The EDPS publishes the High-Risk AI Systems Mapping Report in European Institutions, Agencies and Bodies.
0EDPS hosts data protection authorities from Western Balkans and Eastern Partnership regions for a day of operational exchanges.
1 Read blogpostBlogpost on the 57th EDPS-DPO Meeting by Thomas Zerdick, Acting Secretary-General and Head of Supervision and Enforcement Unit.
1 Read blogpostWe are back and there is a lot to catch up on! Read on for events to register for; new EDPS publications and Opinions on AI and transatlantic data sharing; reflections on events on cross-border data protection, privacy tech and the AI Act; news on EDPS oversight of EU border systems; an update on a key court judgement; and more.
1 Read NewsletterThe TechSonar report 2025-2026 explores six trends: agentic AI, AI companions, automated proctoring, AI-driven personalised learning, coding assistants and confidential computing.
1 Read moreData Protection Day (28 January) celebrates the signing of Convention 108, the first legally binding treaty protecting privacy in the digital age. To mark the occasion, the Council of Europe (CoE) and the European Data Protection Supervisor (EDPS) are co-organising a one-day event focused on new frontiers in data protection. The conference will explore the challenges and opportunities that arise when innovation and emerging technologies intersect with privacy risks and the regulatory framework.
The European Data Protection Supervisor (EDPS) is pleased to announce the publication of a new guidance document designed to support controllers in conducting data protection risk assessments when developing, procuring, and deploying Artificial Intelligence (AI) systems under Regulation 2018/1725 (EUDPR). This guide aims at providing valuable insights and practical recommendations to help identify and mitigate common technical risks associated with AI systems, helping in the protection of personal data.
While primarily intended for European Union Institutions, Bodies, Offices, and Agencies (EUIs), this guidance is also relevant and useful for private companies, industry stakeholders, and public organizations seeking to ensure compliance with data protection regulations.
The document begins by revisiting the risk management approach of the widely recognized ISO 31000:2018 standard. It then continues into the AI system lifecycle, to later explore the concepts of interpretability and explainability, which are essential for ensuring data protection. The core of the guidance presents a detailed analysis of risks and corresponding mitigation measures, organized around four fundamental data protection principles: fairness, accuracy, data minimisation, and security.
1 Read moreRead the Executive Summary of the Report of the second edition of PATRICIA - Personal dATa bReach awareness in Cybersecurity Incident Handling, a table-top exercise focusing on personal data breach management.
1 Read the Executive SummaryAs the clock ticks down to the launch of a new EU large scale border management system, the European Travel Information and Authorisation System (ETIAS) in autumn 2026, momentum is building to prepare ETIAS for entry into operation and ensure its compliance with data protection law, and other fundamental rights under the EU Charter of Fundamental Rights.
1 Read the blogpost by Wojciech WiewiórowskiBlogpost by Wojciech Wiewiórowski on the outcome of the 2025 IPEN event.
1 Read blogpostRead the Press Release on the revised Guidance on Generative AI, strengthening data protection in a rapidly changing digital era.
1 Read Press ReleaseRead the Press Release on the implementation of the EU Entry/Exit System at both European and at national level and the EDPS' supervisory role.
1 Read Press ReleaseA new episode of the Podcast series TechDispatch Talks to help you understand emerging technologies, their opportunities but also privacy challenges.
Watch the video podcast or listen to it.
0the EDPS has been awarded at the GPA Awards in the Accountability category for two strategic initiatives to enhance personal data breach management across EU institutions: The Data Breach Awareness Campaign and PATRICIA Exercise - Personal dATa bReach awareness In Cybersecurity Incident hAndling!
The Data Breach Awareness Campaign, targeted at selected participants, was structured to assess existing breach management practices, identify critical areas, evaluate process implementation, and provide tailored recommendations.
In addition, together with the European Union Agency for Cybersecurity (ENISA), we jointly organised two table-top exercises in Brussels. The initiative was designed to raise awareness among staff from European Union Institutions on how to effectively manage personal data breaches.
This recognition by the Global Privacy Assembly highlights the value of joint initiatives where supervisory authorities build capacity, foster collaboration, and promote continuous improvement in data protection.
We thank the Global Privacy Assembly for this recognition and remain committed to strengthening cooperation and preparedness in the protection of personal data.
2025 marks the 13th Anniversary of the European Cybersecurity Month. Join forces with the EU institutions, bodies and agencies in an annual awareness campaign to strengthen cybersecurity among Europeans.
Read our infographics on phishing, ransomware and pretexting.
Read more about what can the EU institutions, bodies and agencies do to tackle personal data breaches.
Watch the high-level panel discussion featuring EDPS Wojciech Wiewiórowski at the Inter-Institutional Kick-Off event.
Read, watch or listen to the Podcast episode of TechDispatch Talks - Human Oversight of Automated Decision-Making.
0The International Organisations Workshop celebrates 20 years of fostering cooperation on key data protection aspects, bringing together global experts to address shared challenges.
1 Read blogpost by Wojciech WiewiórowskiThe EDPS TechDispatch provides factual descriptions of a new technology and its implication for personal data protection. Check the latest edition.
0 TechDispatchRead the Press Release on the EDPS Opinion on Recommendation on a framework agreement between EU and USA on the exchange of information for security screenings and identity verifications.
0Press release on the EDPS Opinion on the United Nations Convention against Cybercrime.
0Exactly one year ago, on 2 August 2024, the AI Act entered into force. Today marks another important milestone as further provisions of the AI Act come into effect. Watch the video message of the Supervisor.
0