This article is part of a series on the operational impacts of the EU AI Act. The full series can be accessed here, with the other articles in the series listed below.

The EU AI Act mentions the EU General Data Protection Regulation, Regulation (EU) 2016/679, more than 30 times throughout its recitals and articles, which define the European framework for the development and deployment of high-risk AI systems and general-purpose AI models.

This does not come as a surprise, as many AI models are trained with datasets, including personal data, and most AI systems are used by humans who can be identified by their usernames or other log-in credentials.

In addition, both regulations aim to protect the fundamental rights of individuals and the responsible use of data, as outlined in Recital 10 of the AI Act. The GDPR safeguards the right to the protection of personal data in particular. The AI Act focuses primarily on the health and safety of individuals, as well as other fundamental rights protecting democracy, the rule of law or the environment.

This article provides insight into leveraging GDPR compliance in relation to the EU AI Act.

Top 10 operational impacts of the EU AI Act

The overview page for the series can be accessed here.

• Subject matter, definitions, key actors and scope
• Understanding and assessing risk
• Obligations on providers of high-risk AI systems
• Obligations on nonproviders of high-risk AI systems
• Obligations for general-purpose AI models
• Governance: EU and national stakeholders
• AI Assurance across the risk categories
• Post-market monitoring, information sharing and enforcement
• Regulatory implementation and application alongside EU digital strategy
• Leveraging GDPR compliance