GDPR · EDPB · IT security

Data protection, EDPB and IT security

Sources on data protection, supervision, EDPB, cybersecurity and technical security for AI systems.

24 documents Last update: 2026-07-07T14:19:30Z
ResourceDE

Federal Network Agency - AI Act

The Federal Network Agency prepares the implementation of the EU AI Act in Germany. The regulation governs AI systems on a risk-based approach, with strict requirements for transparency and safety at high risk. Effective from August 2027.

Source: Bundesnetzagentur

Transparency GPAI AI literacy Standards

LawEU

EDPB-EDPS Joint Opinion on the European Biotech Act

The EDPB and EDPS provide joint recommendations on data protection aspects of the European Biotech Act proposal. The proposal aims to strengthen the biotechnology industry while ensuring GDPR compliance in clinical trials and AI use.

Source: European Data Protection Board

High-risk AI AI literacy Standards Data protection

LawEU

EDPB Annual Report 2025 on the Support Pool of Experts

The EDPB 2025 Annual Report summarises the activities of the Support Pool of Experts (SPE), including completed projects on AI risks, data protection enforcement, and technological tools. The report highlights transparency and cooperation between supervisory authorities.

Source: European Data Protection Board

Transparency Standards Governance Germany

StandardisationDE

BSI: Artificial Intelligence and IT Security

The German Federal Office for Information Security (BSI) examines security aspects of AI systems. It develops criteria, methods, and recommendations for the secure use of AI in safety-critical areas such as automotive and biometrics. The focus is on transparency, explainability, and standards.

Source: Bundesamt für Sicherheit in der Informationstechnik

Transparency AI literacy Standards Germany

ResourceDE

AI Real Labs in the EU AI Act

The AI Act provides for AI real labs to foster innovation by allowing companies to test AI systems under real-world conditions and clarify legal issues. The Federal Network Agency conducted a pilot project and offers the EUSAiR pilot project for businesses.

Source: Bundesnetzagentur

AI literacy Governance Germany Data protection

GuidelineDE

EU AI Act Guidelines for General Purpose AI Models

The Federal Network Agency provides guidelines and best practices for General Purpose AI (GPAI) models under the EU AI Act. These include transparency obligations, copyright regulations, and safety measures. The Code of Practice supports providers in complying with the EU AI Act.

Source: Bundesnetzagentur

Transparency GPAI AI literacy Governance

GuidelineEU

EU AI Act: Implementation Guide

The EU AI Act is the world's first comprehensive AI regulation. It addresses risks to health, safety, and fundamental rights. The FAQ guide explains the scope, prohibited practices, high-risk systems, transparency requirements, and governance. It helps businesses and authorities understand and comply with the regulations.

Source: European Commission

Prohibited practices High-risk AI Transparency GPAI

Code of PracticeEU

EU AI Act: Harmonised Standards for AI Systems

The European Commission promotes harmonised standards for the EU AI Act to simplify compliance. These standards, developed by CEN, CENELEC, and ETSI, will be published from 2026 onwards. They provide legal certainty for providers of high-risk AI systems.

Source: European Commission

High-risk AI Transparency GPAI AI literacy

StandardisationEU

Standardisation of the EU AI Act

The European Commission promotes harmonized standards for high-risk AI systems to ensure legal certainty, foster innovation, and set global benchmarks. CEN and CENELEC are developing standards in ten key areas, including risk management and transparency. The first harmonized standard was published on October 30, 2025.

Source: European Commission

High-risk AI Transparency Standards Governance

StandardisationEU

EU AI Act: Standardisation of AI Systems

The European Commission promotes harmonised standards for AI systems to implement the AI Act. These standards provide legal certainty, reduce costs, and support innovation. CEN and CENELEC are developing standards in ten key areas, including risk management and datasets.

Source: European Commission

High-risk AI Transparency Standards Governance

FAQEU

Drafting a General-Purpose AI Code of Practice

The General-Purpose AI Code of Practice was developed through an inclusive process with over 1000 participants from industry, civil society and authorities. It helps providers comply with the AI Act's requirements for safety, transparency and copyright. The code is voluntary and will be applied from August 2025.

Source: European Commission / AI Office

Transparency GPAI Governance

GuidelineEU

EU Code of Practice for General-Purpose AI

The voluntary EU Code of Practice for General-Purpose AI supports providers in complying with AI Act requirements. It covers transparency, copyright, safety, and security for advanced models. Developed through a multi-stakeholder process, the Code serves as a guideline to facilitate compliance with the AI Act.

Source: European Commission / AI Office

Transparency GPAI Governance

Code of PracticeEU

EU Code of Practice for General-Purpose AI

The General-Purpose AI Code of Practice is a voluntary EU Commission guideline developed by 13 independent experts with input from over 1,000 stakeholders. It assists providers in complying with AI Act rules for GPAI from August 2, 2025. The Code includes three chapters on transparency, copyright, and safety.

Source: European Commission / AI Office

Transparency GPAI Governance

Code of PracticeEU

EU launches first General-Purpose AI Code of Practice

The EU initiates the development of the first General-Purpose AI Code of Practice with four working groups on transparency, copyright rules, risk identification, technical risk mitigation, and internal risk management. Experts from academia, industry, and civil society will collaborate until April 2025 to create a comprehensive framework.

Source: European Commission / AI Office

Transparency GPAI Standards Governance

GuidelineEU

EU Code of Practice for General-Purpose AI

The voluntary GPAI Code of Practice supports providers of general-purpose AI models in complying with the EU AI Act obligations regarding safety, transparency, and copyright. It consists of three chapters and was published on July 10, 2025.

Source: European Commission / AI Office

Transparency GPAI Standards Governance

LawEU

European Commission: AI Act Overview

The European Commission has presented an Action Plan for AI and Cybersecurity to promote the safe and responsible use of AI. The plan addresses risks and opportunities of advanced AI models.

Source: European Commission / DG CONNECT

High-risk AI

LawEU

EU AI Act: Classification Rules for High-Risk AI Systems

Article 6 of the EU AI Act defines criteria for classifying AI systems as high-risk. A system is considered high-risk if it functions as a safety component or is listed in Annex III, unless certain exemptions apply. The Commission will publish guidelines for practical implementation by 2026.

Source: European Commission / AI Act Service Desk

High-risk AI Standards Governance

LawEU

EU AI Act: Article 5 – Prohibited AI Practices

Article 5 of the EU AI Act prohibits AI systems that violate fundamental rights, such as manipulative, exploitative, or social scoring practices. It also bans AI systems for real-time remote biometric identification in public spaces for law enforcement, except in urgent cases. The regulation mandates safeguards and proportionality conditions.

Source: European Commission / AI Act Service Desk

Prohibited practices High-risk AI Transparency GPAI

LawEU

AI Act: Definitions in Article 3

Article 3 of the EU AI Act defines key terms such as 'AI system', 'high-risk AI systems', and 'prohibited practices'. The definitions ensure consistent application of the law. The summaries are not legally binding.

Source: European Commission / AI Act Service Desk

Prohibited practices High-risk AI Transparency GPAI

LawEU

EU AI Act: Scope

The EU AI Act applies to providers, users, and distributors of AI systems in the EU market. It excludes military, research, and private use. The scope covers public and economic actors, but not third countries or national security competences.

Source: European Commission / AI Act Service Desk

High-risk AI Transparency GPAI Standards

LawEU

EU AI Act: Article 1 - Subject Matter

Article 1 of the EU AI Act defines the regulation's subject matter. It establishes the framework for regulating AI systems and models to improve the internal market and promote trustworthy AI that protects health, safety, and fundamental rights.

Source: European Commission / AI Act Service Desk

High-risk AI Governance

Code of PracticeEU

AI Act Service Desk - Frequently Asked Questions

The AI Act Service Desk FAQs address common questions about general-purpose AI models, governance, enforcement, and implementation of the EU AI Act. The document explains legal definitions, risk categorisations, and transition periods.

Source: European Commission / AI Act Service Desk

Prohibited practices High-risk AI Transparency GPAI

LawEU

EU Commission's AI Act Service Desk

The EU Commission's AI Act Service Desk enables stakeholders to submit questions about the AI Act to the AI Office. Users can log in with EU Login, complete a form, and ask questions in any official EU language. Communication happens via email.

Source: European Commission / AI Act Service Desk

Governance Data protection

LawEU

EU AI Act Explorer

The EU AI Act Explorer is a reference tool for the EU Artificial Intelligence Act. It allows users to search for prohibited practices, risk classifications, transparency obligations, and provider/deployer duties. The tool supports compliance with governance and data protection requirements.

Source: European Commission / AI Act Service Desk

Prohibited practices High-risk AI Transparency GPAI