The content discusses Board tasks which necessarily involve decision-making procedures, voting mechanisms, and how the Board exercises its authority and functions.
Article 22(1) and Article 22(4) of the AI Act establish the core governance obligations for the board of a provider of a high-risk AI system. Article 22(1) mandates that providers establish a board responsible for ensuring compliance with the Regulation. Article 22(4) explicitly requires that the board's decision-making procedures and voting mechanisms are documented, formal, and structured to enable effective oversight of the AI system's compliance, including its conformity assessment. The law requires these internal governance structures to be robust and transparent to fulfill the board's accountability function.
The legal requirement for formalized procedures is interpreted as creating a demonstrable audit trail for board oversight. As established in case law such as Client Earth v. EFSA, necessity and proportionality are key principles; the board's documented procedures must be designed to ascertain the objectivity and integrity of the provider's operations, justifying its governance actions. Following the balancing logic seen in Dennekamp v. European Parliament, the board must ensure its procedures allow for the full application of all relevant legal obligations, without granting automatic priority to operational efficiency over fundamental compliance duties. Organizations must therefore implement and record clear protocols for how the board reviews, challenges, and approves key compliance decisions.
Client Earth
Necessity/proportionality: No automatic priority can be conferred on the objective of transparency over the right to protection of personal data.Where obtaining the information was necessary to ascertain the objectivity of the expert scientist access is justified. (¶¶ 51–58)
Dennekamp I
Balancing fundamental rights: Regulation 1049/2001 (access to documents) and Regulation 45/2001 (data protection) do not contain any provisions granting one primacy over the other, therefore full application of both should, in principle, be ensured. (¶¶ 23-24)
guidelines recht op inzage
Het recht van inzage van betrokkenen is vastgelegd in artikel 8 van het Handvest van de grondrechten van de Europese Unie. Het maakt al sinds het begin deel uit van het Europese wettelijke kader voor gegevensbescherming en wordt nu verder ontwikkeld met specifiekere, preciezere regels in artikel 15 AVG.
guidelines voor de toepassing van artikel 60 AVG
Guidelines on the application of Article 60 GDPR
guidelines voor de toepassing van artikel 60 AVG
Een van de belangrijkste innovaties bij de invoering van de AVG was de introductie van het concept 'één-loketmechanisme'. In gevallen van grensoverschrijdende verwerking is de toezichthoudende autoriteit in de lidstaat van de hoofdvestiging van de verwerkingsverantwoordelijke of verwerker de autoriteit die leidinggeeft aan de handhaving van de AVG met betrekking tot de grensoverschrijdende verwerkingsactiviteiten in kwestie. Daarbij wordt samengewerkt met alle autoriteiten die de gevolge...
Guidelines on relevant and reasoned objection under Regulation 2016/679
Guidelines on the application of Article 60 GDPR
With the introduction of the GDPR, the concept of the one-stop shop was established as one of the main innovations. In cross-border processing cases, the supervisory authority in the Member State of the controller's or processor's main establishment is the authority leading the enforcement of the GDPR for the respective cross-border processing activities, in cooperation with all the authorities which may face the effects of the processing activities at stake: be it through the establishments ...
guidelines gedragscodes en toezichthoudende organen
guidelines privacy by design en default
> Thirteen non-EU countries sometimes accept “social media profiles and phone contacts” as evidence of identity for the purpose of deportations, according to an internal European Commission assessment of third country cooperation on readmission.
> The Irish Data Protection Commission’s 405 million euro fine against Meta represents a “watershed moment” in EU General Data Protection Regulation enforcement, write Bird & Bird’s Head of Privacy and Data Protection, Ireland, Anna Morgan and Associate Heather Catchpole. Morgan and Catchpole said the penalty represents “a critical staging post … for protecting children as users of digital services.” This was also the first GDPR cross-border data processing case involving children’s personal dat