AI Sigil Logo
Contact Us
Back to all insights
A magnifying glass

Sections

AI Act and GDPR: Examining the Tensions and Synergies

EU’s AI Act versus GDPR: Overlaps and Contradictions

The AI Act and the GDPR (General Data Protection Regulation) are two significant regulatory frameworks established by the European Union, each addressing critical aspects of technology and data privacy. This study explores the overlaps and contradictions between these two regulations, particularly in the context of artificial intelligence and personal data.

Introduction

As the landscape of artificial intelligence evolves, the need for robust regulations becomes increasingly apparent. The AI Act aims to ensure that AI systems are safe and trustworthy, while the GDPR focuses on protecting individuals’ personal data. The question arises: do these regulations complement each other, or do they present inherent contradictions?

Scope of the Regulations

The AI Act is comprehensive, applying to any actor using AI systems within the jurisdiction of EU law, regardless of their country of residence. Similar to the GDPR, the AI Act is a regulation, meaning that EU member states must implement it with minimal modifications. It also has relevance for the European Economic Area (EEA), necessitating its incorporation into national legislation, just as the GDPR has been.

Overlapping Principles

Both the AI Act and GDPR aim to secure the fundamental rights and freedoms of individuals as outlined in the Charter of Fundamental Rights of The European Union. They address personal data processing, with the GDPR focusing on protecting individuals’ privacy and the AI Act targeting the potential harmful effects of AI systems.

However, overlaps arise when AI systems process personal data, necessitating compliance with both regulations. This intersection highlights the importance of understanding user needs and the implications of AI systems on data subjects.

Roles and Responsibilities

In the GDPR, the central entity is the data subject, and entities that control or process personal data are classified as controllers and processors, respectively. The AI Act, on the other hand, categorizes involved parties as providers and deployers of AI systems. This distinction leads to potential overlaps, especially when AI systems process personal data, requiring compliance with both regulations.

Documentation and Assessment Requirements

Under the GDPR, a Data Protection Impact Assessment (DPIA) is mandatory when processing personal data that poses risks to individuals’ rights. In the AI Act, a Fundamental Rights Impact Assessment (FRIA) is required for high-risk AI systems. In many cases, the DPIA and FRIA may be similar, with the AI Act allowing for the FRIA to complement the DPIA.

Transparency Obligations

Transparency is a key issue in both regulations. The GDPR mandates that data subjects be informed about the purpose of data processing and their rights regarding access and rectification. The AI Act expands these obligations, requiring providers and deployers of AI systems to offer clear information about the AI systems’ design and use. This includes details on the system’s capabilities, limitations, and potential risks.

Challenges with Personal Data Processing

The GDPR always applies when personal data is processed. If an AI model is trained using personal data, a legal basis for processing is required. However, the practice of web scraping—a common method for gathering training data for AI systems—often involves collecting personal data without proper consent. This raises significant compliance issues under the GDPR.

Principles at Risk

The principles of purpose limitation and data minimization outlined in the GDPR come under scrutiny when applied to AI systems. Scraping personal data without a specified purpose challenges these principles. Additionally, the right to be forgotten becomes problematic, as it is difficult for individuals to ensure their data is removed from AI systems once it has been scraped.

Conclusion

The AI Act and GDPR are both crucial in regulating AI technologies and protecting personal data. However, the inherent contradictions and overlaps between the two regulations necessitate careful consideration and compliance strategies from organizations operating within the EU/EEA. As AI technology continues to advance, ongoing dialogue and regulatory adaptations will be essential to ensure that both innovation and individual rights are adequately protected.

More Insights

A compass illustrating the guidance and direction needed in AI governance.

AI Governance: Essential Insights for Tech and Security Professionals

June 7, 2025 AI,AI Governance,AI Governance Best Practices,Artificial Intelligence Governance
Artificial intelligence (AI) is significantly impacting various business domains, including cybersecurity, with many organizations adopting generative AI for security purposes. As AI governance...
Read More
A digital fingerprint scanner

Government Under Fire for Rapid Facial Recognition Adoption

June 7, 2025 AI,AI Ethics,AI Regulation,Artificial Intelligence Governance
The UK government has faced criticism for the rapid rollout of facial recognition technology without establishing a comprehensive legal framework. Concerns have been raised about privacy...
Read More
A compass

AI Governance Start-Ups Surge Amid Growing Demand for Ethical Solutions

June 7, 2025 AI,AI Ethics,AI Governance
As the demand for AI technologies surges, so does the need for governance solutions to ensure they operate ethically and securely. The global AI governance industry is projected to grow significantly...
Read More
A bridge to illustrate the connection between current AI laws and future developments.

10-Year Ban on State AI Laws: Implications and Insights

June 7, 2025 AI,AI Governance,AI Regulation,Regulatory Framework
The US House of Representatives has approved a budget package that includes a 10-year moratorium on enforcing state AI laws, which has sparked varying opinions among experts. Many argue that this...
Read More
A digital AI brain

AI in the Courts: Insights from 500 Cases

June 7, 2025 AI,AI Governance,AI Regulation,Regulatory Compliance
Courts around the world are already regulating artificial intelligence (AI) through various disputes involving automated decisions and data processing. The AI on Trial project highlights 500 cases...
Read More
A lock with a circuit board design

Bridging the Gap in Responsible AI Implementation

June 7, 2025 AI,AI Ethics,AI Governance
Responsible AI is becoming a critical business necessity, especially as companies in the Asia-Pacific region face rising risks associated with emergent AI technologies. While nearly half of APAC...
Read More
A compass

Leading AI Governance: The Legal Imperative for Safe Innovation

June 7, 2025 AI,AI Governance,AI Regulation,Ethical AI
In a recent interview, Brooke Johnson, Chief Legal Counsel at Ivanti, emphasizes the critical role of legal teams in AI governance, advocating for cross-functional collaboration to ensure safe and...
Read More
A compass

AI Regulations: Balancing Innovation and Safety

June 7, 2025 AI,AI Governance,AI Regulation,AI Safety Regulations
The recent passage of the One Big Beautiful Bill Act by the House of Representatives includes a provision that would prevent states from regulating artificial intelligence for ten years. This has...
Read More
A lock and key illustrating the security measures of regulation and the unlocking of new opportunities.

Balancing Compliance and Innovation in Financial Services

June 7, 2025 AI,Financial Technology,Regulatory Framework
Financial services companies face challenges in navigating rapidly evolving AI regulations that differ by jurisdiction, which can hinder innovation. The need for compliance is critical, as any misstep...
Read More

Ready to become AI compliant?

Take the first steps in your transformation towards international AI compliance.

Book a Discovery Call See Frameworks

Explore

Need More Assistance?

Our expert sales team is here to answer your questions, just leave your email and we’ll get in touch.

Research & Market Studies
A digital energy meter
AI Safeguards: A Step-by-Step Guide to Building Robust Defenses
As AI becomes more powerful, protecting against its misuse is critical. This requires well-designed "safeguards"...
A light bulb
Algorithmic Audits: A Practical Guide to Fairness, Transparency, and Accountability in AI
Algorithmic auditing is crucial for ensuring AI systems are fair, transparent, and accountable. A comprehensive...
A compass
AI Explainability: A Practical Guide to Building Trust and Understanding
As AI systems exert increasing influence over our lives, understanding how they arrive at conclusions...
A shield symbolizing protection against unregulated AI practices.
AI Governance: Transparency, Ethics, and Risk Management in the Age of AI
AI is rapidly transforming society, creating both opportunities and risks. A proposed AI governance framework...
Latest News on AI Compliance
A lighthouse
Unlocking GenAI: The Governance Imperative
Many organizations are struggling to move Generative AI projects from pilot mode to production due...
A computer screen displaying unemployment data
Nevada’s AI Revolution: Transforming Unemployment Claims Processing
Nevada’s unemployment agency has implemented an artificial intelligence tool to prescreen claims, significantly accelerating the...
A transparent shield
Building Trust in AI Through Effective Guardrails
Guardrails are essential in AI system architecture, especially as AI systems gain more autonomy. They...
A compass indicating guidance and direction in navigating the complexities of AI in insurance operations.
Ensuring Responsible AI Use in Insurance: A Broker’s Guide
The article discusses the rapid adoption of artificial intelligence in the insurance industry, highlighting the...

© 2023 AI Sigil

Medium Envelope