R&D: Reflections on Data Protection Compliance of AI Systems under EU AI Act

Cogent Social Sciences has published an article written by Balázs Hohmann, and Gergő Kollár, Department of Technology Law and Energy Law, University of Pécs, Pécs, Hungary.

Abstract: “The European Union’s Artificial Intelligence Act (AI Act) establishes a novel regulatory framework for AI systems, with far-reaching implications for data protection compliance. This study critically analyses the regulatory environment created by the Act and its interaction with the General Data Protection Regulation (GDPR), addressing whether it provides clearer compliance pathways or introduces additional burdens for developers. Using comparative legal analysis, the research finds that the AI Act supplements the GDPR through a risk-based approach that subjects high-risk AI systems to specific obligations. Key concerns include algorithmic opacity, bias, and legal uncertainty in profiling and automated decision-making. The analysis shows that the AI Act attempts to mitigate these risks by strengthening requirements on risk assessment, human oversight, and data governance. While the Act broadly aligns with GDPR principles such as transparency, fairness, and accountability, it also introduces new procedural and documentation duties that may increase compliance complexity. Overall, the study concludes that the AI Act constitutes a complementary yet stricter regulatory layer for AI-driven data processing, balancing innovation with fundamental rights protection and requiring joint interpretation with the GDPR to ensure coherent application.“