Germany: Conference of the Independent Data Protection Supervisory Authorities of the Federal and State Governments adopted guidance on recommended technical and organisational measures for the development and operation of artificial intelligence systems

On 16 June 2025, the Conference of the Independent Data Protection Supervisory Authorities of the Federal and State Governments (DSK) adopted the guidance on recommended technical and organisational measures for the development and operation of artificial intelligence (AI) systems. The guidance applies to manufacturers and developers of AI systems processing personal data, especially where high-risk activities are involved. It sets out data protection obligations aligned with the principle of data protection by design and includes practical measures across all lifecycle phases including design, development, deployment, and operation. The measures include responsible data handling, secure software updates, and continuous monitoring.