Axipro analyzed 3,519 AI-related job postings across eight EU countries. For every professional hired to keep AI lawful, safe and accountable, nearly seven were hired to build more of it, and the gap is widest exactly where you’d least expect.
Job Postings Analyzed
EU Countries
Role Categories: Builders vs Governors
Date of Job Postings Analyzed
Throughout our data-set we found the same pattern across all eight countries: the more a nation hires to build AI, the less it hires to govern it. France runs eleven builders to every governor. Even Ireland, the most balanced in Europe, looks responsible mainly because the US tech giants headquartered there import global-governance discipline under overlapping DORA and AI Act pressure.
Sweden has one of the strongest engineering cultures in Europe. It also carries the widest governance gap we measured: sixteen AI builders hired for every person hired to govern them. France sits close behind at eleven to one. The most balanced country, Ireland at 3.5 to one, looks responsible for a reason that has little to do with virtue. The US tech giants headquartered in Dublin import global governance discipline, and they do it under the combined weight of the AI Act and DORA, the EU financial-sector resilience regime in force since January 2025.
Engineering strength does nothing to close a governance gap, and it may widen it. A country that ships AI faster produces more systems that fall under the Act’s scope and, on this evidence, fewer people positioned to document, monitor, and defend them. Being good at building AI offers no protection against governing it badly. The countries most confident in their technical talent are running the largest deficit against the law.
Click any country to see how many AI builders it hires for every governance professional, and where it ranks against the rest of Europe.
A view of the same country-level dataset behind the interactive map: governance roles, builder roles, builder-to-governance ratio, and the share of governance postings that name the EU AI Act.
| Sweden | 20 | 319 | 16.0:1 | 30.0% |
|---|---|---|---|---|
| France | 39 | 443 | 11.4:1 | 38.5% |
| Belgium | 38 | 299 | 7.9:1 | 39.5% |
| Netherlands | 61 | 439 | 7.2:1 | 31.1% |
| Italy | 40 | 284 | 7.1:1 | 45.0% |
| Spain | 64 | 384 | 6.0:1 | 28.1% |
| Germany | 88 | 501 | 5.7:1 | 27.3% |
| Ireland | 96 | 335 | 3.5:1 | 14.6% |
We analyzed thousands of AI-related job postings across eight EU countries and split them into two camps: the people hired to build AI systems, and the people hired to govern them. The ratio between those two groups tells you how seriously a country, a sector, or a company is treating the law that now governs both. Three numbers stood out.
Europe spent years drafting the AI Act. It cleared the European Parliament, survived the Digital Omnibus revisions, and now carries penalties that reach €35 million or 7% of global turnover for the most serious breaches, a ceiling that makes GDPR fines look modest. Yet fewer than three in ten of the governance roles created to handle it actually name the law in the job description. Among builder roles, the figure collapses to one in twenty-five.
That disconnect should stop you. The people being hired to make Europe compliant are, for the most part, not being hired against the Act by name. They are titled around adjacent ideas: risk, ethics, model validation, data protection. Some of that work will map onto the Act’s requirements. Much of it will not, because a role written without the regulation in view rarely produces the conformity assessments, technical documentation, and human-oversight structures the Act specifically demands. Readiness is even thinner than the headcount suggests. Simply counting governance hires overstates how many people are actually working the law.
What job descriptions actually name
Across the laws and frameworks most relevant to AI governance hiring, the EU AI Act appears in fewer than three in ten governance postings, and only 4% of builder postings.
| Law or framework | Governance roles naming it | Builder roles naming it | All roles naming it | Governance mentions |
|---|---|---|---|---|
| EU AI Act | 28.5% | 4.0% | 7.6% | 127 |
| GDPR | 26.9% | 5.7% | 9.6% | 120 |
| ISO 27001 | 11.4% | 1.3% | 2.8% | 51 |
| DORA | 11.2% | 0.9% | 2.4% | 50 |
| NIS2 | 7.6% | 1.1% | 2.3% | 34 |
| ISO 42001 | 6.1% | 0.3% | 1.0% | 27 |
| NIST AI RMF | 3.6% | 0.1% | 0.6% | 16 |
Nearly half of all AI governance roles being posted come from the largest enterprises, companies over 5,000 staff. The mid-market accounts for a third of postings. Small firms, under a fifth. Read that as exactly what it is: the distribution of governance roles being advertised, not a count of how many people each segment employs.
The distribution matters because the law underneath it does not bend to company size. A 300-person company faces the same AI Act as the multinational next door, with a fraction of the people to meet it. The Digital Omnibus did extend simplified compliance pathways to mid-sized firms, up to 750 employees and €150 million in revenue, but simplification is procedural relief, not exemption. The obligations still land. The conformity assessment still has to happen. The biggest firms are staffing up. Everyone else is posting far fewer of the roles the work requires.
The pattern across all three findings holds together. Hiring signals sit well below what the Act asks for, and the shortfall is widest exactly where confidence runs highest and resources run thinnest. The largest enterprises come closest to covered, and even they name the law less than a third of the time. For everyone else, the compliance calendar arrives on schedule whether or not the headcount does.
Most companies underestimate how the EU AI Act applies to them. Answer six quick questions to see where you stand, and what you’d need to do before the deadline.
This diagnostic gives a directional indication based on the EU AI Act’s own definitions. It is not legal advice, and it does not determine your legal status. Your actual classification depends on the specifics of each AI system and how it is used, and edge cases are common. For a definitive assessment, speak to a specialist.
This study was conducted by tracking publicly available job posts.
These are ratios, not raw counts. Every headline figure compares builder hiring to governance hiring from the same source, the same window and the same method, so whatever LinkedIn over- or under-counts, it does so on both sides, and the bias largely cancels. That’s why we report Sweden as 16-to-1 rather than as a count of roles.
This is the flow of new hiring, not the stock of existing teams. A company that built its governance function last year and isn’t currently advertising won’t appear here.
English-language search terms undercount roles posted in local languages, so the true gap is likely somewhat narrower, but the direction and scale are consistent across all eight countries.
The dataset: 3,519 classified AI-related postings, resolving to 446 governance roles and 3,004 builder roles, across Belgium, France, Germany, Ireland, Italy, Netherlands, Spain and Sweden, deduplicated by job identifier and collected over 30-day windows in mid-2026.
The EU AI Act is the first law anywhere to regulate artificial intelligence across an entire economy, and it applies by risk, not by industry. Prohibited practices like social scoring have been banned since February 2025. Rules for general-purpose AI models took effect in August 2025. On 2 August 2026, the Act’s transparency obligations under Article 50 apply: companies must tell people when they are interacting with an AI system and label AI-generated content. The Digital Omnibus, which the Council finally approved on 29 June 2026, moved the heaviest requirements, those covering high-risk AI systems, to 2 December 2027 for standalone systems and 2 August 2028 for AI embedded in regulated products. What did not move are the penalties: up to €35 million or 7% of global turnover for the most serious violations.
This is why the hiring data matters. The Act does not care whether a company builds AI or merely uses it. A firm that screens job applicants with an algorithm, scores credit with a model, or deploys a chatbot in customer service is regulated, whether or not a single engineer works there. Yet the market is staffing almost entirely on the build side: across the eight countries in this study, companies posted nearly seven builder roles for every governance role. Europe is expanding its regulatory exposure faster than it can manage.
Chief Executive Officer, Axipro Technology
*Everyone’s framing this as a fines question, and I think that’s a mistake. Yes, enforcement will be selective, but selective enforcement still needs examples, and nobody controls whether they’re chosen. *
The bigger shift is commercial. Compliance is becoming a product feature. The vendors who can hand over their AI Act documentation on day one will win deals against the ones promising to sort it out later. We’ve already watched exactly this happen with SOC 2.
The distribution of that capacity is the sharper problem. Large enterprises are absorbing almost half of all governance hiring, which means the specialists who can run risk classifications, conduct conformity assessments, and design with human oversight are concentrating in the areas where budgets are deepest. A 300-person company faces the same obligations in December 2027 as the multinational next door, but it is competing for a talent pool the multinationals are already draining. For most of the mid-market, the realistic path is not a governance team. It is a framework.
That path exists, and much of it is already familiar. The Act’s requirements around risk management, documentation, and accountability map closely onto structures many companies have built before: an ISO 27001 certification provides the management-system backbone, a SOC 2 report covers the operational controls, and an existing GDPR compliance program already handles most of the data governance the Act assumes. Companies starting from one of these are far closer to AI Act readiness than the headlines suggest. The sixteen extra months the Omnibus granted are enough time to close the remaining distance deliberately, or to arrive in December 2027 exactly as unprepared as the data above predicts. A structured EU AI Act compliance program is how you end up in the first group.
WhatsApp us