Lignes directrices

This Guidance sets out the EDPS interpretation of the role, position, and tasks of DPOs in Union institutions, bodies, offices and agencies (EUIs) under Regulation (EU) 2018/1725. It aims to support EUIs in ensuring the effective, independent, and consistent application of Union data protection law, while reinforcing the DPO’s role as a key internal safeguard for the protection of personal data.

NB: The EDPS Decision adopting the Rules on the application of the requirement of prior consent by the EDPS for the dismissal of DPOs mentioned in the Guidance, is scheduled to be published in the Official Journal of the European Union at the start of 2026 and shall enter into force on the 20^th day after its publication.

This guide aims at providing valuable insights and practical recommendations to help identify and mitigate common technical risks associated with AI systems, helping in the protection of personal data.

The following guidelines are an update of the guidance published in 2024.

Article 42 of Regulation (EU) 2018/1725 requires the EDPS to be consulted on proposals for legislative and other acts with an impact on the protection of individuals’ rights and freedoms with regard to the processing of personal data. The purpose of this guidance is to offer practical advice to the Commission, European Parliament and Council on the main elements to consider with regards to legislative proposals and other acts that imply the processing of personal data.

The EDPS has published its Orientations on “generative Artificial Intelligence and personal data protection” to provide EU institutions, bodies, offices and agencies with practical advice and instructions on the processing of personal data when using generative AI systems, to facilitate their compliance with the requirements of the data protection legal framework. 

HTML version available here.