Disposiciones de IA del RGPD
Resumen ejecutivo
Why GDPR is the AI regulation that has been operating since 2018
The most common framing of European AI regulation describes it as an EU AI Act story — risk-tiered classification, prohibited applications, conformity assessments, the EU AI Office. The framing captures the most visible regulatory innovation and misses the operational reality entirely. The GDPR has been regulating AI in Europe since 2018, and remains the most operationally consequential AI regulation in Europe today, regardless of the EU AI Act’s enforcement timeline. Most AI compliance work in Europe is GDPR compliance work, performed under data protection law, supervised by national data protection authorities, with eight years of accumulated jurisprudence and enforcement practice.
The dominant narrative reads GDPR as a privacy regulation that happens to include some automated decision-making provisions. The reading is structurally backwards. GDPR is the comprehensive horizontal regulation that already applies to most AI systems in Europe because most AI systems process personal data, and the GDPR’s risk-based, accountability-driven, fundamental-rights-anchored architecture covers the substantive territory that the EU AI Act now extends with technology-specific obligations. The EU AI Act sits on top of GDPR, not instead of it.
This matters in three concrete ways. First, GDPR enforcement against AI systems is operational today and has been for years. The CJEU’s Schufa decision (December 2023) confirmed that automated credit scoring is Article 22 ADM. Italian Garante’s ChatGPT order (March 2023) and subsequent EUR 15 million fine (December 2024) demonstrated that DPAs can take enforcement action against generative AI services on data protection grounds. Dutch DPA’s Clearview AI fine (EUR 30.5 million, September 2024) and similar enforcement actions across France, Spain, Germany, Hamburg, and other Member States demonstrate that GDPR is the active enforcement layer. Second, EDPB Opinion 28/2024 has consolidated the EU’s interpretation of how GDPR applies to AI development and deployment, providing the substantive doctrinal foundation that supervisory authorities apply to AI compliance review. The Opinion’s three-step legitimate interest balancing test, anonymity assessment criteria, and unlawful-processing-cascade rules are now the operational framework for AI compliance under data protection law. Third, GDPR penalties are structurally severe: up to €20 million or 4% of worldwide annual turnover, an order of magnitude above the EU AI Act’s penalties for most provisions. The financial enforcement teeth on AI under GDPR are real and have been operational since 2018.
What makes the 2024-2026 regulatory cycle particularly significant is the EDPB’s accelerating substantive guidance on AI. Opinion 28/2024 in December 2024, EDPS Generative AI Orientations in October 2025, EDPB Guidelines 3/2025 on DSA-GDPR interplay in September 2025, plus the EDPB’s ongoing work on anonymisation guidelines (in the work programme since 2021, expected 2026) reflect a deliberate institutional shift from GDPR as general framework to GDPR as the operational substrate for AI governance in Europe. Organisations that treat GDPR as a separate and prior compliance domain from AI Act compliance miss the structural reality that the two operate as a unified European AI regulatory architecture, with GDPR providing the binding personal data foundation and the EU AI Act providing technology-specific overlay.
What GDPR represents in the global AI regulatory landscape, then, is the most operationally mature AI regulation in the world, with eight years of enforcement practice, comprehensive supervisory guidance, established CJEU jurisprudence, and the deepest case-law on automated decision-making, profiling, and AI lifecycle data protection obligations. The rest of this reference treats GDPR’s AI-relevant provisions explicitly rather than describing GDPR as a general privacy framework.
Article 22: automated individual decision-making, including profiling
Article 22 is the principal GDPR provision specifically targeting AI-driven decisions. It establishes a default prohibition with narrow exceptions and substantive safeguards.
The default prohibition. Article 22(1) provides that the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Three elements must be present for Article 22(1) to apply.
Element 1: Solely automated. A decision is «solely» automated where it is made without any meaningful human involvement in the decision-making process. The EDPB’s interpretation, consolidated through WP29 Guidelines and subsequent case law, is that human involvement must be substantive and capable of influencing the outcome. Mere rubber-stamping or superficial review does not suffice. For human involvement to be meaningful, it must include:
- Authority to change or override the automated decision
- Access to all relevant data used in the automated process
- Understanding of the logic and criteria behind the automated decision
- Ability to consider additional information not processed by the automated system
This test is structurally consequential for AI deployment: AI systems that produce «recommendations» reviewed by overworked human reviewers who in practice approve >95% of outputs are typically treated as solely automated, regardless of formal human oversight architecture.
Element 2: Legal effects or similarly significant effects. A decision produces legal effects when it directly alters an individual’s legal rights or obligations (denial of social benefits, refusal of citizenship, contract refusal). A decision similarly significantly affects the individual when it has equivalent practical impact even without altering legal rights — denial of credit, denial of insurance, refusal of employment, exclusion from services, differential pricing, automated content removal with reputational consequences.
Element 3: Profiling included. Profiling under Article 4(4) means «any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.»
Exceptions in Article 22(2). Article 22(1) does not apply if the decision is:
- Necessary for entering into, or performance of, a contract between the data subject and a controller
- Authorised by Union or Member State law that lays down suitable measures to safeguard rights and freedoms
- Based on the data subject’s explicit consent
In the contractual exception and explicit consent cases, Article 22(3) requires the controller to implement suitable measures to safeguard the data subject’s rights, including the right to obtain human intervention, to express the data subject’s point of view, and to contest the decision.
Special categories under Article 22(4). Where decisions are based on special categories of personal data (Article 9), the contractual and explicit-consent exceptions do not apply. Such decisions can only be made if the data subject has given explicit consent or if substantial public interest justifies the processing, and only with suitable safeguards.
Schufa Holding (CJEU, December 2023)
The Court of Justice’s judgment in Schufa Holding (C-634/21) on 7 December 2023 confirmed that automated credit scoring constitutes Article 22 ADM when the score plays a determining role in a subsequent credit decision by the lender. The Court rejected Schufa’s argument that the score itself was not the decision because the lender made the formal decision. The Court reasoned that where the score is so determinative that the lender effectively defers to it, the score’s calculation is the decision-making moment for Article 22 purposes.
Schufa is the most important CJEU case on AI under GDPR. Its reasoning extends to any AI scoring system whose output materially determines downstream human decisions: HR ranking algorithms, insurance underwriting models, fraud detection scoring, content moderation classifiers, and similar systems where the AI’s output structurally shapes the formal decision.
Article 35: data protection impact assessment for high-risk AI
Article 35 requires the controller to carry out a data protection impact assessment (DPIA) prior to the processing where the processing is likely to result in a high risk to the rights and freedoms of natural persons. Article 35(3)(a) specifically lists «systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person» — that is, the Article 22 territory plus extensive profiling more broadly.
DPIAs for AI must address:
- Description of processing: data sources, data flows, AI model architecture, deployment context
- Necessity and proportionality assessment: lawful basis verification, minimisation analysis, retention review
- Risk assessment: identification of risks to rights and freedoms (discrimination, transparency, accuracy, autonomy)
- Mitigation measures: technical and organisational safeguards, human oversight architecture, transparency mechanisms
- Consultation: with data subjects where appropriate, and with the supervisory authority where residual risk remains high (Article 36)
National DPAs publish lists of processing operations that always require DPIA. Most national lists explicitly include AI-driven decisions affecting employees, customers, or vulnerable populations. Article 35 DPIAs operate as the GDPR equivalent of the EU AI Act’s fundamental rights impact assessment, with substantial overlap that allows organisations to satisfy both through a single integrated impact assessment exercise.
Articles 13, 14, 15: transparency and the «right to explanation»
The GDPR transparency provisions create operational obligations directly relevant to AI systems.
Article 13(2)(f) and 14(2)(g) require controllers to inform data subjects, at the point of collection, about «the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.»
Article 15(1)(h) provides the corresponding subject access right: data subjects have the right to obtain confirmation of automated decision-making, plus meaningful information about the logic, significance, and envisaged consequences.
The «meaningful information about the logic involved» requirement is the closest GDPR equivalent to a right to explanation for AI decisions. The substantive scope is contested but consolidating around several elements:
- The categories of input data used
- The criteria and weighting applied
- The general logic of the algorithm sufficient to allow the data subject to understand the basis of decisions affecting them
- The expected impact and consequences of the decision-making
The EDPB encourages controllers to provide meaningful information about the logic involved and explain the significance and envisaged consequences of ADM and profiling even when these do not meet the Article 22 criteria, as good practice and to satisfy the broader transparency obligations under Article 5(1)(a).
Article 6(1)(f): legitimate interests as legal basis for AI training
The most operationally significant GDPR question for AI training has been whether legitimate interests under Article 6(1)(f) can serve as the legal basis for processing publicly available personal data to train AI models. EDPB Opinion 28/2024 consolidated the answer: yes, in principle, but only when controllers can demonstrate satisfaction of a strict three-step balancing test.
Three-step test.
- Legitimate interest: the controller’s interest must be lawful, sufficiently specific, and real (not hypothetical). Generic interests in «AI development» are insufficient; the controller must articulate the specific business or research interest at stake.
- Necessity: the processing must be necessary for the legitimate interest. Less intrusive alternatives must not be available.
- Balancing: the controller’s legitimate interest must not be overridden by the data subject’s interests, fundamental rights, and reasonable expectations.
Mitigating measures. EDPB Opinion 28/2024 emphasises that mitigating measures can shift the balancing test outcome. Examples include:
- Technical safeguards (pseudonymisation, synthetic data, differential privacy, output filtering)
- Enhanced transparency (public information beyond Article 13/14, dataset documentation, training data disclosure)
- Data subject rights mechanisms (opt-out from training, deletion mechanisms, output review)
- Limitations on data sources (excluding sensitive contexts, respecting opt-out signals)
Reasonable expectations. The data subject’s reasonable expectations carry substantial weight in the balancing test. Data made public on a professional networking platform is treated differently from data scraped from a private context. The EDPB has signalled that mass scraping of personal data for AI training without notice or opt-out mechanism faces a steep balancing test that most controllers will struggle to satisfy.
Special categories. Article 9 special categories require explicit consent or another Article 9(2) exception. Legitimate interests are not available for special category data processing. AI systems trained on biometric, health, political opinion, religious belief, or other special category data face the higher Article 9 bar.
EDPB Opinion 28/2024: AI model anonymity
A second principal contribution of EDPB Opinion 28/2024 is its treatment of when an AI model trained on personal data can be considered anonymous. The Opinion’s answer is structurally consequential: AI models trained with personal data are not, by default, anonymous. They may be anonymous in particular circumstances, assessed case-by-case, with strict criteria.
Anonymity assessment criteria. For an AI model to be anonymous:
- The likelihood of directly or probabilistically extracting personal data about individuals whose data was used for training must be negligible
- The risk of obtaining such personal data through queries (membership inference, training data extraction) should be insignificant
- The assessment must consider «all means reasonably likely to be used» by the controller or any third party (Recital 26 GDPR), including unintended reuse or disclosure
Documentation requirements. Controllers claiming AI model anonymity must document the technical and organisational measures supporting the claim. Failure to provide this documentation may indicate non-compliance with Article 5(2) accountability, regardless of the substantive merits of the anonymity claim.
Operational consequence. The default treatment of AI models as containing personal data has direct operational consequences. AI models that contain personal data are subject to the full range of GDPR obligations: lawful basis for continued processing, transparency, data subject rights including erasure and rectification, retention limits, security, breach notification, international transfer rules, and accountability. «The model is just weights» is not a sufficient defence under EDPB doctrine.
Unlawful processing cascade. If personal data was processed unlawfully during AI model development, EDPB Opinion 28/2024 establishes that the unlawfulness can cascade into the deployment phase and subsequent processing. Subsequent controllers using the AI model must verify lawful upstream provenance, particularly for AI models trained on data from third-party sources.
Article 5 principles: accountability, fairness, accuracy
Beyond the specific ADM and profiling provisions, the GDPR’s Article 5 principles apply to all AI processing of personal data and create substantive AI governance obligations.
Lawfulness, fairness, transparency (Article 5(1)(a)). AI processing must be lawful, fair, and transparent. Fairness in AI processing has consolidated around non-discrimination, accuracy of decisions, and absence of unjustified differential treatment.
Purpose limitation (Article 5(1)(b)). Personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes. The EDPB’s recent guidance addresses «function creep» in AI: models trained for one purpose subsequently used for incompatible purposes face purpose limitation challenges. Organisations must assess compatibility before deploying AI outputs in new use cases, even internal ones.
Data minimisation (Article 5(1)(c)). Only personal data adequate, relevant, and limited to what is necessary should be processed. AI training on «all available data» rather than data demonstrably necessary for the model’s purpose faces minimisation challenges.
Accuracy (Article 5(1)(d)). Personal data must be accurate and, where necessary, kept up to date. AI systems whose outputs are factually incorrect about identifiable individuals (hallucinated biographical information, incorrect inferences) face accuracy challenges. The Italian Garante’s enforcement actions against ChatGPT centred substantially on accuracy obligations regarding AI-generated content about identifiable persons.
Storage limitation (Article 5(1)(e)). Personal data must not be kept longer than necessary. AI training data retention must be justified by ongoing necessity for the model’s lifecycle.
Integrity and confidentiality (Article 5(1)(f)). AI systems must implement appropriate security. Adversarial attack resilience, prompt injection defence, and data extraction prevention are operational expressions of this principle for AI.
Accountability (Article 5(2)). Controllers must demonstrate compliance with all the above. This is the operational hook for AI governance documentation, internal audit, and supervisory review. The accountability principle is what makes the rest of GDPR practically enforceable against AI.
Article 25: data protection by design and by default
Article 25 requires controllers to implement appropriate technical and organisational measures, both at the time of the determination of the means for processing and at the time of the processing itself, to give effect to data protection principles. For AI development, Article 25 imposes structural design obligations:
- Privacy-preserving training methods: differential privacy, federated learning, synthetic data, where appropriate
- Purpose-limited model architectures: avoiding gratuitous data accumulation in model weights
- Default data protection settings: opt-in for non-essential AI features, conservative default configurations
- Lifecycle integration: data protection embedded across AI design, development, deployment, monitoring, and decommissioning
Article 25 is the GDPR substrate for the EU AI Act’s technical and organisational requirements for high-risk AI systems. Organisations satisfying Article 25 robustly are well positioned for EU AI Act compliance.
Enforcement: DPAs, EDPB, and the One-Stop-Shop
GDPR enforcement on AI is operational through the existing data protection enforcement architecture.
National Data Protection Authorities (DPAs). Each Member State’s DPA enforces the GDPR within its territory. Principal AI-active DPAs include the Italian Garante, French CNIL, Spanish AEPD, German Federal and Länder DPAs (notably Hamburg HmbBfDI), Irish Data Protection Commission, and Dutch Autoriteit Persoonsgegevens. Enforcement action against AI services can include warnings, processing limitations, mandatory remediation, and administrative fines.
One-Stop-Shop. For cross-border processing, the lead DPA (typically the DPA of the controller’s main establishment) coordinates enforcement on behalf of concerned DPAs. The Irish Data Protection Commission is the lead DPA for most large US tech companies’ EU operations, including OpenAI, Meta, Google, Microsoft, and others.
EDPB (European Data Protection Board). Coordinates the consistent application of GDPR across Member States. Issues opinions, guidelines, and binding decisions in dispute resolution under Article 65. EDPB Opinion 28/2024 is the principal AI-specific output.
Article 65 dispute resolution. Where DPAs disagree on cross-border enforcement, the EDPB issues binding decisions. Article 65 has been used in several major AI-related enforcement actions to ensure consistent outcomes.
EDPS (European Data Protection Supervisor). Supervises EU institutions’ processing. EDPS Generative AI Orientations of 28 October 2025 are the principal guidance for EU institutions deploying generative AI, applying the EUDPR (Regulation 2018/1725) which mirrors GDPR’s substantive provisions for EU institutions.
Penalty structure. Article 83 establishes administrative fines up to €20 million or 4% of total worldwide annual turnover, whichever is higher. Article 22 violations and Article 5 principle violations fall under this tier. Recent AI-relevant enforcement includes Italian Garante’s €15 million OpenAI fine (December 2024), Dutch DPA’s €30.5 million Clearview AI fine (September 2024), and similar substantial financial sanctions across Member States.
Intersections with other regimes
Five intersections shape how GDPR operates within the broader AI regulatory architecture.
EU AI Act. GDPR applies to all AI systems processing personal data; the EU AI Act adds technology-specific obligations on top. The two regimes operate cumulatively. Article 22 ADM obligations and EU AI Act high-risk obligations substantially overlap, but neither displaces the other. Multinational organisations should design integrated compliance programmes that satisfy both.
Digital Services Act (DSA). The DSA Algorithmic Transparency obligations (Articles 27 and 38) intersect with GDPR Article 22 for very large online platforms (VLOPs) and very large online search engines (VLOSEs). EDPB Guidelines 3/2025 (September 2025) provide the consolidated view on DSA-GDPR interplay. See Reference R16 for the DSA-specific analysis.
ePrivacy Directive (and proposed ePrivacy Regulation). The ePrivacy framework governs cookies, tracking technologies, and electronic communications confidentiality. AI systems processing communications metadata or using tracking technologies for personalisation face parallel ePrivacy obligations.
Council of Europe Framework Convention on AI. The Convention’s substantive principles overlap with GDPR’s data protection foundations. EU Member States and the EU itself are signatories; the Convention’s ratification will reinforce GDPR’s AI-relevant provisions through international treaty obligations.
ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 42001. The international management system standards provide operational frameworks for satisfying GDPR’s accountability obligations. ISO/IEC 27701 specifically maps privacy controls to GDPR. ISO/IEC 42001 maps AI management system requirements that satisfy substantive GDPR principles for AI processing.
## ⚖️ How Zertia operates within the GDPR AI compliance environment
>
> > ### Built for GDPR AI compliance from day one
>
> Accreditations and memberships: 🎖️ ANAB-accredited (US) · 🎖️ UKAS process (UK) · 🎖️ ENAC process (EU) · 🏛️ IAPP member · 🏛️ INCITS member · 🏛️ UKAI member · 📜 EU AI Pact signatory
>
> Zertia is an ANAB-accredited AI management system certification body, with offices in Boston, Madrid, and London, and ANAB accreditation in the United States. Active accreditation processes are underway with UKAS (United Kingdom) and ENAC (Spain/EU). The GDPR AI compliance environment — eight years of operational AI enforcement under data protection law, comprehensive EDPB doctrine through Opinion 28/2024, established CJEU jurisprudence, and substantial financial penalties — makes accredited certification and standards-based assurance directly relevant for organisations operating AI systems in the EU/EEA, UK, and any market with GDPR extraterritorial reach.
>
> Certification — ISO/IEC 42001, AIUC-1, ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 22301. Accredited ISO/IEC 42001 certification maps substantively to GDPR’s AI-relevant provisions: Article 22 human oversight obligations, Article 35 DPIA processes, Article 13/14/15 transparency requirements, Article 25 data protection by design, and Article 5 accountability. ISO/IEC 27701 specifically maps privacy controls to GDPR, providing the most direct operational evidence of GDPR programme maturity. ISO/IEC 27001 complements ISO/IEC 27701 with information security foundations underpinning AI security obligations under Article 32 GDPR. AIUC-1 provides agent-level technical assurance for AI vendors operating in EU enterprise markets, with documentation usable for GDPR compliance review.
>
> Regulatory frameworks — EU AI Act Conformity Assessment, NIST AI RMF Attestation, ISO/IEC 23894 Risk Assessment, Algorithmic Impact Assessment, Pre-Certification Assessment. Algorithmic Impact Assessments structured to satisfy GDPR Article 35 DPIA requirements concurrently with EU AI Act fundamental rights impact assessment, US state AI laws, and Brazilian PL 2338/2023 once enacted, providing portable assurance evidence for multinational organisations. EU AI Act Conformity Assessment integrates with GDPR DPIA processes to produce unified high-risk AI documentation.
>
> Audit — AI Management System audits, High-Risk AI System audits, AI Model audits, EU AI Act audits, NIST AI risk audits. Independent audits structured to provide assurance evidence portable across GDPR enforcement contexts (including supervisory authority engagement, cross-border One-Stop-Shop coordination, and Article 65 disputes), EU AI Act conformity, and parallel international AI regulatory regimes. Particularly relevant for organisations under cross-border DPA scrutiny, controllers facing high-risk processing review, and AI vendors in regulated industries.
>
> Training — AI Governance, Data Governance, Privacy Governance through Zertia Academy. Programmes treat GDPR’s AI provisions explicitly, including Article 22 ADM doctrine post-Schufa, the EDPB Opinion 28/2024 framework for AI training data, Article 35 DPIA methodology for AI systems, the legitimate interest balancing test for AI development, AI model anonymity assessment, and integration with the EU AI Act, ISO/IEC 42001, and ISO/IEC 27701 for organisations operating across multiple jurisdictions. Particularly relevant for legal, compliance, privacy, and AI governance teams in EU-operating multinationals.
>
> Zertia operates from Boston, Madrid, and London, with ANAB accreditation in the United States and active accreditation processes with UKAS and ENAC. Member of IAPP, INCITS, and UKAI. Signatory to the EU AI Pact.
>
> ### 🎯 Take action
>
> | 🔍 Diagnose privacy + AI exposure | 📊 Build the integrated backbone |
> |—|—|
> | Pre-Certification Assessment → | ISO/IEC 27701 + ISO/IEC 42001 → |
> | Independent diagnosis of GDPR Article 22, EDPB Opinion 28/2024, DPIA requirements, and the intersection between privacy obligations and AI governance. | Integrated certification combining ISO/IEC 27701 (privacy information management) with ISO/IEC 42001 (AI management). The accredited backbone for organisations where privacy and AI governance must be operated as a single system. |
>
> Discuss GDPR AI compliance and integrated EU AI regulatory positioning →
Regulación que entiendes es regulación que puedes convertir en ventaja competitiva.
¿No estás seguro de si este marco aplica a tu organización? Hablemos.
