Germany: Data protection authority adopted guidance on obligations and prohibitions under the EU Artificial Intelligence Act

On 30 January 2025, the Data Protection Authority of Hamburg adopted a guidance on obligations and prohibitions under the European Union's Artificial Intelligence (AI) Act. It was highlighted that certain requirements on AI competence requirements and bans on certain AI practices under the AI Act enter into force on 2 February 2025. The guidance highlighted that organisations deploying AI must ensure employees understand the specific technology they use, aligning competence with the AI system’s purpose. Prohibited AI practices include social scoring, AI-driven emotion analysis in workplaces and schools (except for medical or safety reasons), predictive policing based solely on behavioural traits, and large-scale facial recognition database creation. The AI Act also bans manipulative AI practices that exploit vulnerabilities, particularly in social media targeting minors.