All Topics
Explore GDPR and privacy law content organized by topic
Topics with Content
Artificial Intelligence
AI systems and their implications for data protection
Personal Data
Information relating to identified or identifiable natural persons
Supervisory Authorities
National data protection authorities and their powers
Processing
Any operation performed on personal data
Processing Agreement
Contract between controller and processor defining processing terms
Law Enforcement
Processing for law enforcement purposes
Controllers
Entities that determine purposes and means of processing
IP Address
Internet protocol addresses as personal data
Data Controller
The entity that determines purposes and means of processing personal data
AI Act Violations
The content specifically addresses 'Non-compliance' as a distinct legal concept under the DSA/AI Act framework. This requires a dedicated topic to comprehensively cover violation types, determination procedures, consequences, and remediation mechanisms that are not fully captured by existing penalty or enforcement topics.
Human Resources
Processing of employee and HR data
Supervision
Oversight and enforcement by supervisory authorities
Security
Technical and organizational measures to protect personal data
Healthcare
Processing of health data and medical information
Consent
Freely given, specific, informed indication of data subject wishes
Monitoring
Systematic observation and tracking of individuals
AI Act Formal Non-Compliance
This topic is needed to specifically address formal non-compliance under the AI Act, covering the determination, notification, and enforcement procedures specific to AI regulation compliance failures.
AI Standards
This new topic is needed to specifically address the role of harmonised standards and standardisation deliverables in the AI Act framework, including their development, adoption, and use in demonstrating compliance with AI system requirements.
AI Conformity Declaration
The EU declaration of conformity is a specific, mandatory compliance document under the AI Act that deserves its own dedicated topic to cover its requirements, content, format, maintenance, and availability obligations for AI system providers.
Public Authority
Government bodies and their data processing activities
Public Sector
Processing by public authorities
Scientific Research
Processing for scientific research purposes
Data Breaches
Security incidents involving unauthorized access to personal data
Minors
Special protections for children under GDPR
AI Value Chain Actors and Roles
The content focuses on responsibilities distributed across different actors in the AI value chain. A dedicated topic for understanding the various actors, their roles, and how they interact would be valuable for comprehensive AI Act compliance.
Education
Processing in educational institutions
AI Risk Mitigation
Risk management systems include specific measures to mitigate identified risks. This concept deserves dedicated coverage as it encompasses the practical implementation of risk reduction strategies beyond general risk assessment.
Transparency
Openness about data processing activities
Insurance
Processing by insurance companies
Profiling
Automated processing to evaluate personal aspects
Telecommunications
Processing by telecom providers and eprivacy
Accountability
Principle of demonstrating GDPR compliance
Privacy by Design & Default
This topic is essential as it specifically addresses Article 25 GDPR requirements for implementing data protection principles through design and default settings, covering both technical and organizational measures that must be embedded into processing systems from inception.
Healthcare
Processing in healthcare and medical context
Pseudonymization
Processing data in a pseudonymized manner
Video Surveillance
Use of cameras for monitoring and recording individuals
Processors
Entities that process data on behalf of controllers
Types of Special Categories of Personal Data
A dedicated topic is needed to comprehensively cover the specific types and definitions of special categories of personal data, including racial/ethnic origin, political opinions, religious beliefs, genetic data, biometric data, health data, and criminal convictions.
Direct Marketing
Processing for marketing and advertising purposes
Employees
Employee data protection and workplace privacy
Data Processor
The entity that processes personal data on behalf of the controller
Accuracy
Principle that personal data must be accurate and up to date
Marketing
Use of personal data for marketing and advertising purposes
Liability
Legal responsibility for GDPR violations and damages
AI Impact Assessment
This new topic is needed because fundamental rights impact assessments are a specific and distinct requirement under the AI Act (Article 27) for high-risk AI systems, requiring dedicated coverage of assessment methodologies, rights considerations, and documentation requirements that are not adequately covered by existing topics.
International Transfer
Transfer of personal data outside the EU/EEA
AI Information Duties
This new topic is needed because the AI Act imposes specific duties on providers to inform relevant parties (users, authorities, affected persons) about corrective actions, incidents, and system modifications, which represents a distinct compliance obligation that warrants separate topical coverage.
AI Record-Keeping
The AI Act imposes specific record-keeping obligations for AI systems that are distinct from general GDPR record-keeping. A dedicated topic would capture AI-specific documentation, logging, and record retention requirements that differ from traditional data protection record-keeping.
Integrity and Confidentiality Principle
While security and beveiliging topics exist, there is no dedicated topic for the integrity and confidentiality principle specifically as articulated in GDPR Article 5(1)(f), which is a distinct foundational principle requiring separate coverage.
Fairness & Transparency
Fairness and transparency are co-principles with lawfulness in Article 5(1)(a) GDPR and are inseparable from the concept of lawful processing, deserving dedicated coverage.
Criminal Data
Processing of criminal convictions and offences
Health Data
Processing of health and medical data
Lawful Basis
This topic is essential as Article 6 GDPR provides the specific legal bases that determine whether processing is lawful, which is the core requirement of the 'Lawfulness of processing' content.
Compensation Mechanisms and Remedies
The content specifically addresses 'Compensation' as a standalone topic from the DSA, which requires dedicated coverage for compensation procedures, eligibility criteria, calculation methods, and enforcement mechanisms for both individual and collective remedies.
Corrective Actions and Duty of Information Framework
This topic combines two interconnected AI Act obligations: the requirement for providers to take corrective actions when systems fail to comply, and the corresponding duty to inform authorities and stakeholders about these actions and any identified issues. This integrated framework is essential for understanding post-market compliance mechanisms.
Identification
Methods and processes for identifying individuals
Right to be Forgotten
Right to have personal data erased under certain conditions
Social Media
Social networking platforms and privacy considerations
Special Categories of Data
Sensitive data requiring enhanced protection (health, biometric, etc.)
Archiving
Archiving in the public interest
Representatives
Representatives of controllers not established in the EU
Professional Secrecy
Confidentiality obligations for data protection personnel
Automated Decision-Making
Processing involving automated decisions without human involvement
DPIA
Data Protection Impact Assessment - systematic evaluation of processing risks
Right of Access
Data subject right to access their personal data
Fines
Administrative fines imposed for GDPR violations
Confidentiality Obligations and Requirements
This topic is needed to comprehensively address confidentiality as a distinct data protection principle in the AI Act and GDPR, covering obligations, requirements, and implementation measures specific to maintaining confidentiality of personal and sensitive data.
Data Subject Rights Exercise Modalities and Procedures
This content specifically addresses the transparent communication and practical modalities for how data subjects can exercise their GDPR rights, which is not adequately covered by existing topics focused on individual rights in isolation.
Privacy Impact Assessment
Data protection impact assessments (DPIA)
Audit Logs
Logging and auditing of processing activities
Authority Cooperation
This new topic is needed because the AI Act establishes specific cooperation and coordination mechanisms between AI providers/deployers and competent authorities that are distinct from general compliance obligations and warrant dedicated coverage.
Right of Access Procedures
This new topic is needed because Article 15 GDPR deserves dedicated coverage for its specific procedures, requirements, timelines, formats, and exceptions related to the right of access by data subjects.
Prior Consultation
Consultation with supervisory authority before processing
Biometric Data
Processing of biometric data for identification
Annex III Amendments
This new topic is needed because amendments to Annex III represent specific regulatory changes to the AI Act's classification framework that warrant dedicated tracking and analysis separate from general AI Act compliance.
Right to Object
Data subject right to object to processing
Cookies
Online tracking technologies and consent requirements
Codes of Conduct
Industry codes of conduct for data protection
Notification Obligation
Duty to report data breaches to authorities and affected individuals
Access Controls
Access management and authentication
Legitimate Interest
Processing necessary for legitimate interests pursued by controller or third party
Encryption
Encryption and cryptographic measures
Biometric Data
Unique physical characteristics used for identification
Storage Limitation
Principle that data should not be kept longer than necessary
National-Level Risk Procedures for AI Systems
This specific topic addresses the national-level procedural framework for identifying, assessing, and responding to AI systems presenting risks, which is distinct from general market surveillance and authority powers, and represents a key procedural mechanism in the AI Act.
Privacy by Design
Embedding data protection into system design from the outset
Data Portability
Right to receive and transfer personal data in structured, machine-readable format
Certification
Data protection certification mechanisms
Statistics
Statistical purposes and statistical processing
Joint Controllers
Multiple controllers jointly determining purposes and means
NIS2 Jurisdiction and Territoriality
This new topic is needed because NIS2 has specific provisions on jurisdiction and territoriality that determine how the regulation applies across member states and to third-country entities, which is not adequately covered by existing topics.
Privacy by Default
Ensuring highest privacy settings apply by default
GDPR Subject-Matter and Objectives
This content is specifically about the introductory provisions establishing the subject-matter and objectives of the GDPR, which is a distinct topic from general scope/definitions that deserves its own classification for regulatory framework documentation.
Notified Body Reporting and Notification Obligations
The content addresses specific reporting and notification obligations of notified bodies to authorities and other stakeholders, which is a distinct operational requirement deserving separate coverage.
Risk Management System
This new topic is needed because risk management systems are a distinct and mandatory requirement under the AI Act, encompassing systematic processes for identifying, assessing, mitigating, and monitoring risks throughout an AI system's lifecycle, which is not adequately covered by existing topics.
DSA Scope and Digital Services Coverage
The content is from the DSA (Digital Services Act), not the AI Act. A dedicated topic for DSA scope is needed to distinguish it from AI Act scope provisions and to properly categorize DSA-specific regulatory coverage.
Retention Period
The duration for which personal data may be stored
Prohibited AI Practices
The content specifically addresses prohibited AI practices under the AI Act, which is a distinct regulatory concept not adequately covered by existing topics. This requires its own topic to capture the specific restrictions, enforcement mechanisms, and compliance requirements.
Genetic Data
Processing of genetic and hereditary data
NIS2 Addressees and Responsible Entities
The 'Addressees' section of NIS2 specifically identifies and defines the entities and authorities to whom the directive applies and who bear responsibility for compliance. This requires a dedicated topic covering the identification, classification, and designation procedures for all addressees under NIS2.
AI Risk Assessment
The AI Act employs a risk-based regulatory approach to determine which practices are prohibited, requiring assessment and classification of AI system risks, which is distinct from general DPIA and needs dedicated coverage.
Inspection Access Rights and Cooperation Obligations
A dedicated topic is needed to address the specific rights of inspectors to access facilities, systems, and documents, and the corresponding obligations of AI providers and deployers to cooperate with inspections.
Privacy Shield
Former EU-US data transfer framework (invalidated)
AI Act Scope
The 'Subject matter' section is foundational to understanding what the AI Act covers, defines key terms, and establishes the scope of application. This concept deserves its own dedicated topic as it is distinct from general compliance requirements.
GDPR Article 5 Principles of Processing
This content specifically addresses the foundational principles of personal data processing under GDPR Article 5, which encompasses multiple related but distinct principles that warrant a dedicated topic for comprehensive coverage of this critical regulatory framework.
GPAI Systemic Risk
This new topic is needed because the content specifically addresses the classification and identification of general-purpose AI models that present systemic risk, which is a distinct regulatory category under the AI Act that requires dedicated coverage separate from general high-risk AI classification.
High-Risk AI Classification
The content specifically addresses classification rules for high-risk AI systems under the AI Act, which is a distinct regulatory concept requiring its own dedicated topic beyond the general 'AI Risk Assessment' category.
Right to Rectification
Right to have inaccurate personal data corrected
AI Act Notification
While 'notifying-authorities-procedures-ai' exists, a dedicated topic for the specific 'Notification Procedure' from the AI Act would provide more granular coverage of this particular procedural mechanism, including its specific requirements, timelines, and implementation within the AI Act framework.
Right to Erasure
Right to be forgotten and data erasure
Cloud Computing
Use of cloud services and associated data protection requirements
Digital Services Coordinators under DSA
This new topic is needed because Digital Services Coordinators are a distinct institutional role under DSA with specific designation procedures, responsibilities, and powers that warrant dedicated coverage separate from general competent authorities.
Article 19 GDPR - Notification of Rectification, Erasure or Restriction
This specific GDPR provision addresses the controller's obligation to notify data subjects and third parties about rectification, erasure, or restriction of processing. It is a distinct procedural requirement that deserves its own dedicated topic for comprehensive coverage of notification obligations under Article 19.
Notified Body Information Obligations
This specific topic is needed to comprehensively cover the distinct information obligations that notified bodies must fulfill under the AI Act, including their duties to disclose assessment findings, report non-compliance, notify authorities of incidents, and provide transparent information to stakeholders.
AI Accuracy Requirements
Accuracy is a critical AI Act requirement deserving dedicated topic coverage for measurement, validation, monitoring, and maintenance of AI system performance standards.
Out-of-Court Dispute Settlement under DSA
This is a distinct DSA topic that warrants its own entry, as it covers specific procedures, requirements, and mechanisms for resolving disputes outside of court, including mediator qualifications, settlement procedures, and accessibility requirements that are not adequately covered by existing topics.
AI Incident Notification
The AI Act establishes specific procedures for notifying authorities about serious incidents and anomalies in high-risk AI systems, which requires dedicated coverage distinct from general information duties and incident reporting.
Compensation Mechanisms and Remedies under DSA
The DSA content section on 'Compensation' requires a dedicated topic to address compensation mechanisms, procedures, and remedies available under the Digital Services Act, which is distinct from general liability frameworks.
AI Board Engagement
Board tasks likely include engaging with various stakeholders, consulting with member states, industry, and civil society, which warrants a dedicated topic on stakeholder engagement mechanisms.
Notifying Authorities
This topic is needed to specifically address the procedures, requirements, timelines, and mechanisms for notifying authorities about AI systems, incidents, and compliance matters under the AI Act, which is a distinct regulatory obligation not fully captured by existing topics.
Conformity Assessment for AI Systems
Provider obligations typically include conformity assessment procedures and documentation requirements, which is a specific compliance mechanism under the AI Act that warrants dedicated coverage.
Entry Into Force
This new topic is needed to specifically address the temporal aspects of when the AI Act and its various provisions enter into force and become applicable to different actors and systems.
Unacceptable Risk AI Systems
The content specifically addresses unacceptable-risk AI systems as a distinct category of prohibited practices, warranting a dedicated topic for this specific classification and its requirements.
Competent Authorities Designation and Powers under DSA
The content is titled 'Competences' from the DSA and discusses the allocation and scope of authority powers under the Digital Services Act. This requires a dedicated topic covering DSA-specific competent authority designation, powers, and responsibilities.
DSA Terms and Conditions Requirements
This new topic is needed to specifically address the requirements for terms and conditions documents under the DSA, including transparency, accessibility, and mandatory content requirements for digital service providers.
Data Portability
Right to receive and transfer personal data
Infringement Reporting
This specific topic is needed to comprehensively cover Article 84 of the AI Act, which establishes a dedicated framework for reporting infringements and protecting those who report them, including confidentiality protections and safeguards against retaliation.
VLOP/VLSE Framework
The content title specifically focuses on 'Very large online platforms and very large online search engines' as a distinct regulatory category under the DSA. A dedicated topic covering the comprehensive regulatory framework, definitions, and comparative analysis of these two service categories would provide better organization and clarity than distributing this information across multiple existing topics.
Anonymization
Processing anonymized data that cannot be re-identified
NIS2 Transposition Procedures and Requirements
The content is specifically about NIS2 transposition, which is a distinct regulatory process involving how member states convert EU directives into national law. This topic is not adequately covered by existing topics and deserves its own dedicated entry.
Standards Publication
The content discusses how harmonised standards are published and enter into force, which is a distinct procedural topic that deserves dedicated coverage separate from general standards adoption.
AI Provider Transparency
This specific topic is needed to comprehensively cover the transparency obligations framework that applies to both providers and deployers of AI systems, which is a distinct and important compliance area under the AI Act that warrants its own dedicated topic for better organization and retrieval.
AI Transparency
This new topic is needed to specifically capture the transparency obligations framework for AI systems providers and deployers, which is a distinct and comprehensive requirement under the AI Act that encompasses disclosure of system characteristics, performance metrics, limitations, and intended use to end-users and relevant stakeholders.
Provider Obligations for AI Systems
The content specifically addresses obligations imposed on providers of high-risk AI systems, which is a distinct and important category of requirements that deserves its own dedicated topic for better organization and searchability.
Religious Beliefs
Processing of religious or philosophical beliefs
Single Point of Contact for AI Regulation
The establishment of single points of contact represents a distinct procedural and coordination mechanism within the AI Act that warrants separate coverage from general competent authority designation, as it focuses specifically on communication and liaison functions.
AI Enforcement Actions
The Penalties section includes procedural aspects of how penalties are imposed, appealed, and enforced, which warrants a dedicated topic covering the administrative and procedural dimensions of penalty enforcement.
Committee Procedure under AI Act
The content specifically addresses 'Committee procedure' as a distinct procedural mechanism under the AI Act. This topic is not adequately covered by existing topics and requires its own dedicated entry to capture the specific procedural rules, voting mechanisms, composition requirements, and decision-making processes of regulatory committees established under the AI Act framework.
Meaningful Human Review and Decision-Making
The content on human oversight emphasizes the need for meaningful human review and decision-making authority, which deserves its own dedicated topic to distinguish it from general oversight mechanisms.
Right to Restriction
Right to restrict processing of personal data
Commitments Framework under DSA
The content is specifically about 'Commitments' under DSA, which represents a distinct regulatory mechanism separate from but related to codes of conduct. Commitments are formal undertakings by service providers to comply with specific standards and should have their own dedicated topic for proper classification and retrieval.
Transparency Reporting Obligations Overview
While individual aspects of transparency reporting are covered by existing topics, there is no comprehensive overview topic that addresses transparency reporting obligations as a unified framework under DSA Article 24, including the general principles, scope, and procedural requirements.
Administrative Fines on Union Institutions, Bodies, Offices and Agencies
This specific provision addresses a distinct category of administrative fines applicable exclusively to Union institutions, bodies, offices and agencies, which differs from fines applicable to private actors and requires separate treatment to capture the unique institutional context and procedures.
Market Surveillance and Control of AI Systems
This new topic is needed to comprehensively cover the specific procedures, mechanisms, and authorities involved in market surveillance and control of AI systems under the AI Act, which is a distinct regulatory domain not fully captured by existing topics.
AI Act Material Scope
The material scope defines which types of AI systems and activities fall within the regulation's coverage, including specific exclusions and definitional boundaries that merit dedicated coverage.
Mutual Assistance Between Member States for AI Oversight
This topic is essential as the provision specifically addresses mutual assistance mechanisms between member states and the AI Office for coordinating market surveillance and control activities for AI systems.
AI Registration
The AI Act includes specific registration requirements for high-risk AI systems and their providers. This topic is not adequately covered by existing topics and requires dedicated coverage of registration procedures, databases, timelines, and obligations specific to AI systems under the AI Act.
Authority Powers for Fundamental Rights Protection
This new topic is needed because the content specifically addresses the powers and authorities granted to competent authorities to protect fundamental rights in AI systems, including inspection, intervention, and corrective action powers that are not adequately covered by existing topics.
Notified Body Responsibilities and Operational Obligations
This new topic is needed to capture the specific operational obligations, responsibilities, and procedural requirements that notified bodies must fulfill when conducting conformity assessments and maintaining their designation.
Human Oversight
This new topic is needed because human oversight is a specific and distinct requirement under the AI Act that deserves dedicated coverage, encompassing mechanisms for human control, intervention, and review of AI system operations and decisions.
Information Provision Modalities and Communication Methods
The content focuses on how information should be communicated to data subjects (transparent, clear, accessible modalities), which is distinct from the content of information itself and deserves its own topic covering communication methods and accessibility requirements.
Application Scope: Temporal and Territorial Dimensions
This topic is needed to capture the specific provisions regarding when (temporal) and where (territorial) the AI Act applies, which are distinct from general scope and definitions.
AI Corrective Actions
This new topic is needed because corrective actions are a specific and distinct obligation under the AI Act that encompasses systematic procedures for addressing identified risks, defects, and incidents in AI systems, requiring dedicated coverage separate from general risk management.
Delegation of Powers
The content specifically addresses 'Exercise of the delegation' which is a distinct procedural topic covering how delegated powers are exercised, implemented, and managed within the AI Act framework. This topic is not adequately covered by existing topics and deserves its own dedicated classification.
Digital Services Coordinator
While 'digital-services-coordinators-dsa' exists, a more specific topic on the establishment, institutional framework, and foundational role of DSCs would better capture the comprehensive nature of this content about competent authorities and their designation.
Infringement Reporting Procedures and Mechanisms
This new topic is needed because the content specifically addresses the procedures, mechanisms, and requirements for reporting infringements of AI Act requirements, which is a distinct procedural framework not adequately covered by existing topics.
Hosting Services under DSA
While intermediary liability and DSA scope topics exist, there is no dedicated topic specifically for hosting services, their liability conditions, exemptions, and specific obligations under DSA Article 6, which represents a distinct regulatory category requiring focused coverage.
Notified Body Independence
Notified bodies must maintain strict independence and impartiality standards, which are critical operational obligations that warrant a dedicated topic for detailed coverage.
Right to Explanation
This topic is essential as it specifically addresses the fundamental right of individuals to receive meaningful explanations about how automated decisions affecting them are made, which is a critical transparency and accountability mechanism in both GDPR and AI Act frameworks.
NIS2 Repeal Provisions
The content is titled 'Repeal' from NIS2 source material, indicating it contains provisions that repeal or supersede previous legislation. This is a distinct regulatory concept requiring its own topic for proper classification of legislative replacement and transition provisions.
Notified Bodies for AI Systems
This topic is needed to comprehensively cover the role, responsibilities, and obligations of notified bodies in the AI Act conformity assessment framework, including their designation, accreditation, and operational requirements.
AI Office Establishment and Role
The AI Office is a new institutional body created by the AI Act with specific establishment procedures, roles, responsibilities, and governance structures that warrant dedicated coverage distinct from general procedural frameworks.
Anonymization
Irreversible removal of identifying information from data
Codes of Practice Compliance and Monitoring
Codes of practice require specific mechanisms for monitoring compliance and enforcement, which is distinct from general AI Act compliance and deserves dedicated topic coverage.
Compliance Independence
DSA compliance functions require independence and impartiality to effectively monitor and enforce compliance. This topic is needed to address the specific requirements for maintaining compliance function independence from operational pressures and conflicts of interest.
Distributor Obligations for AI Systems
The AI Act Article 26 specifically addresses distributor obligations as a distinct category of supply chain actors. This topic is essential to comprehensively cover distributor-specific requirements including verification of provider compliance, information provision, cooperation with authorities, and post-market surveillance responsibilities.
Scientific Panel Independence
A specific topic is needed to address the independence and impartiality requirements that are critical for scientific panels to maintain credibility and objectivity in their advisory role.
Data Governance for AI
The AI Act's section on 'Data and data governance' requires specific provisions for managing training data, validation data, and test data in AI systems. This concept is distinct from general data protection and deserves its own topic to capture AI-specific data governance requirements including data quality, documentation, and management practices.
Notified Body Assessment Procedures
The content extensively covers the operational procedures and methodologies that notified bodies must follow when conducting conformity assessments, which deserves its own dedicated topic.
Data Access and Scrutiny Mechanisms under DSA
This new topic is needed because the content specifically addresses data access and scrutiny as a distinct DSA requirement, which encompasses mechanisms for authorities, researchers, and civil society to access and examine platform data for compliance verification and systemic risk assessment.
High-Risk AI Obligations
This specific topic is needed to comprehensively cover the distinct set of obligations imposed specifically on providers of high-risk AI systems under Articles 16-17 of the AI Act, which is the core subject of this content and goes beyond general provider obligations.
AI Corrective Powers
This new topic is needed to specifically address the corrective and intervention powers that authorities possess to protect fundamental rights, including emergency measures, system suspensions, and market restrictions that go beyond standard inspection and monitoring activities.
Conformity Body Notification
This new topic is needed because the content specifically addresses the application and notification procedures for conformity assessment bodies under the AI Act, which is a distinct regulatory mechanism not adequately covered by existing topics.
Notified Body Competence Challenges and Dispute Resolution
This new topic is needed because the content specifically addresses challenges to the competence of notified bodies, which is a distinct regulatory mechanism not adequately covered by existing topics. It encompasses dispute resolution procedures, grounds for challenges, and remedial actions related to notified body competence.
Crisis Response Mechanism for AI Systems
This new topic is needed because 'crisis response mechanism' is a specific procedural framework under the DSA/AI Act that enables rapid coordinated responses to emerging systemic risks, and it is not adequately covered by existing topics focused on individual authority powers or general safeguard procedures.
Market Surveillance Corrective Actions and Enforcement
This topic addresses the specific enforcement and corrective actions available to authorities during market surveillance, including withdrawal, suspension, and remedial measures, which are distinct from general corrective action procedures.
Political Opinions
Processing of political views and affiliations
Annex III Classification Changes and Updates
The content specifically addresses amendments to Annex III, which represents a distinct regulatory mechanism for updating high-risk AI system classifications. This topic would capture the procedural and substantive aspects of how Annex III is modified over time.
Delegated Acts
This content specifically addresses the procedural framework for adopting delegated acts under the AI Act, including how they apply to safety components and sectoral regulations. This is a distinct procedural topic not adequately covered by existing topics.
Online Interface Design and Organization
This topic is needed to specifically address DSA requirements regarding how online service providers must design and organize their interfaces to ensure transparency, accessibility, and compliance with content moderation and user information obligations. It bridges interface design principles with regulatory compliance requirements.
Technical Documentation for AI Systems
The AI Act imposes specific technical documentation requirements for AI systems, particularly high-risk AI systems. This dedicated topic would cover the mandatory documentation of system design, functionality, performance, testing, and operational parameters required for AI Act compliance.
Whistleblower Protection
This new topic is essential because the content explicitly addresses the protection of reporting persons, including safeguards against retaliation, confidentiality measures, and legal protections, which constitute a critical and distinct regulatory framework within the AI Act.
AI Investigative Powers
This new topic is needed to specifically address the investigative and information-gathering powers of competent authorities under the AI Act, which is distinct from general cooperation obligations and encompasses the procedural mechanisms for requesting and obtaining documentation.
Voluntary Information Disclosure and Reporting
This new topic is needed to specifically address voluntary notification mechanisms and information disclosure requirements that go beyond mandatory reporting, capturing the proactive communication obligations of AI system operators and providers to relevant authorities and stakeholders.
AI Governance Framework
Compliance with AI Act requirements involves establishing a comprehensive governance framework covering organizational structures, policies, and procedures, which is distinct from individual compliance obligations.
Conformity Assessment Procedures and Methodologies
This new topic is needed to specifically address the procedural and methodological aspects of conformity assessment for AI systems, including step-by-step procedures, assessment phases, documentation requirements, and reporting mechanisms that are distinct from the general conformity assessment concept.
Interim Measures under AI Act
This new topic is needed to specifically address interim measures provisions in the AI Act, which allow authorities to take temporary protective actions against high-risk AI systems that pose immediate risks to fundamental rights, safety, or public security, pending full compliance assessment or corrective actions.
Training Data Requirements
The AI Act specifically addresses requirements for training, validation, and test data used in high-risk AI systems. This warrants a dedicated topic covering data sourcing, quality standards, documentation requirements, and characteristics that must be maintained for AI model development.
AI Office Enforcement
The AI Office's specific enforcement and corrective powers warrant a dedicated topic distinct from general market surveillance coordination.
Commitments Framework under DSA
The content specifically addresses 'Commitments' as a distinct DSA mechanism that warrants its own dedicated topic, separate from general codes of conduct, as it represents a specific framework for voluntary undertakings by service providers with particular procedural and compliance characteristics.
European Cybersecurity Certification Schemes
This new topic is needed to specifically address European cybersecurity certification schemes (EUCS) as referenced in NIS2, which establish a framework for certifying cloud services and other ICT products/services against defined security criteria.
Advertising Practices and Requirements under DSA
This new topic is needed to specifically address advertising practices on online platforms under DSA, including transparency requirements, content moderation of ads, disclosure of sponsored content, and protection against misleading or deceptive advertising practices.
AI System Manipulation and Exploitation Practices
The prohibited AI practices content likely addresses specific manipulation and exploitation techniques that are banned, which represents a distinct regulatory concern beyond general prohibition.
Points of Contact for Commission and Board under DSA
While general points of contact topics exist, this content specifically addresses the establishment and coordination of contact points between Member States' authorities, the Commission, and the Board as a unified DSA governance mechanism, which warrants a dedicated topic.
Child Consent
This new topic is needed because the content specifically addresses the unique conditions and requirements for obtaining valid consent from children in the context of information society services, which is distinct from general consent requirements and requires specialized treatment of age verification, parental involvement, and child-specific safeguards.
GPAI Enforcement
This new topic is needed because the content specifically addresses the enforcement of GPAI provider obligations, which requires dedicated procedures and mechanisms distinct from general AI system enforcement.
Notice and Action Mechanisms under DSA
This new topic is needed to specifically address the notice and action procedures that are central to DSA compliance, including how service providers must notify users of content moderation decisions, how authorities issue orders, and the procedural requirements for these mechanisms.
Right to Information under DSA
The DSA source material suggests this content addresses information rights specific to digital services, which may differ from AI Act information requirements and warrant a dedicated DSA-specific topic.
Union Safeguard Procedure for AI Systems
This new topic is needed because the Union safeguard procedure is a distinct and critical procedural mechanism in the AI Act that coordinates emergency interventions across member states and EU institutions, requiring its own dedicated topic for comprehensive coverage of safeguard activation criteria, procedures, timelines, and coordination mechanisms.
AI Act Territorial Scope
The scope section of the AI Act includes specific provisions on territorial applicability and which providers are subject to the regulation regardless of their location, warranting a dedicated topic.
Authority Access Rights to AI Systems and Documentation
This new topic would specifically address the rights and procedures for competent authorities to access AI systems, facilities, documentation, and data during oversight activities, which is a critical component of the cooperation framework but not fully captured by existing topics.
Intermediary Liability Framework under DSA
This topic is needed to comprehensively cover the broader intermediary liability framework under the DSA, of which mere conduit is one component, including the conditions, standards, and exemptions that apply to different types of digital services.
Caching Services under DSA
Caching is a specific intermediary service category under DSA Article 5 with distinct liability conditions and technical requirements that warrant dedicated topic coverage separate from general intermediary liability frameworks.
AI Act General Procedural Framework
The source document is specifically titled 'Procedure' from the AI Act, suggesting a comprehensive procedural section that warrants a dedicated topic covering the general procedural framework, mechanisms, and requirements applicable across the regulation.
AI Board Decision-Making and Voting Procedures
The content discusses Board tasks which necessarily involve decision-making procedures, voting mechanisms, and how the Board exercises its authority and functions.
Monitoring Actions under AI Act
The content specifically addresses 'Monitoring actions' as a distinct topic under the AI Act, which encompasses systematic oversight procedures, compliance verification, and market surveillance activities that are not fully captured by existing more general monitoring topics.
AI Act Procedures
The 'Procedure' section of the AI Act establishes the overarching procedural framework and mechanisms for implementing and enforcing the regulation. This topic is needed to capture the procedural architecture that underpins all compliance, assessment, and enforcement activities under the AI Act.
Points of Contact for DSA Service Recipients
This new topic is needed to specifically address the DSA requirement for service providers to maintain accessible points of contact for recipients of services, including procedures for designation, accessibility requirements, and communication obligations.
Right to Be Heard under DSA
This topic is needed to specifically address the procedural right to be heard in DSA contexts, which is distinct from general complaint rights and encompasses the right to present one's case before decisions are made.
Post-Market Monitoring for AI Systems
Risk management systems require ongoing post-market monitoring to identify and respond to risks that emerge during real-world deployment. This is a distinct and critical component that warrants its own topic.
AI Act Definitions and Terminology
While 'AI Act Scope and Definitions' exists, a more granular topic specifically focused on the definitional content and terminology would better capture the nuanced nature of how the AI Act defines key concepts like 'AI system,' 'high-risk,' 'provider,' 'deployer,' and other foundational terms that are essential for understanding and implementing the regulation.
Compliance Function Establishment and Role
The DSA content specifically addresses compliance functions as organizational entities with defined roles, responsibilities, and governance structures. This topic is needed to comprehensively cover the establishment, structure, and operational framework of compliance functions under DSA requirements.
Implementation Guidelines
This content is specifically about Commission guidelines for implementing the AI Act. A dedicated topic would capture guidance documents, interpretive materials, and practical implementation support materials from the European Commission.
Points of Contact
The DSA provision on points of contact emphasizes accessibility and effective communication with service recipients. This specific topic would capture the detailed requirements for making contact points accessible, responsive, and user-friendly, which is distinct from general contact point designation procedures.
DSA Transparency
This new topic is needed because the content specifically addresses transparency reporting obligations for intermediary service providers under the DSA, which is a distinct and important compliance requirement that deserves dedicated coverage separate from general transparency obligations or AI-focused transparency requirements.
AI Board Secretariat and Administrative Support
The structure of the Board necessarily includes information about its secretariat and administrative support infrastructure, which is a key organizational component not adequately covered by existing topics.
Presumption of Conformity for AI Systems
This new topic is needed because the content specifically addresses the legal mechanism of 'presumption of conformity with requirements relating to notified bodies,' which is a distinct procedural concept in the AI Act that deserves its own dedicated topic for proper classification and retrieval of related regulatory content.
AI Board Member Appointment and Designation Procedures
The content likely addresses procedures for appointing members to the AI Board from member states and other stakeholders, which is a distinct procedural aspect not fully covered by existing topics.
AI Transitional Provisions
The content specifically addresses AI systems already placed on the market, which raises questions about transitional arrangements, compliance deadlines, and how existing deployments are regulated differently from new systems entering the market.
Codes of Practice Development and Adoption Procedures
The content specifically addresses 'Codes of practice' as a regulatory mechanism, requiring detailed coverage of how these codes are developed, adopted, and implemented within the AI Act framework.
Quality Management
This new topic is needed to specifically address the detailed requirements, implementation procedures, and operational aspects of quality management systems for AI systems as mandated by Article 17 of the AI Act, which is distinct from general quality management concepts.
AI Act Compliance
The AI Act introduces specific compliance obligations and requirements that differ from general GDPR compliance, warranting a dedicated topic for AI Act-specific regulatory requirements and obligations.
AI Act Requirements
The content specifically addresses 'Compliance with the requirements' from the AI Act, which warrants a dedicated topic for AI Act-specific requirements that goes beyond general compliance and risk assessment topics.
Documentation Keeping for AI Systems
While 'record-keeping-ai' exists, a more specific topic focused on documentation keeping as a distinct concept would better capture the AI Act's specific requirements around maintaining, organizing, and preserving documentation throughout an AI system's lifecycle, including technical, compliance, and operational documentation.
Algorithm Transparency
DSA Article 24 transparency reporting includes specific requirements for algorithmic transparency and recommendation system disclosure. This warrants a dedicated topic separate from general transparency obligations to address the unique technical and substantive requirements for algorithmic system reporting.
Activity Reports under DSA
Activity reports are a specific and distinct DSA transparency mechanism that deserves dedicated coverage. While related to general transparency reporting, activity reports have unique requirements regarding content, frequency, metrics, and publication that warrant a dedicated topic.
AI Act Compliance Overview
A dedicated topic for the comprehensive overview of AI Act compliance requirements would help organize content that discusses the full scope of obligations across different actor types and system categories.
Annex III High-Risk AI Categories
The classification rules reference specific categories of high-risk AI systems listed in Annex III, which warrant a dedicated topic to address the enumerated use cases and application domains that trigger high-risk classification.
DSA Subject Matter and Regulatory Scope
While there are similar topics for AI Act subject matter, there is no specific topic dedicated to DSA subject matter and regulatory scope, which is distinct from the AI Act and requires its own dedicated topic for proper classification of DSA foundational provisions.
Deployer Obligations for AI Systems
The content specifically addresses obligations of deployers (users/operators) of high-risk AI systems under the AI Act, which is distinct from provider obligations and requires its own dedicated topic for comprehensive coverage of deployer-specific requirements.
Topics awaiting content (6)
AI Act Penalties and Fines Framework
The 'Penalties' section from the AI Act requires a dedicated topic to comprehensively cover the penalty framework, calculation methodologies, aggravating/mitigating factors, and enforcement procedures specific to AI Act violations.
AI Board Tasks and Responsibilities
The content addresses the specific tasks, functions, and responsibilities assigned to the European AI Board, which represents a distinct aspect of its establishment and role.
Codes of Conduct Framework under DSA
This new topic is needed to specifically address the DSA's approach to codes of conduct as a regulatory tool, including their development, governance, approval, and effectiveness within the Digital Services Act framework.
Cross-Regulation Integration: AI Act and Sectoral Requirements
The content emphasizes how delegated acts under the AI Act must take into account requirements from sectoral regulations (specifically Regulation 2024/1689 for safety components). This cross-regulatory integration is a distinct topic requiring dedicated coverage.
DSA Definitions and Terminology
The content is specifically from the DSA (Digital Services Act) definitions section, which requires its own topic distinct from AI Act definitions, as the DSA has different scope, actors, and regulatory framework focused on digital services and online platforms rather than AI systems.
Notified Body Requirements and Operational Framework under AI Act
This new topic is needed to comprehensively cover the specific requirements and operational framework that notified bodies must follow under the AI Act, including their designation, competence, independence, assessment procedures, and reporting obligations.