Artificial Intelligence

Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act) 

Background information on the AI Act

The Artificial Intelligence Act is a European Union (‘EU’) legal instrument which entered into force on 1 August 2024 to regulate the use of Artificial Intelligence (‘AI’) technologies across the EU bloc, to ensure that they are safe, ethical, transparent,  non-discriminatory and overseen by people, rather than by automation, to prevent harmful outcomes. The AI Act is considered the first comprehensive regulation on AI establishing a risk-based AI classification system designed to address the varying degrees of risk posed by AI models, whilst adopting a technology-neutral definition for AI which can be applied to future AI iterations.

Interplay between AI Act and the GDPR

The Artificial Intelligence Act (‘AI Act’) marks a significant step in the EU's efforts to regulate innovative technologies, ensuring their development and deployment are aligned with fundamental rights and societal values. As AI systems increasingly shape various sectors, and in practice processing personal data to deliver quality output, their potential impact on personal data protection cannot be overlooked. The AI Act, while focusing on the regulation of AI, draws upon essential data protection principles found under the EU General Data Protection Regulation (GDPR), such as fairness, transparency, human oversight - closely linked to fairness - accountability, and privacy and data governance itself.

In cases where AI systems process personal data, not only does the AI Act apply, but also will the GDPR, which takes legal precedence, reinforcing the EU's commitment to privacy and data protection as the underlying concern and impetus. The AI Act’s human oversight principle echoes the GDPR’s right not to be subject to automated decision-making. The AI Act’s alignment with GDPR principles highlights the EU's holistic approach to both advancing technological innovation and upholding privacy protections.

 The AI Act – Key important dates

The below infographic details the AI Act’s key dates of its staggered implementation:

The IDPC’s competency and role on AI systems

Drawing from extensive experience in overseeing automated decision-making processes, national data protection supervisory authorities, such as the IDPC, are in a position to contribute valuable input, ensuring that the AI Act addresses key ethical concerns and strengthens safeguards for individuals insofar as data relating to them is concerned. This supervisory authority is committed to safeguarding individuals' fundamental rights through the protection of personal data, in the face of evolving technological advancements.

As a data protection supervisory authority in terms of the GDPR, this Office is now also designated as a fundamental rights authority ('FRA') under the AI Act, specifically concerning the protection of personal data.  For more information on the IDPC's roles under the AI Act, please click here.