European Data Protection Supervisor: guidelines for EU institutions to manage data protec-tion risks associated with artificial intelligence (AI) systems adopted.

The European Data Protection Supervisor (EDPS) posted New guidelines for EU institutions to manage data protection risks associated with artificial intelligence (AI) systems. The guide provides a structured, risk-based methodology, aligned withISO 31000:2018, to identify and mitigate risks to fundamental rights and personal data throughout the AI lifecycle. It focuses on data protection principles such as fairness, accuracy, data minimization, and security.

Key aspects of the guidelines:

• Target: The guidelines are aimed at EU institutions, bodies, offices and agencies acting as Data Controllers in the development, procurement or deployment of AI systems that process personal data under Regulation 2018/1725 (EUDPR).

• Methodology: The guidelines provide a structured approach based on the ISO 31000:2018 standard to help EU institutions conduct data protection risk assessments.

• Areas of focus: The guidelines place an emphasis on identifying and mitigating risks related to fundamental rights and personal data, addressing in particular issues such as bias, accuracy, data minimization, security, and the ability to enforce data subjects' rights.

• AI lifecycle: The Guidelines describe a methodology for identifying where risks may emerge at each stage of AI system development and deployment.

• Compliance: The Guidelines aim to help the EU institutions comply with the data protection principles and the accountability principle outlined in the EUDPR.