EDPS strengthens DPO role: new guidance and binding rules to protect DPO independence across EU institutions

16 February 2026

Under EU law, all EU institutions, bodies, offices and agencies (EUIs) are required to appoint a data protection officer (DPO). To strengthen the effectiveness and independence of this function, the European Data Protection Supervisor (EDPS) has adopted two key documents clarifying the role and protection of DPOs within EUIs.

On 18 December 2025, the EDPS issued a Supervisory Guidance on the role of DPOs in EUIs. The Guidance clarifies the EDPS’s interpretation of the DPO’s role, position and tasks in EUIs. It provides practical and up-to-date guidance on the designation of DPOs, their institutional positioning, the guarantees of independence attached to the function, and the responsibilities entrusted to them. 

Building on this Guidance, the EDPS adopted Decision 01/2026 on 16 January 2026, establishing binding Rules on the application of the requirement of prior consent by the EDPS for the dismissal of DPOs.  These Rules set out a clear and uniform procedural framework that EUIs must follow when seeking the EDPS’s prior consent before dismissing a DPO prior to the end of their designation term. 

To read more and download the DPO guidance click here.