The European Commission has launched a new confidential reporting channel for suspected violations of the EU Artificial Intelligence Act, introducing what it calls the AI Act Whistleblower Tool. The mechanism is designed to help regulators identify potential breaches early, particularly when employees, contractors, or other insiders are the first to detect non-compliant or harmful AI practices. The Commission formally announced the tool on November 24.

According to the Commission, the reporting system allows individuals to submit information about suspected violations involving general-purpose AI models or other AI systems covered by the Act. Reports may concern risks to fundamental rights, health, safety, or failures to meet legal obligations under the AI Act. Submissions can be made anonymously, in any official EU language, and are open to EU employees, citizens, and other relevant parties.

The tool is operated by the European Artificial Intelligence Office, the body responsible for overseeing compliance with the AI Act at the EU level. The Commission said the system uses encrypted communication channels and allows whistleblowers to upload supporting materials such as documents, technical information, or other evidence. A secure two-way inbox enables the AI Office to ask follow-up questions without revealing the reporter’s identity. The Commission stated that no identifying metadata is collected.

In guidance accompanying the launch, the Commission advises individuals not to use employer-owned devices or networks when submitting reports and to avoid including information that could indirectly identify them. Examples of relevant submissions include internal documentation, audit materials, technical specifications, code samples, and descriptions of observed AI system behavior.

While the reporting tool supports anonymity, formal legal protections against retaliation under the EU Whistleblower Directive will apply to AI Act–related disclosures starting in August 2026. Until then, confidentiality is the primary safeguard. The Commission noted that some AI-related disclosures may already qualify for protection under existing whistleblower rules, including those involving product safety, consumer protection, cybersecurity, and data protection.

The launch comes as the EU continues to build its enforcement framework for the AI Act, which entered into force in August 2024. The law imposes obligations on high-risk AI systems, sets requirements for general-purpose AI models, and prohibits specific AI uses deemed incompatible with fundamental rights. The Commission said confidential reporting will support the AI Office’s oversight work and help authorities prioritize enforcement actions, with relevant cases shared with national regulators where appropriate.