies by Member State (some apply a percentage reduction, others offer full waivers for micro-enterprises), but the direction is clear: cost cannot be the reason a legitimate SME fails to comply.
What this covers:
- Notified body fees for conformity assessments (where third-party assessment is mandatory — most high-risk AI categories)
- National registration fees under Art.49
- Fees for accessing NCA guidance services
- In some Member States, subsidised legal and technical assistance for SME compliance projects
How to access: The fee reduction mechanism is administered at the national level. Your first step is identifying your national AI authority (see the Member State tracker below) and inquiring about the SME fee schedule before engaging a notified body.
Pillar 3 — Simplified Documentation and Templates
Article 11 requires providers of high-risk AI systems to produce technical documentation. The standard requirements are extensive: architecture descriptions, training data summaries, performance metrics across subgroups, risk management records, cybersecurity measures, and more.
Article 62 acknowledges that this documentation standard was built around large organisations. For qualifying SMEs, it enables simplified technical documentation — lighter in scope, using standardised templates published by the Commission. The templates are designed to capture the essential technical information without requiring a compliance infrastructure that only large enterprises can afford.
The Commission's role: The European AI Office (operating under the Commission) is responsible for publishing SME-tailored templates, standardised explanatory documents, and Q&A guidance. These will be published at the European AI Office portal — check the SME section specifically.
What this means for your documentation effort: Instead of building a documentation system from scratch against the full Art.11 requirements, SMEs can start from Commission templates and annotate them for their specific AI system. This reduces documentation effort by roughly 40-60% for simple high-risk AI systems, though the actual gap depends heavily on AI system complexity.
Pillar 4 — Dedicated Testing Facilities
Beyond the sandbox framework, Article 62 also mandates Member States and the Commission to consider establishing dedicated AI testing and experimentation facilities specifically for SMEs. These are distinct from regulatory sandboxes: they are physical or virtual environments where SMEs can test AI system performance, safety, and robustness without regulatory process overhead.
Testing facilities serve a different purpose than sandboxes. Sandboxes are regulatory environments — they exist to give NCAs visibility into your AI system during development. Testing facilities are more like shared lab infrastructure: computing resources, datasets, testing tooling, and expert support that SMEs cannot cost-effectively build independently.
Current status of testing facilities: As of mid-2026, testing facility rollout is uneven across Member States. Germany, France, Spain, and the Netherlands have announced dedicated AI testing facilities. Nordic countries are pursuing a shared facility approach. The Commission's AI Office is coordinating a pan-European testing network. Check your national AI authority for current facility availability.
Which SMEs Qualify for Art.62 Benefits?
The qualifying criteria align with the EU's standard SME definition (Commission Recommendation 2003/361/EC), which the AI Act imports directly:
| Category | Employee Count | Annual Turnover | Balance Sheet Total |
|---|---|---|---|
| Micro-enterprise | <10 | ≤€2 million | ≤€2 million |
| Small enterprise | <50 | ≤€10 million | ≤€10 million |
| Medium enterprise | <250 | ≤€50 million | ≤€43 million |
Start-ups also qualify regardless of the above thresholds if they are newly established enterprises engaged in the development of innovative AI systems. Member State implementations vary on start-up eligibility criteria — check your national authority's guidance.
Important caveat — independence test: The SME definition includes an autonomy test. If your company is part of a corporate group where the parent does not itself qualify as an SME, you likely do not qualify for SME support measures even if you are under 250 employees. A subsidiary of a 10,000-person multinational is not an SME under EU law.
The Sandbox Landscape: Member State Status (Mid-2026)
Article 62 obligations fall on Member States, which means implementation is not uniform. Here is the current picture:
| Member State | Sandbox Status | SME Track | Notes |
|---|---|---|---|
| Germany | Operational | Yes | BMAS and BNetzA co-operate; separate tracks for AI-in-employment and AI-in-infrastructure |
| France | Operational | Yes | CNIL-led sandbox; AI-in-recruitment and AI-in-healthcare priority |
| Spain | Operational | Yes | AESIA (national AI supervisor) runs sandbox with SME fast-track |
| Netherlands | Operational | Yes | Multi-authority sandbox; fintech AI and HR AI focus |
| Sweden | Pilot phase | Under development | Nordic co-operation initiative |
| Denmark | Pilot phase | Under development | Nordic co-operation initiative |
| Italy | Announced | Planned | AgID and AGCOM joint framework |
| Poland | Announced | Planned | UKE-led; launch expected Q3 2026 |
| Austria | Consulting phase | TBD | ÖFPZ/RTR coordinating |
| Belgium | Consulting phase | TBD | CBR/BIPT coordination ongoing |
The most mature sandboxes (Germany, France, Spain, Netherlands) have the most defined SME support tracks. If your market is primarily in these Member States, sandbox access is realistic within a normal compliance timeline.
How to Apply for Sandbox Access: Practical Steps
The process varies by Member State, but the general sequence is:
Step 1 — Identify your national competent authority (NCA)
The European AI Office maintains a registry of national AI authorities. Use it to find your NCA — this is the body that runs your sandbox and administers fee reductions.
Step 2 — Submit a sandbox application
Sandbox applications typically require:
- Description of the AI system (purpose, training data, intended use, risk classification rationale)
- Identification of the regulatory question or compliance challenge you want to resolve in the sandbox
- Evidence of SME status (typically: last two years of accounts or a Company Registration Certificate plus employee count declaration)
- Planned test methodology and success criteria
Applications do not require the full Art.11 technical documentation upfront — the sandbox is the mechanism by which you develop that documentation. However, you need enough detail to demonstrate the NCA can meaningfully supervise your testing.
Step 3 — Engage during the sandbox period
Sandbox participation is active, not passive. You are expected to:
- Meet regularly with your NCA contact
- Share test results as they are generated
- Escalate unexpected findings immediately
- Document everything — sandbox participation does not replace Art.11 documentation, it accelerates its development
Step 4 — Exit the sandbox with a compliance package
Successful sandbox completion gives you two things:
- A documented record of NCA engagement — this is useful evidence in any future market surveillance or enforcement action
- A compliance package (technical documentation, test results, risk assessment) substantially ready for formal conformity assessment
Practical Implementation: A Compliance Decision Tree
Use this decision tree to route your AI system to the right support measure:
Is your AI system high-risk (AI Act Annex III)?
│
├─ YES ─→ Are you a qualifying SME?
│ │
│ ├─ YES ─→ Request sandbox access (Art.57 + Art.62 priority)
│ │ │
│ │ └─ Also: Apply for reduced conformity assessment fees
│ │ Use Commission simplified documentation templates
│ │
│ └─ NO ─→ Standard conformity assessment path (Art.43)
│
├─ NO, GPAI model ─→ Apply GPAI documentation and copyright obligations
│ (SME fee relief may apply for Commission notification)
│
└─ NO, limited/minimal risk ─→ No mandatory sandbox or assessment needed
(consider sandbox voluntarily for high-complexity AI)
Code Pattern: Documenting Sandbox Participation
If you build your compliance documentation as structured data (which makes it dramatically easier to update, audit, and present to authorities), here is a minimal schema for tracking sandbox participation:
interface SandboxParticipation {
membState: string;
nationalAuthority: string;
applicationDate: string;
admissionDate?: string;
sandboxPeriod: {
start: string;
end: string;
};
aiSystemDescription: string;
riskClassification: "prohibited" | "high-risk" | "gpai" | "limited" | "minimal";
smeEligibilityBasis: "micro" | "small" | "medium" | "startup";
regulatoryQuestions: string[];
testingObjectives: string[];
ncaContact: string;
meetingLog: Array<{
date: string;
topic: string;
outcome: string;
followUpRequired: boolean;
}>;
testResults: Array<{
testDate: string;
metric: string;
result: string;
sharedWithNCA: boolean;
}>;
exitOutcome?: {
completionDate: string;
compliancePackageReady: boolean;
ncaEndorsementReceived: boolean;
nextStep: "conformity-assessment" | "market-placement" | "further-development";
};
}
Tracking sandbox participation as structured data means you have an audit-ready record at every stage. Store this in your compliance system alongside your technical documentation.
What Art.62 Does Not Do
To set accurate expectations:
Art.62 does not exempt SMEs from high-risk AI obligations. If your AI system is high-risk, you must still complete conformity assessment (Art.43), maintain technical documentation (Art.11), implement a risk management system (Art.9), and register the system (Art.49). Art.62 lowers the cost and increases the support — it does not change the requirements.
Art.62 does not guarantee sandbox admission. Priority access means priority in the queue — it does not mean automatic admission. Applications must demonstrate genuine regulatory need and a viable testing plan. Sandboxes have capacity limits.
Art.62 does not cover general legal advice. Sandboxes are regulatory environments for testing AI systems, not general legal consultation services. If you need guidance on whether your AI system is high-risk, start with your NCA's published guidance materials before applying for sandbox access.
Art.62 support is time-limited. Sandbox participation periods are fixed (typically 12 months with possible extension). The goal is a compliance package ready for market placement — not indefinite supervised development.
The August 2026 Timeline
With the high-risk AI obligation deadline at 2 August 2026, the sandbox timeline matters:
- Sandbox application processing: 4-12 weeks (varies by Member State and application quality)
- Sandbox participation period: 3-12 months
- Post-sandbox conformity assessment: 4-16 weeks for a notified body assessment
If you are building a high-risk AI system and have not yet started, the realistic Art.43 conformity assessment path before August 2026 is tight but achievable for systems that are already developed. Sandbox participation before that deadline is only realistic if you applied by March 2026 at the latest.
What to do if you missed the sandbox window for August 2026:
- Complete the conformity assessment directly (engage a notified body now)
- Apply for sandbox access anyway — it remains valuable for iterative development and Version 2 of your AI system
- Document your compliance effort — market surveillance authorities will take ongoing good-faith compliance effort into account
Resources
- European AI Office SME Hub: Centralised resource for SME compliance guidance, Commission templates, and national authority contacts — accessible at the European AI Office portal
- National AI Authority contacts: Available through the EU AI Act national authority registry (check the European AI Office site)
- Article 57 sandbox framework: Read alongside Art.62 — Art.57 defines sandbox operation; Art.62 defines the SME priority access mechanism
- Commission Recommendation 2003/361/EC: The SME definition your eligibility is assessed against
What's Next in This Series
This is the second of five posts in our EU AI Act SME Compliance series:
- Post #1421 ✅ — Which Obligations Apply to Companies Under 250 Employees
- Post #1422 ← You are here — Art.62 Support: Regulatory Sandboxes, Testing Facilities & Priority Access
- Post #1423 — SME Risk Assessment: Simplified Conformity for Low & Limited-Risk AI
- Post #1424 — SME Documentation: Minimal Technical Documentation Requirements for Non-High-Risk AI
- Post #1425 — SME Compliance Finale: Complete August Readiness Checklist for Small Businesses
The next post covers the risk assessment and conformity path for SMEs whose AI systems fall into the low or limited-risk categories — where the sandbox and assessment overhead does not apply, but where documentation and transparency obligations still do.
sota.io is a European cloud platform built for teams that need GDPR-native infrastructure. If you are building AI systems and need an EU-sovereign deployment environment that supports your compliance documentation workflow, try sota.io free.
EU-Native Hosting
Ready to move to EU-sovereign infrastructure?
sota.io is a German-hosted PaaS — no CLOUD Act exposure, no US jurisdiction, full GDPR compliance by design. Deploy your first app in minutes.