On 2 February 2025, the prohibition of prohibited practices with data protection implications in the regulation laying down harmonised rules on Artificial Intelligence (Artificial Intelligence Act) enter into force. The AI Act is based on a risk-based management approach and introduces data protection obligations depending on the level of risk associated with the AI system. The Act includes a ban on cognitive behavioural manipulation, the untargeted scrapping of facial images from the internet, social scoring, biometric categorisation to infer sensitive data, such as sexual orientation or religious beliefs, and some cases of predictive policing for individuals. Further, the Act establishes certain data governance practices for training and testing data, such as the fact that they should be relevant, accurate, and sufficiently representative. The Act is generally implemented on 2 August 2026, though some sections are subject to variable implementation periods. For high-risk AI systems according to Article 6(1), the data protection measures only enter into effect from 2 August 2027.
Original source