--- url: https://eurocomply.app/versus/ai-act-vs-gdpr canonical: https://eurocomply.app/versus/ai-act-vs-gdpr title: EU AI Act (Regulation 2024/1689) vs GDPR (Regulation 2016/679) — EU Regulation — AI Governance vs Data Protection — EuroComply vendorA: EU AI Act (Regulation 2024/1689) vendorB: GDPR (Regulation 2016/679) marketCategory: EU Regulation — AI Governance vs Data Protection selfReference: true lastReviewed: 2026-05-28 author: EuroComply Team license: CC-BY-4.0 --- # EU AI Act (Regulation 2024/1689) vs GDPR (Regulation 2016/679) *EU Regulation — AI Governance vs Data Protection* > **Disclosure:** EuroComply is the operator of this page. The comparison is the EuroComply team's reading of public information about both products. Verify directly with both vendors. ## How does EU AI Act (Regulation 2024/1689) compare to GDPR (Regulation 2016/679)? GDPR is the EU's data protection law — it governs how organisations collect, process, and store personal data. The AI Act is a risk-governance law — it governs how AI systems are designed, deployed, and monitored based on their potential to harm health, safety, or fundamental rights. They coexist and frequently overlap: an AI system that processes personal data is subject to both regimes simultaneously, with different obligations, different supervisory authorities, and different documentation requirements. ## Feature comparison | Attribute | EU AI Act (Regulation 2024/1689) | GDPR (Regulation 2016/679) | | --- | --- | --- | | Scope | Artificial intelligence systems placed on or used in the EU market | Processing of personal data by organisations in or targeting the EU | | Legal basis | Regulation (EU) 2024/1689 — risk-based harmonisation of AI rules | Regulation (EU) 2016/679 — fundamental right to data protection (Article 8 EU Charter) | | Applies to | Providers, deployers, importers, and distributors of AI systems | Controllers and processors of personal data | | Deadline | Phased: Feb 2025 (Art. 4/5) · Aug 2025 (GPAI) · Aug 2026 (high-risk) · Aug 2027 (Annex I) | In force since 25 May 2018 — obligations apply immediately | | Max fine | €35 million or 7% of global turnover (prohibited practices) | €20 million or 4% of global turnover | | DPA involvement | Secondary — DPAs consult on AI systems processing personal data; primary enforcer is the national market surveillance authority | Primary — national Data Protection Authorities (DPAs) supervise and enforce | | Data mapping requirement | No equivalent; requires Annex IV technical documentation for high-risk systems | Yes — Article 30 Records of Processing Activities (ROPA) | | AI inventory requirement | Yes — Article 60 EU database for high-risk AI; internal inventory strongly implied for deployers | No — but AI systems processing personal data must be captured in the ROPA | | Article references | Art. 4 (literacy) · Art. 5 (prohibited) · Art. 6 + Annex III (high-risk) · Art. 26 (deployer duties) · Annex IV (technical docs) | Art. 5 (principles) · Art. 6 (lawful basis) · Art. 25 (data by design) · Art. 30 (ROPA) · Art. 35 (DPIA) | ## Where does EuroComply fit? For organisations subject to both regulations, managing GDPR and AI Act obligations in separate tools creates a documentation gap: your ROPA may not capture the AI system details required by Annex IV, and your AI Act technical file may not reference the GDPR lawful basis or DPIA. EuroComply tracks GDPR records and AI Act documentation simultaneously in one workspace — the AI X-Ray tool classifies each system under the AI Act risk tiers while linking it to the corresponding ROPA entry and DPIA. A single source of truth reduces duplication and makes cross-authority requests faster to answer. ## Vendor sites - EU AI Act (Regulation 2024/1689): https://eur-lex.europa.eu/eli/reg/2024/1689/oj - GDPR (Regulation 2016/679): https://eur-lex.europa.eu/eli/reg/2016/679/oj ## Source Primary source: [EUR-Lex Official Journal](https://eur-lex.europa.eu). --- For informational purposes only. Pricing and feature details drift — verify on each vendor's site. Not legal, procurement, or financial advice. Last reviewed: 2026-05-28 by the EuroComply Team. License: CC-BY-4.0.