We recently hosted the CIPL AI Act Forum II in Brussels, bringing together industry experts, regulators, and policymakers to explore the complex interplay between data protection and the obligations of the AI Act.
Forum participants acknowledged that while GDPR effectively governs personal data, it is not the sole answer for regulating AI. Discussions highlighted the need for a layered regulatory framework, combining GDPR’s focus on personal data, AI Act’s targeted approach to AI-specific risks, and complementary innovation-supportive policies.
The forum highlighted the persistent practical challenges organizations face in the context of GDPR and AI Act interplay, particularly around data minimization and bias testing. There was broad agreement on the urgent necessity for clear, actionable regulatory guidance and real-world examples.
Adaptive or agentic AI emerged as a promising solution, with participants discussing its potential to automate privacy compliance and improve transparency and accountability.
Regulators stressed the importance of aligning GDPR and AI Act obligations, recommending integrated assessments (DPIA-FRIA) and calling for coherent EU-wide regulatory guidance. Additionally, Data Protection Authorities were noted as needing to evolve, adopting more technical, product-focused oversight to effectively regulate AI.
Our sincere thanks go to Dr Mark Leiser, Sarah Pearce (Hunton), David Dumont (Hunton), and Dr Philipp Raether (Allianz) for sharing your insights, to participants for a lively and engaging discussion, and our partners at Hunton for hosting the engaging networking reception!
