Belgium's Data Protection Authority on the Interplay of the EU AI Act and the GDPR

The Belgium Data Protection Authority (Belgium DPA) has published Artificial Intelligence Systems and the GDPR: A Data Protection Perspective, a substantive report examining how the General Data Protection Regulation (GDPR) and the EU Artificial Intelligence Act intersect. Arriving at a moment when regulators and organisations alike are grappling with the practical realities of dual compliance, the report sets out to clarify where the EU AI Act adds to and reinforces GDPR obligations, and to offer high-level strategies for meeting those combined requirements.

The timing matters. The EU AI Act entered into force in August 2024, with its prohibited practices provisions applying from February 2025 and the broader high-risk AI rules phasing in through 2026 and beyond. Organisations that have spent years building GDPR compliance programmes now need to understand how AI-specific obligations layer on top of, and in some cases complicate, what they already have in place. The Belgium DPA's report is one of the first serious attempts by a national supervisory authority to map that terrain.

At the same time, the report has notable gaps. Despite its comprehensive scope, it stops short of addressing some of the most pressing practical questions organisations face, particularly around the distinction between AI model providers and deployers, the technical challenges of personal data deletion from trained models, and the compliance implications of general-purpose AI. This article examines the report's insights and analyses where further guidance is still needed.

What does the Belgium DPA's report cover?

The report is structured around core GDPR principles and examines how the EU AI Act extends or reinforces each one in the context of AI system development and deployment. The principles it covers include transparency, fairness, lawfulness, accountability, data minimization, purpose limitation, and security. For each, the report identifies what the GDPR requires, how AI systems create new compliance challenges, and where the EU AI Act introduces additional obligations or guardrails.

The report also walks through prohibited AI practices under the EU AI Act, a category that does not derive its prohibitions from data protection principles but rather from the inherent risk a given AI application poses. Prohibited systems include those used for real-time remote biometric identification in public spaces, AI-based social scoring by public authorities, manipulation of individuals using subliminal techniques, and the exploitation of vulnerabilities of specific groups.

A useful observation the report makes is that all of these prohibited AI practices, while not banned on data protection grounds, would in practice involve processing personal data pertaining to individuals. Facial images, behavioural data, biometric characteristics, personality indicators: these are the inputs that power such systems. Critically, the EU AI Act's prohibition applies regardless of whether the training data could theoretically be anonymized. The risk classification is tied to the use of the system, not to the nature of the data that feeds it. This is an important clarification that the Belgium DPA deserves credit for making explicit.

How do GDPR principles apply to AI systems under the EU AI Act?

Transparency, accountability, fairness, and lawfulness

The report's treatment of transparency is one of its strongest sections. The GDPR requires that individuals understand how their personal data is being used and that processing is conducted lawfully. The EU AI Act adds a further layer: AI systems, particularly those categorised as high-risk, must be designed and operated in ways that allow meaningful human oversight and that make their functioning explainable to those affected by their decisions.

Under the EU AI Act, providers of high-risk AI systems must draw up technical documentation and maintain logs of system operation. They must also ensure that outputs are interpretable by the natural persons responsible for oversight. The Belgium DPA's report explains this well, situating AI-specific transparency requirements within the broader GDPR accountability framework and noting how they reinforce obligations that data controllers already carry.

On fairness and lawfulness, the report emphasizes that training data quality is not merely a technical concern but a legal one. Biased training data produces discriminatory outputs, which can constitute unfair processing under the GDPR. The EU AI Act's requirements for data governance in high-risk AI systems, including the need to examine training datasets for possible biases, operationalize what fairness means in an AI context.

Data minimization and purpose limitation: the general-purpose AI gap

Here the report has a significant omission. Data minimization requires that only personal data adequate, relevant, and necessary for a specific purpose be collected and processed. Purpose limitation requires that data collected for one purpose not be repurposed without a new lawful basis. Both principles are foundational to GDPR compliance and present particular challenges in the context of general-purpose AI models.

General-purpose AI models, including large language models, are trained on vast datasets scraped from the internet, books, and other sources. They are designed without a fixed, defined purpose: the same model might be used for drafting legal documents, diagnosing medical conditions, writing marketing copy, or any number of other tasks. The quantity of data involved, the breadth of potential purposes, and the difficulty of tracing which individuals' data was included in training all create real friction with GDPR's data minimization and purpose limitation principles.

The Belgium DPA's report does not address any of this. General-purpose AI goes unmentioned in the sections on these principles, which is a notable gap given that it is precisely the type of AI most commonly deployed today, and the type whose compliance status under the GDPR is most actively contested before supervisory authorities and courts across the EU.

For organisations working to align AI deployments with GDPR's data minimization requirements, Limina's data de-identification platform provides a technically robust starting point, enabling teams to process only what is necessary while preserving the utility of their data.

What does the EU AI Act add to automated decision-making rules?

Article 22 of the GDPR already gives individuals the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. The EU AI Act builds on this by requiring that high-risk AI systems involved in consequential decisions, such as credit scoring, recruitment screening, or medical diagnosis, be subject to human oversight mechanisms and that their logic be interpretable.

The Belgium DPA's report addresses the respective requirements for transparency and explainability, human involvement and oversight, and accountability in automated decision-making, and it explains clearly how the EU AI Act adds to GDPR obligations in this area. It notes that AI systems used in high-risk contexts must be designed so that human reviewers can meaningfully intervene, question, and where necessary override outputs, rather than rubber-stamping decisions they cannot understand.

What the report does not fully reckon with is the practical difficulty of meeting explainability requirements in the context of large language models. The inner workings of transformer-based models are not straightforwardly interpretable. When such a model recommends a credit decision or flags a candidate for rejection, the chain of inference leading to that output cannot always be reduced to a human-readable explanation. The report would have benefited from engaging directly with this technical reality rather than treating explainability as a solved problem.

How does the EU AI Act address AI-specific security risks?

One of the stronger sections of the Belgium DPA's report addresses AI-specific security risks, and the ways they differ from the threats posed by traditional data processing. The GDPR requires that personal data be processed with appropriate technical and organisational security measures. In the AI context, this general obligation takes on new dimensions.

AI systems are vulnerable to adversarial attacks, data poisoning during training, model inversion attacks that can reconstruct training data from model outputs, and membership inference attacks that can determine whether a given individual's data was included in a training dataset. These are not hypothetical risks: they represent active areas of research and documented real-world exploits. The Belgium DPA's report commendably acknowledges that AI introduces security vulnerabilities not present in conventional data processing systems.

The report's illustrative user story, involving an AI system used by a car insurance provider, is a useful pedagogical device. It walks through the additional safeguards required for such a system, including data validation procedures, anomaly detection to identify unusual inputs that might indicate an adversarial attack, and human oversight checkpoints to maintain fairness and data integrity. This kind of concrete, scenario-based guidance is genuinely useful for compliance teams.

For organisations in sectors where AI systems are already processing sensitive personal data, the security implications are acute. In healthcare, financial services, and insurance, the combination of GDPR security obligations and EU AI Act requirements for high-risk AI systems means that data governance cannot be an afterthought. It must be built into system design from the start.

What are the missing distinctions in the report?

The roles of model providers versus deployers

Perhaps the most significant structural gap in the Belgium DPA's report is its failure to clearly distinguish between the obligations of AI model providers and those of AI deployers. The EU AI Act draws a careful line between these two categories of actors, and for good reason: their roles, responsibilities, and technical capabilities differ substantially.

Model providers are the organisations that design, train, and bring AI systems to market. Their obligations under the EU AI Act include ensuring that high-risk AI systems are trained on appropriate data, that technical documentation is prepared and maintained, that systems are tested against their intended purposes, and that conformity assessments are carried out before deployment. They bear responsibility for the fundamental design of the system and for making sure it can, in principle, be used compliantly.

Deployers are the organisations that use AI systems in specific operational contexts. They may be very different from providers: a hospital using a commercially licensed AI diagnostic tool is a deployer, not a provider. Deployers are responsible for ensuring that the system is used as intended, that individuals are informed about how AI is being used in decisions affecting them, and that human oversight is genuinely in place. They cannot simply rely on the provider's documentation as a proxy for their own compliance.

The Belgium DPA's report offers a generalised compliance framework that does not consistently map obligations onto these distinct roles. A hospital's compliance obligations when deploying a third-party AI triage tool are materially different from those of the company that built and licensed the tool. A one-size-fits-all approach risks leaving both categories of actor uncertain about what is actually expected of them, which ultimately serves no one well.

This distinction matters across regulated industries. In pharma and life sciences, for instance, the AI systems used in clinical trial data analysis or pharmacovigilance may be developed by specialised vendors and deployed by large pharmaceutical companies. Understanding which entity is accountable for which compliance obligation is not a theoretical question: it is a practical one that determines where liability falls when something goes wrong.

How can personal data be deleted from trained AI models?

The GDPR's right to erasure, commonly known as the right to be forgotten, requires that organisations delete personal data upon request when certain conditions are met. In the context of traditional databases and data management systems, this is technically achievable, if administratively demanding. In the context of AI models, it presents a problem that is currently unsolved and largely unaddressed by regulators.

When personal data is used to train an AI model, it does not remain stored as a discrete record that can be identified and deleted. Instead, it influences the model's weights, the numerical parameters that encode the model's learned representations of the world. Personal data is, in a sense, absorbed into the model rather than stored within it. The individual's name, medical history, financial record, or other personal information may have shaped the model in ways that cannot be precisely isolated or reversed.

Researchers have proposed approaches including machine unlearning, a class of techniques that attempt to modify a trained model to remove the influence of specific training examples, but these methods remain experimental. They are computationally expensive, their effectiveness is not yet reliably measurable, and in the case of large models they may not be practically feasible. The field is active but the solutions are not yet production-ready.

The Belgium DPA's report barely touches on data retention and deletion, and does not engage with this core technical challenge at all. This leaves organisations, particularly those in sectors handling sensitive personal data, navigating compliance requirements for data deletion without any meaningful regulatory guidance. When a data subject exercises their right to erasure, what is a provider of a trained AI model expected to do? The report offers no answer.

This is not a minor omission. Data deletion is one of the most concrete and legally enforceable rights the GDPR grants individuals. For AI systems that have processed personal data in training, its implications are profound. Future guidance from the Belgium DPA and other supervisory authorities needs to engage seriously with the technical literature on machine unlearning and provide realistic, enforceable direction for organisations facing erasure requests.

If your organisation is working through AI compliance obligations under the GDPR and the EU AI Act, get in touch with Limina's team to explore how context-aware de-identification can help you build a compliant data pipeline from the ground up.

What should organisations do now?

Despite its gaps, the Belgium DPA's report is a useful signal of the direction regulatory thinking is taking. It confirms that supervisory authorities are beginning to work through the practical interplay of the GDPR and the EU AI Act, and that they expect organisations to do the same. Several practical steps follow from the combined requirements of both frameworks.

Organisations that develop or deploy AI systems should start by mapping where personal data enters those systems, whether during training, through user inputs, or via connected data sources. This mapping exercise is foundational: you cannot manage data you have not located, and you cannot minimize data you have not inventoried. For organisations in contact centers, where AI systems routinely process call recordings and transcripts containing sensitive personal information, this kind of data audit is particularly urgent.

Next, organisations should assess which of their AI systems fall within the EU AI Act's high-risk categories. High-risk systems are those listed in Annex III of the Act, covering areas such as biometric identification, critical infrastructure management, education and vocational training, employment, access to essential services, law enforcement, migration, and administration of justice. For systems in these categories, the combined compliance requirements are substantial and should be addressed systematically.

Role clarity is also essential. Organisations need to determine whether they are acting as an AI provider, an AI deployer, or both, for each system they are involved with. This determination shapes which obligations they carry and what documentation, risk assessments, and oversight mechanisms they need to have in place.

Finally, data minimization should be treated as a design principle rather than an afterthought. The most legally robust AI systems are those built from the start to process only what is necessary, with PII handled through de-identification before it enters training pipelines or inference workflows. Building data minimization into system architecture reduces regulatory exposure under both the GDPR and the EU AI Act simultaneously.

Moving toward comprehensive AI compliance guidance

The Belgium DPA's report provides genuinely valuable analysis of the intersection of AI regulation and data protection. The sections on GDPR principles, AI-specific security risks, and the structure of EU AI Act prohibitions are substantive contributions to a regulatory conversation that is still early in its development. Supervisory authorities across Europe will benefit from building on this kind of work.

But to function as a truly practical compliance guide, the report needs to address the gaps identified here. Distinguishing the obligations of model providers from those of deployers, engaging seriously with the challenge of personal data deletion from trained models, and confronting the general-purpose AI question head-on would all materially improve the report's utility for organisations trying to do the right thing. A more nuanced approach to compliance would benefit both organisations and the individuals whose data flows through their systems, fostering AI applications that are not only compliant but trustworthy.

Limina is built by linguists, making it context-aware and capable of understanding the language nuances and entity relationships within documents that simpler, pattern-matching approaches miss. If your organisation is working to bring AI systems into compliance with the GDPR and the EU AI Act, talk to Limina's team about how purpose-built de-identification can support your compliance programme.