This page is fully or partially automatically translated.

Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Header of CONET
Forums it-sa Expo 2023 Knowledge Forum C

AI Regulation and GDPR - a double barrier to the use of AI?

What are the challenges of processing personal data with AI? What is the difference between the AI Act and the GDPR?

calendar_today Wed, 11.10.2023, 14:30 - 14:45

event_available On site

place Knowledge Forum C

Action Video


Action description





Data protection / GDPR Legislation, standards, regulations Governance, Riskmanagement and Compliance

Key Facts

  • The AI Act is based on the GDPR in terms of its structure and mode of operation.
  • Core question: Processing of personal data
  • Liability issues, threat of fines & double sanctions?


This action is part of the event Forums it-sa Expo 2023

Action Video

grafischer Background

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

The upcoming AI regulation of the European Union (internationally referred to as the AI Act) will bring about a world first regulation of AI systems among manufacturers and users. The spectrum of reactions in business, politics and the population ranges from "protective shield" to "dead blow" for the future development and use of AI in the EU.

The effects are already predicted to be as serious as those of the GDPR - not least because the AI Act is strongly modelled on the GDPR in its structure and mode of action. Thus, the AI Regulation will also deal with the processing of personal data as a core issue and pursue a risk-based approach. This will require those affected by the regulation to establish appropriate risk management systems that allow for risk and data protection impact assessments that are as reliable as possible and provide for appropriate technical and organisational measures for risk minimisation and damage limitation.

Currently, the AI Regulation is still in the making. Its last available status dates from the discussions in the European Parliament in June 2023, so a current assessment is only possible on this version, which next enters the trilogue negotiations between the EU Commission, Parliament and Council of Ministers.

But how should the interaction between the AI Act and the GDPR be assessed in light of this current state of affairs? Does the AI Act supersede the GDPR? Does it create new freedoms or additional restrictions? In principle, the aim of such regulations is not to make competition more difficult, but to regulate fair competition while taking into account the overriding protection of the rights and freedoms of the natural persons affected by processing. 

It will be interesting to observe how the term "artificial intelligence" or "AI system" is ultimately defined, interpreted and understood within the meaning of the AI Regulation. Where does purely mathematical-technical processing end, and where does artificial intelligence begin? It will also be important whether the processing is carried out exclusively by AI or whether a human checks the results of the AI and then uses them for further processing.

Liability issues and the threat of fines, which both regulations provide for if a (non-legal) use of an AI system in the company ultimately leads to a data protection incident, can also cause uncertainty. In principle, the AI Regulation provides for significantly higher penalties than the GDPR, but can double sanctions occur under certain circumstances?

The lecture attempts to address all of these questions, to put the weal and woe of the upcoming AI Regulation into perspective and to shed light on the possible effects of the AI Act on the regulations of the GDPR already in force with a look at the current draft of the proposed legislation.

... read more

Language: German

Questions and Answers: No


show more

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.