European Union: European Data Protection Board closes consultation on Recommendations 1/2026 on the Application for Approval and on the elements and principles to be found in Processor Binding Corporate Rules

On 2 March 2026, the European Data Protection Board (EDPB) closes a public consultation on the draft Recommendations 1/2026 regarding the Application for Approval and the elements and principles of Processor Binding Corporate Rules (BCR-P). The Recommendations provide a standard form for applications for approval of BCR-P and clarify their necessary content. BCR-P cover data processed by EU enterprises engaged in joint economic activity (“Group”) involving the processing of personal data on behalf of a non-EU data controller, which are subsequently transferred to internal sub-processors in third countries. The EDPB's Recommendations specify that BCR-P must create enforceable rights and set out commitments that ensure a level of data protection essentially equivalent to that provided within the European Union (EU). Further, the Recommendations state that a processing agreement under Article 28(3) of the GDPR must be signed by the external controller and one or more group members. This agreement should reference the BCR-P to make them enforceable for the controller. The recommendations clarify that the lead supervisory authority (to be selected and justified by the Group in the application) is responsible for the approval decision, which is then subject to an opinion by the EDPB. While approval confirms that Article 47 requirements are met, it does not confirm that specific processing activities comply with all GDPR requirements in practice. It remains the responsibility of the data exporter and the relevant controller to assess the need for supplementary measures for each transfer on a case-by-case basis. Existing BCR-P holders are expected to align with these recommendations during their annual updates. The Recommendations will become effective on the date of publication of the final version following the public consultation.