Tech regulation has struggled with enforcement for a long time. Drawing on our experience with the implementation of GDPR, and looking at what other successful regulatory agencies do, we suggest some competencies any AI oversight agency should have to incentivize and ensure good practices and compliance in the EU and globally.