EDPS unveils revised Guidance on Generative AI, strengthening data protection in a rapidly changing digital era

30 October 2025

The European Data Protection Supervisor (EDPS) published its revised and updated guidelines on the use of generative Artificial Intelligence (AI) and processing of personal data by EU institutions, bodies, offices, and agencies (EUIs), reflecting the fast-moving technological landscape and the evolving challenges posed by generative AI systems.

This updated guidance reinforces the EDPS’ commitment to advising EUIs to help them fully comply with their data protection obligations set out in Regulation (EU) 2018/1725.   

Building on feedback from EUIs, the revised guidance offers clearer and more practical instructions for the responsible development and deployment of generative AI tools. It introduces a number of key updates, including:

           •          a refined definition of generative AI for greater clarity and consistency;

           •          a new, action-oriented compliance checklist to help EUIs assess and ensure the lawfulness of their processing activities;

           •          clarified roles and responsibilities, assisting EUIs in determining whether they act as controllers, joint controllers, or processors;

           •          detailed advice on lawful bases, purpose limitation, and the handling of data subjects’ rights in the context of generative AI.

Read more here.