This research examines the regulatory challenges encountered by small and medium-sized enterprises (SMEs) operating artificial intelligence (AI) systems through data centres in the European Union (EU), with a particular focus on data protection issues in Germany. The study analyses the interaction between the General Data Protection Regulation (GDPR) and the proposed EU AI Act, emphasising the compliance barriers faced by SMEs. Methods: A mixed-method approach was employed, combining qualitative analysis of regulatory frameworks and scholarly literature with quantitative survey data from SMEs across key industries. This methodology ensured a comprehensive examination of both regulatory requirements and their practical implications. The findings indicate that SMEs demonstrate high familiarity with GDPR (mean score 82.24) but lower awareness of the AI Act (mean score 56.24), with significant intersectoral variation. Challenges include resource limitations, ambiguous ”high-risk” AI classifications, and the complexity of dual compliance. Notably, government and healthcare sectors reported substantial regulatory burdens, while energy and finance sectors exhibited lower preparedness for AI Act requirements. The study reveals the fragmented implementation of GDPR across member states, complicating compliance for cross-border SMEs. The dual demands of GDPR and the AI Act necessitate streamlined regulatory processes and tailored support mechanisms, such as simplified guidelines and financial assistance. Explainability and transparency obligations, while essential for trust, introduce additional administrative burdens that may impede innovation. Harmonising GDPR and AI Act requirements is crucial to enabling SMEs to comply without inhibiting innovation. Policy recommendations include regulatory sandboxes, targeted training, and increased financial support for SMEs to foster legally compliant yet innovative AI applications.