EU AI Act Implementation Project

CIPL’s EU Artificial Intelligence Project is a two-year initiative designed to support organizations and stakeholders in the effective implementation of the EU AI Act. Through a dynamic program of workshops, webinars, white papers, and expert engagement, the project delivers practical, risk-based compliance strategies that are globally relevant and forward-looking.

For over 20 years CIPL has been a leading advocate for organizational accountability in data protection and broader digital and data policy. Since 2018 we have applied our thought leadership to the field of AI.

With a strong focus on AI compliance, governance, and accountability, CIPL’s EU AI Project empowers organizations to navigate the evolving AI regulatory landscape and helps shape a trustworthy, innovation-friendly AI ecosystem—in the EU and beyond.

January 2025

We hosted a webinar on Data Protection in the Age of Generative AI: Regulatory Perspectives and Practical Approaches. The discussion focused on:

  • Reviewing the EDPB Opinion on legal bases for AI model training, the CNIL how-to-sheets on AI, and the ICO summary from its AI consultation series.
  • Highlighting data protection best practices in the context of generative AI development and deployment.

February 2025

We hosted a roundtable for project participants and CIPL members on Operationalizing AI Literacy Requirements. The discussion focused on:

  • Understanding what AI Act Article. 4 mandates.
  • Defining foundational knowledge and skills.
  • Monitoring and ensuring continuous improvement in AI literacy.
  • Addressing liability concerns.

May 2025

We hosted a workshop for project participants and CIPL members on Operationalizing Transparency Under the GDPR and AI Act. Following the publication of a discussion draft ahead of the workshop, we utilized this workshop to conduct deep-dives on current best practices into how organizations are operationalizing transparency based on the new requirements.

June 2025

We hosted our AI ACT FORUM II on Exploring Overlapping Data Protection and AI Act Obligations. The discussion focused on:

  • Identifying and addressing tensions/overlaps between the AI Act and other laws (e.g., GDPR).
  • Interrelations with potential new pieces of legislation in the context of AI: AI liability directive, AI in work settings, copyright.
  • The interplay between Data Protection Impact Assessments (DPIAs) and Fundamental Rights Impact Assessments (FRIAs).

July 2025

We hosted a workshop for project participants and CIPL members on Code of Practice for General-Purpose AI Models.

September 2025

Our AI ACT FORUM III on Risk Assessment Taxonomy and Holistic Risk Assessments centering on:

  • Key elements of effective risk assessments
  • Refining internal governance for AI risk assessments
  • Establishing internal risk taxonomy and escalation procedures
  • Aligning AI Act risk assessment requirements with existing regulatory frameworks in areas like privacy, security, and competition
  • Developing holistic risk assessments and management frameworks
  • Harmonization with global standards and context

October 2025

A roundtable for project participants and CIPL members on Operationalizing AI Risk Assessments exploring:

  •  Integrating risk assessments into broader risk management frameworks (DPIAs and FRIAs)
  • Operationalizing AI Act requirements such as data governance and internal AI competence

 

November 2025

A roundtable for project participants and CIPL members on AI Sandboxes. Participants will discuss:

  • Key learnings from CIPL’s AI Sandbox paper
  • Regulatory oversight, enforcement, and compliance metrics

December 2025

The AI ACT FORUM IV on Creating Effective AI Governance Programs will focus on:

  • Mapping best practices to AI Act requirements
  • Establishing internal governance and compliance programs
  • Addressing third-party vendor management and demonstrating accountability with certifications and standards

Project Focus Areas:

  • Addressing operational and legal challenges posed by the EU AI Act, with a focus on high-impact compliance issues.

  • Developing best practices and scalable solutions to support responsible AI deployment across sectors.

  • Prioritizing risk-based approaches that align with organizational realities and promote innovation and trust in AI systems.

Stakeholder Engagement & Thought Leadership:

  • Creating a collaborative forum that brings together regulators, industry leaders, academics, and civil society to exchange insights and inform regulatory development.

  • Influencing future guidance, standards, and interpretations of the EU AI Act through multi-stakeholder dialogue and thought leadership.

  • Building a global knowledge base that contributes to the responsible and ethical governance of AI technologies worldwide.