The EU Artificial Intelligence Act (AI Act) is the world’s first comprehensive legal framework governing artificial intelligence. Adopted in 2024 and entering phased application through 2025–2026, the Act introduces a risk-based regulatory model that directly intersects with data protection and privacy law.
High-risk AI systems—such as those used in recruitment, credit scoring, biometric identification, and law enforcement—must meet strict requirements on data governance, transparency, human oversight, and accuracy. These obligations build upon GDPR principles, particularly data minimization, purpose limitation, and accountability.
For organizations deploying AI systems, compliance now requires cross-disciplinary governance involving legal, technical, and data protection expertise. DPOs will play a central role in evaluating training datasets, conducting data protection impact assessments (DPIAs), and ensuring lawful processing of personal data in AI lifecycles.
Official source:
European Commission – Artificial Intelligence Act
https://digital-strategy.ec.europa.eu/en/policies/artificial-intelligence-act