Data Protection Day (28 January) celebrates the signing of Convention 108, the first legally binding treaty protecting privacy in the digital age. To mark the occasion, the Council of Europe (CoE) and the European Data Protection Supervisor (EDPS) are co-organising a one-day event focused on new frontiers in data protection. The conference will explore the challenges and opportunities that arise when innovation and emerging technologies intersect with privacy risks and the regulatory framework.
When: 28 January 2026
Where: European Commission’s Charlemagne, Brussels
PATRICIA Exercise 2025- Personal dATa bReach awareness In Cybersecurity Incident handling
Read the Executive Summary of the Report of the second edition of PATRICIA - Personal dATa bReach awareness in Cybersecurity Incident Handling, a table-top exercise focusing on personal data breach management.
New Guidance for Risk Management of Artificial Intelligence Systems
The European Data Protection Supervisor (EDPS) is pleased to announce the publication of a new guidance document designed to support controllers in conducting data protection risk assessments when developing, procuring, and deploying Artificial Intelligence (AI) systems under Regulation 2018/1725 (EUDPR). This guide aims at providing valuable insights and practical recommendations to help identify and mitigate common technical risks associated with AI systems, helping in the protection of personal data.
While primarily intended for European Union Institutions, Bodies, Offices, and Agencies (EUIs), this guidance is also relevant and useful for private companies, industry stakeholders, and public organizations seeking to ensure compliance with data protection regulations.
The document begins by revisiting the risk management approach of the widely recognized ISO 31000:2018 standard. It then continues into the AI system lifecycle, to later explore the concepts of interpretability and explainability, which are essential for ensuring data protection. The core of the guidance presents a detailed analysis of risks and corresponding mitigation measures, organized around four fundamental data protection principles: fairness, accuracy, data minimisation, and security.
ETIAS Fundamental Rights Guidance Board: ensuring access to an effective judicial remedy
As the clock ticks down to the launch of a new EU large scale border management system, the European Travel Information and Authorisation System (ETIAS) in autumn 2026, momentum is building to prepare ETIAS for entry into operation and ensure its compliance with data protection law, and other fundamental rights under the EU Charter of Fundamental Rights.
The digital regulatory landscape now extends beyond data protection, consumer protection and competition law. In response to rapid technological and regulatory developments, the EDPS invites you to discuss the future of cross-regulatory cooperation.
Effective cross-regulatory cooperation is necessary to ensure consistent application of recent laws such as the Data Governance Act, Digital Markets Act, Digital Services Act, Data Act, and Artificial Intelligence Act - each of which highlight the critical role of personal data in the digital economy and the need to protect individuals. The EDPS proposes a Digital Clearinghouse 2.0 to provide competent authorities with a forum to exchange and coordinate on issues of common interest.
When: 27 January 2026 Where: European Commission, Charlemagne building, Brussels
Building on Collaboration: Second Meeting of the AI Act Correspondents Network
The AI Act came into force a little more than a year ago, but the momentum continues to grow across the EU institutions bodies and agencies. On 7 October 2025, more than one hundred representatives gathered, both online and in Brussels, for the second meeting of the AI Act Correspondents Network.
