EU AI Act and Data Privacy: GDPR Intersection Explained

Regulation (EU) 2024/1689, the EU AI Act, is the world's first comprehensive horizontal law governing artificial intelligence. It entered into force on 1 August 2024 and applies in phases through 2027. It does not replace the GDPR. Every AI system that processes personal data still needs its own GDPR lawful basis, and organisations face two overlapping compliance regimes at once.

For a grounding in the data-protection rules that predate the AI Act, see our guide to EU data privacy laws and the what is GDPR explainer.

What Is the EU AI Act?

Regulation (EU) 2024/1689 of the European Parliament and of the Council is a horizontal regulation: it applies to AI systems placed on the market or put into service in the EU, regardless of where the developer is based. It adopts a risk-based, tiered approach that sorts AI use cases into four categories: unacceptable risk (prohibited outright), high risk (detailed obligations before deployment), limited risk (transparency obligations only), and minimal or no risk (no obligations). The regulation was published in the Official Journal on 12 July 2024 and entered into force twenty days later on 1 August 2024, pursuant to Article 113. Application rolls out across four phases over the following three years.

The Phased Application Timeline

Understanding which obligations are already binding and which are still upcoming is essential for compliance planning. As of June 2026, the picture looks like this:

2 February 2025 (IN FORCE): Article 5 prohibited AI practices and AI literacy obligations for providers and deployers became applicable. Any AI system that falls within a prohibited category must have been withdrawn from use by this date.

2 August 2025 (IN FORCE): General-Purpose AI (GPAI) obligations under Articles 51 to 55 became applicable. Providers of large foundation models, including large language models and multimodal models, are now subject to training-data transparency and copyright policy requirements. Models assessed as posing systemic risk (generally those trained on more than 10^25 floating-point operations) face additional safety evaluations.

2 August 2026 (UPCOMING): The main obligations for standalone high-risk AI systems listed in Annex III become applicable. These include Article 10 data governance requirements, Article 26 deployer obligations, Article 27 Fundamental Rights Impact Assessments, technical documentation, logging, conformity assessments, and registration requirements.

2 August 2027 (UPCOMING): High-risk AI systems embedded in regulated products already covered by sectoral EU legislation listed in Annex I (such as medical devices, machinery, and civil aviation equipment) receive an extended transition. Their AI Act obligations apply from this later date.

For compliance teams, the practical priority as of mid-2026 is to have addressed the Article 5 prohibitions and GPAI obligations, and to be actively preparing for the August 2026 high-risk cutover.

The AI Act Does Not Replace the GDPR

This is the single most important structural point about the AI Act and data protection. Recital 10 of Regulation (EU) 2024/1689 states explicitly that the regulation "does not seek to affect the application of existing Union law governing the processing of personal data," including the GDPR (Regulation (EU) 2016/679), the Law Enforcement Directive 2016/680, and Regulation 2018/1725 governing EU institutions.

The consequence is that organisations face two independent and overlapping compliance regimes. An AI system that processes personal data must satisfy every applicable GDPR requirement: it needs a valid lawful basis under Article 6 GDPR for ordinary personal data, and a separate condition under Article 9 GDPR for special-category data. It must comply with the data minimisation principle (Article 5(1)(c) GDPR), purpose limitation (Article 5(1)(b) GDPR), and all data subject rights. The AI Act does not provide a shortcut around any of these requirements.

At the same time, clearing GDPR's requirements does not satisfy the AI Act. A system may have a perfectly valid GDPR basis, be fully transparent with data subjects, and still be categorically prohibited under Article 5 of the AI Act. The two regimes operate on different axes: GDPR governs the processing of personal data, while the AI Act governs the risk posed by the AI system itself, to individuals and to society.

National data protection authorities retain all of their existing enforcement powers under the GDPR. They also gain new roles under the AI Act, discussed in the enforcement section below. Organisations should expect their DPA to look at both regulatory frameworks simultaneously when assessing an AI deployment.

Prohibited AI Practices with Privacy Teeth: Article 5

Article 5 of the AI Act lists eight practices that are prohibited entirely because their risks are considered unacceptable regardless of any potential benefit. Seven of the eight prohibited practices are directly connected to data protection and surveillance concerns. All have been in force since 2 February 2025.

Social scoring by public authorities (Art. 5(1)(c)): AI systems that evaluate or classify natural persons based on their social behaviour or characteristics across multiple contexts, where the resulting social score leads to detrimental or unfavourable treatment in unrelated contexts, are prohibited. This targets authoritarian-style government scoring systems. The prohibition is absolute; there is no exception for public-interest purposes.

Criminal risk assessment based on profiling (Art. 5(1)(d)): AI systems used to assess or predict the risk that a natural person will commit a criminal offence, where that risk assessment is based solely on profiling the person or assessing personality traits and characteristics, are prohibited. The prohibition has a narrow carve-out: AI that supports human assessment of criminal involvement based on objective and verifiable facts directly linked to a criminal activity is not covered. The provision targets systems that treat a statistical profile or inferred personality as a sufficient basis to assign a crime-risk score to an individual, without anchoring that assessment to concrete observed conduct.

Untargeted scraping of facial images (Art. 5(1)(e)): The creation or expansion of facial recognition databases through the untargeted scraping of facial images from the internet or from CCTV footage is prohibited. This directly intersects with GDPR Article 9, which treats biometric data used for identification as a special category requiring explicit consent or another Article 9 condition. Several vendors had commercialised exactly this practice before the prohibition came into force.

Emotion recognition at work and in education (Art. 5(1)(f)): AI systems that infer the emotional states of natural persons in workplace or educational institution contexts are prohibited. The only exception is for safety reasons, such as monitoring driver alertness. Crucially, this prohibition applies regardless of whether the organisation could otherwise establish a GDPR lawful basis, such as legitimate interests or consent. The AI Act makes the practice impermissible at a higher level than GDPR's lawful-basis analysis can reach.

Biometric categorisation for protected characteristics (Art. 5(1)(g)): AI systems that categorise natural persons individually from their biometric data in order to deduce or infer race or ethnic origin, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation are prohibited. This applies even where the categorisation is probabilistic rather than definitive. The overlap with GDPR Article 9 special categories is extensive and intentional.

Real-time remote biometric identification in public spaces (Art. 5(1)(h)): The use of real-time remote biometric identification (RBI) systems in publicly accessible spaces for law enforcement purposes is prohibited, subject to three narrow exceptions: targeted searches for specific victims of kidnapping, trafficking, or sexual exploitation; prevention of a specific and imminent terrorist threat; and identification of persons suspected of serious criminal offences listed in Article 5(2). Each use requires prior judicial or independent administrative authorisation. The restriction rests partly on Article 16 TFEU, the same treaty legal basis as the GDPR, confirming that the biometric prohibitions and the GDPR share a common constitutional foundation.

Cognitive behavioural manipulation (Art. 5(1)(a)-(b)): AI systems that deploy subliminal techniques beyond a person's consciousness, or exploit vulnerabilities of specific groups, to materially distort behaviour in ways that cause significant harm are also prohibited, with particular attention to children and persons with disabilities.

High-Risk AI: Data Governance Under Article 10 (Applicable from 2 August 2026)

Article 10 is the AI Act's most detailed data-specific provision. It imposes data governance and management obligations on providers of high-risk AI systems, covering the datasets used to train, validate, and test those systems.

The Article 10 obligations require providers to establish practices governing: the selection criteria and collection methodologies for training, validation, and testing data; the intended purposes of those datasets; examination of the data for possible biases that could cause harm or violate fundamental rights; identification of any relevant data gaps or shortcomings; and consideration of characteristics or specificities that make the dataset appropriate for the system's intended purpose. Training datasets must be free from errors and complete to the extent possible given the state of the art. Article 10(2)-(4).

The connection to GDPR is structural rather than redundant. GDPR Article 5(1)(b) requires that personal data be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes. GDPR Article 5(1)(c) requires data minimisation: data must be adequate, relevant, and limited to what is necessary in relation to the purposes. Article 10 of the AI Act adds a distinct, AI-specific layer: beyond limiting the data collected, providers must affirmatively document that training data is fit for purpose and free from biases that could produce discriminatory or harmful outputs.

Article 10(5) creates a narrow exception for high-risk AI system providers that is one of the few places where the AI Act expressly reaches into GDPR's special-category framework. It permits the processing of special-category personal data in training datasets, otherwise prohibited under GDPR Article 9 without a specific condition, strictly to the extent necessary to detect and correct biases that could lead to discrimination. This exception is subject to appropriate safeguards and is limited to the bias-detection purpose. It is not a general licence to process sensitive data in AI training.

The Annex III categories of standalone high-risk systems that must comply with Article 10 from August 2026 include: biometric identification and categorisation systems; AI for critical infrastructure management; systems used in educational and vocational training access decisions; employment-related systems including recruitment, performance evaluation, and task allocation; systems used in access to essential private and public services including credit scoring and benefits administration; law enforcement systems; migration, asylum, and border control systems; and systems used in the administration of justice. Providers building into any of these categories must start data governance implementation now to be ready for the August 2026 cutover.

The Fundamental Rights Impact Assessment (FRIA): Article 27 (Applicable from 2 August 2026)

Article 27 introduces a new type of impact assessment specific to the AI Act: the Fundamental Rights Impact Assessment (FRIA). It is distinct from the GDPR Data Protection Impact Assessment (DPIA) required by Article 35 GDPR, and organisations deploying high-risk AI may need to conduct both.

The FRIA obligation falls on deployers, not providers. Specifically, it applies to deployers that are either bodies governed by public law, or private operators providing services that are sufficiently close to public services in nature, such as banking, insurance, water supply, gas, electricity, and internet access. Article 27(1).

The FRIA must assess the risk that the high-risk AI system poses to fundamental rights protected by the EU Charter of Fundamental Rights. This includes, but is not limited to, the right to privacy under Article 7 of the Charter, the right to protection of personal data under Article 8 of the Charter, the right to non-discrimination under Article 21, the rights of the child under Article 24, the right to an effective remedy under Article 47, and the presumption of innocence under Article 48. The FRIA must be registered in the EU database for high-risk AI systems maintained under Article 71 of the AI Act. Article 27(2).

The GDPR DPIA and the AI Act FRIA serve different functions. A DPIA under GDPR Article 35 assesses the risks to data subjects' rights and freedoms arising from the processing of personal data. It is triggered when processing is likely to result in a high risk, in particular where new technologies are used. A FRIA under AI Act Article 27 assesses the broader portfolio of fundamental rights that can be affected by an AI system, whether or not they involve personal data directly. A system that makes automated decisions about access to social benefits affects both: it processes personal data (requiring a DPIA) and it affects fundamental social rights (requiring a FRIA). Both assessments must be carried out before deployment, and the documentation for each is separate.

General-Purpose AI: Obligations in Force Since August 2025

The AI Act created a new category of regulated entity: providers of General-Purpose AI (GPAI) models. GPAI models are AI models trained on broad data at scale, capable of competently performing a wide range of distinct tasks. Large language models, multimodal models capable of processing text, images, and audio, and similar foundation models fall within this definition. Articles 51 to 55 of the AI Act set out the obligations, which became applicable on 2 August 2025.

All GPAI providers must: publish a summary of training data with sufficient detail to allow downstream users and deployers to assess data quality, copyright compliance, and potential biases; implement a policy to comply with EU copyright law, including the text and data mining exception rules under Directive 2019/790; and publish technical documentation covering model capabilities, limitations, and intended deployment contexts. Annex XIII specifies the technical documentation requirements.

GPAI models assessed as posing systemic risk face additional obligations. The systemic-risk threshold is set at training computational power exceeding 10^25 floating-point operations, under Article 51(1)(b), though the European Commission may adjust this threshold by delegated act. Systemic-risk GPAI providers must conduct adversarial testing and red-teaming, report serious incidents to the European AI Office, implement cybersecurity safeguards, and report on their energy consumption. These requirements recognise that the largest foundation models, by virtue of their broad deployment and scale, can produce harms at a societal rather than individual level.

The privacy-specific concern with GPAI models is the scale of personal data typically involved in pretraining. Training sets of hundreds of billions of tokens scraped from the web may include personal data about living individuals. GPAI providers cannot avoid GDPR simply because they are now regulated under the AI Act. Where training data contains personal data, a GDPR lawful basis for that processing is still required, most commonly legitimate interests (Article 6(1)(f) GDPR) subject to a balancing test, though this basis has been contested in enforcement proceedings in several member states.

Who Enforces This? The Role of DPAs, the EDPB, the EDPS, and the AI Office

The AI Act creates a layered enforcement architecture that places data protection authorities centrally in its operation for the most privacy-sensitive sectors.

Article 74(8) of the AI Act designates national data protection authorities as the competent market surveillance authorities for high-risk AI systems processed in the areas of law enforcement, migration control, asylum processing, and the administration of justice. This is a deliberate design choice: these are the sectors most likely to involve large-scale processing of sensitive personal data and most likely to affect fundamental rights. DPAs are already expert in balancing law enforcement needs against privacy rights under the GDPR and the Law Enforcement Directive, making them the appropriate technical regulator for these contexts.

For other high-risk AI sectors, member states are required to designate separate national competent authorities as market surveillance authorities under Article 70.

At the EU level, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) each play advisory roles. The EDPB issues guidelines and opinions on the intersection of the AI Act and the GDPR, particularly on biometric identification and categorisation. The EDPS supervises EU institutions' use of AI systems and has published dedicated guidance on artificial intelligence supervision. In February 2026, the EDPS joined a joint statement coordinated through the Global Privacy Assembly, signed by 61 data protection authorities, expressing concern about AI systems generating realistic images and videos depicting identifiable individuals without knowledge or consent, with specific attention to child protection.

The EU AI Office, created within the European Commission, has overall coordination responsibility for GPAI model oversight and cross-border enforcement. It is the primary contact point for GPAI providers. National DPAs and the AI Office are expected to develop coordination protocols to prevent regulatory gaps and forum shopping as enforcement matures.

Penalties: Up to EUR 35 Million or 7% of Global Turnover

Article 99 of the AI Act establishes three tiers of administrative fines, all of which are already in force as the penalty provisions themselves apply from 2 August 2025 alongside GPAI obligations.

The highest tier applies to violations of the Article 5 prohibited practices. Fines can reach EUR 35,000,000 or 7% of total worldwide annual turnover of the preceding financial year, whichever is higher. This is the ceiling, not a standard fine, and enforcers must consider proportionality. Article 99(3).

The middle tier applies to violations of any other obligation imposed on providers, deployers, importers, distributors, or authorised representatives in the AI Act's value chain, including the high-risk obligations under Chapters III and IV and the GPAI obligations. Fines can reach EUR 15,000,000 or 3% of total worldwide annual turnover. Article 99(4).

The lowest tier applies to supplying incorrect, incomplete, or misleading information to notified bodies or national competent authorities. Fines can reach EUR 7,500,000 or 1% of total worldwide annual turnover. Article 99(5).

For small and medium-sized enterprises and start-ups, the AI Act caps fines at the lower of the percentage or absolute figure, providing some proportionality relief compared to the treatment of large undertakings.

For comparison, GDPR Article 83(5) caps the highest tier of fines at EUR 20,000,000 or 4% of global annual turnover. The EU AI Act's prohibited-practices tier sets a higher ceiling on both measures, reflecting the legislature's judgment that the most serious AI risks are in some respects more dangerous than the most serious data protection violations. In practice, organisations that violate the Article 5 prohibitions will almost certainly also face concurrent GDPR enforcement, since those prohibitions typically involve large-scale processing of biometric or behavioural data.

Practical Compliance Steps

Organisations operating in the EU or targeting EU residents should work through the following steps now:

Map all AI systems in use against the risk-tier framework. Identify any system that might fall within the Article 5 prohibited categories and assess whether it has been withdrawn from use as required since 2 February 2025.

For GPAI providers: verify that training-data summaries, copyright compliance policies, and technical documentation are in place and meet the requirements of Articles 53 to 55. If the model was trained on more than 10^25 FLOPs, confirm whether systemic-risk obligations under Articles 55 apply.

For high-risk system providers and deployers: begin Article 10 data governance documentation now, ahead of the 2 August 2026 application date. This includes training-data selection criteria, bias-examination records, and documentation of any use of the Article 10(5) special-category exception for bias correction.

For deployers that are public bodies or operators of public-equivalent services: plan the FRIA process under Article 27 to run alongside the existing GDPR DPIA process. The two assessments address different legal frameworks but will often draw on the same technical documentation.

Review all AI system deployments against both the AI Act and the GDPR independently. Compliance with one does not guarantee compliance with the other. Systems that have a GDPR lawful basis may still fall within a prohibited category; systems that are below the high-risk threshold may still involve high-risk personal data processing that triggers GDPR DPIAs.

Assign a designated contact for AI Act regulatory inquiries and register high-risk systems in the EU database under Article 71 when it becomes operational.

Related guides

• GDPR International Data Transfers: Chapter V Rules (2026)
• GDPR Right to Be Forgotten (Article 17) Explained
• Does GDPR Apply to US Companies? A Compliance Guide
• EU Data Privacy Laws: GDPR, AI Act & the 2025-2026 Digital Reforms
• What Is GDPR? Complete Guide to EU Data Protection (2026)

Sources

• Regulation (EU) 2024/1689: EU AI Act, Official Text (EUR-Lex)
• Regulation (EU) 2016/679: GDPR, Official Text (EUR-Lex)
• European Commission: AI Act Regulatory Framework Overview
• European AI Office: Official EU AI Office Portal
• European Data Protection Board (EDPB): Guidelines and Opinions on AI and Biometrics
• European Data Protection Supervisor (EDPS): Artificial Intelligence Supervision