AI Agents for enterprises in Madrid

Madrid is the only European capital where the national data protection and financial regulators sit within walking distance of one another

Building Enterprise AI in Madrid means literally building on the doorstep of Spanish supervision. AEPD (Agencia Espanola de Proteccion de Datos), CNMV (Comision Nacional del Mercado de Valores), Banco de Espana and CNMC (Comision Nacional de los Mercados y la Competencia) - all four are headquartered in Madrid. On top of that, the political apparatus: the Ministerio de Asuntos Economicos and the Ministerio de Industria, Comercio y Turismo decide here on the EU AI Act implementation. In the corporate sector, Banco Santander, BBVA, Telefonica, Repsol, Iberdrola (HQ Bilbao, but Madrid is operationally strong), Mapfre, Ferrovial, ACS, Naturgy, Red Electrica and Amadeus IT sit in the city. Building an AI architecture here means building for a concentration of big corporates and supervisors only Frankfurt and Paris match in Europe.

The three regulatory hurdles for AI in the Madrid market

First, the AEPD and the LOPDGDD (Ley Organica 3/2018), Spain’s GDPR transposition law with a stricter overlay. The AEPD is known EU-wide for its strict reading of Article 22 GDPR - fully automated decisions are effectively only admissible in Spain with a documented human final decision. The authority has issued several fines in the eight- and nine-figure euro range in recent years, often against banks and telecoms. The Decision Layer with Human-in-the-Loop is not optional here, it is a compliance prerequisite.

Second, the AESIA (Agencia Espanola de Supervision de la Inteligencia Artificial). Spain is the first EU country to stand up a dedicated AI supervisor. The headquarters is in La Coruna, but operationally and politically much is decided in Madrid. From 2026, AESIA systematically audits high-risk systems under the EU AI Act and can issue operating bans. Anyone shipping models in Madrid has to document for an AESIA audit from day one.

Third, CNMV and Banco de Espana for the entire financial sector. Both authorities have articulated joint expectations for AI model governance and review banks, insurers and asset managers on explainability, Audit Trail and reproducibility. Since 2024 the CNMV has required a complete Audit Trail for AI-driven investment recommendations. EU AI Act compliance and financial supervision interlock here.

Typical deployment scenarios in Madrid

Banco Santander runs credit decisioning in more than ten countries and needs AI models that remain reproducible under AEPD, CNMV and Banco de Espana supervision - every rejection must be explainable within the statutory deadline. Telefonica analyses Call Detail Records for fraud detection and network optimisation across more than twelve markets - the models must remain auditable towards AEPD and ANACOM. Mapfre uses AI in claims settlement and needs models that can justify every automated loss estimate towards the policyholder. Iberdrola plans power-grid operations in Madrid that fall into high-risk categories of the EU AI Act - the models must be documented for Red Electrica and the national energy regulator CNMC.

In each of these cases the Decision Layer is the architecture that brings Audit Trail down to SQL level, Human-in-the-Loop escalation and Cert-Ready by Design into one place - exactly what the Madrid supervisors want to see at the same time. A Madrid specificity is the group complexity: most large Spanish companies are woven through Ibero-America and beyond - Santander in more than ten countries, BBVA in Mexico and Turkey, Telefonica in Brazil and Germany. An AI architecture in Madrid must be capable of enforcing jurisdiction-specific rule sets for GDPR, LGPD, the Mexican LFPDPPP and the Turkish KVKK simultaneously - all over the same Audit Trail. Building that in Madrid produces an architecture for the entire Spanish-speaking world.

How Gosign serves Madrid from Barcelona

Gosign handles Madrid projects out of the Barcelona office (gosign.es) with Spanish-speaking project managers and engineers. The AVE high-speed connection Barcelona-Madrid runs in just under two and a half hours - weekly on-site meetings at Santander, BBVA, Telefonica, Mapfre, Iberdrola and Repsol are not a logistical lift but routine. Discovery workshops, sprint reviews and steering rounds happen on site on Paseo de la Castellana, in Las Tablas or directly at corporate headquarters, with Spanish-speaking domain owners and Comite de Empresa representatives at the same table. Madrid hosts the main Spanish regulators - AEPD, CNMV, Banco de Espana and CNMC are within walking distance of each other - and the Spanish team is regularly on site to run regulatory alignment, audit preparation and sandbox meetings directly. Hamburg handles DACH and international coordination plus architectural reviews; operational day-to-day work, Madrid corporate culture and regulator contact sit with the Barcelona team.

Why Madrid is a strong starting point for Enterprise AI

Madrid is the only city in Europe in which all four Spanish supervisory authorities are reachable on foot - and in which most regulatory answers come within days rather than weeks. An organisation that builds a Cert-Ready by Design pilot here holds a reference case that has passed under AEPD, AESIA, CNMV and Banco de Espana standards. The Madrid in Motion cluster, Impact Hub Madrid and Wayra Madrid (Telefonica) provide talent, pilot partners and investor access.

We bring from the German market the experience of building AI systems that do not only function under strict supervisory regimes but remain productive - with Governance by Design and an Audit Trail. Madrid is the right market in which to carry that discipline into the heart of the Spanish economy.