Commissioner participates in a panel discussion entitled ‘Navigating the New EU AI Act: Implications for gambling operators'

12 June 2025

On 10 June 2025, the Commissioner participated in a panel discussion entitled ‘Navigating the New EU AI Act: Implications for gambling operators’. The panel was organised and chaired by WH Partners as part of the The Market Expert Insights 2025 conference and the SBC Summit held in Malta.

During his intervention, the IDPC touched upon the following main points:

• The role of the IDPC of Fundamental Rights Authority and Market Surveillance Authority under the AI Act.
• The interplay between the GDPR and the AI Act – the AI Act must be seen as complementing the GDPR and this derives from recital 9 of the AI Act which provides that such Act shall apply without prejudice to the GDPR.
• Two examples were provided to demonstrate the complementarity between these two laws, namely (1) the requirement to conduct a DPIA under article 35 GDPR in case of processing activities which are likely to result in a high risk to the rights and freedoms of data subjects, and the obligation on certain deployers to carry out a FRIA in case of high-risk AI systems. In case where a DPIA would have already been conducted in relation to an AI systems involving the processing of personal data, that assessment should be complemented by a FRIA if that AI system falls within the parameters of article 27 of the AI Act; (2) the human oversight element which is provided for under article 22 GDPR in case of processing operations involving automated decision making and the same notion which is contemplated under article 14 of the AI Act.
• The GDPR applies during the development and deployment of AI systems which process personal data, including, but not limited to, the lawfulness of processing and the data protection principles.
• Although an AI system might by issued with a certificate of conformity under the AI Act, this will not mean that the system will be automatically complaint with the GDPR.
• It is important that operators, operating in both the B2C and B2B areas, should ensure that they have in place proper data governance and data management frameworks.