AI data governance–overlaps between the AI Act and the GDPR
(2026) In Law, Innovation and Technology- Abstract
This article examines the overlaps between the AI Act and the GDPR, analysing their overall relationship, conceptual similarities and differences, as well as specific provisions in the AI Act that explicitly overlap with the GDPR. The primary focus of this article lies on AI data governance, with a detailed analysis of the requirements set out in Article 10 AI Act. This provision establishes quality criteria for data and data governance in high-risk AI systems that rely on training AI models with data. The article introduces a novel approach to understanding, interpreting, and applying these criteria in order to facilitate GDPR compliance. As a result, we propose a principles-based framework for AI data governance, categorising the... (More)
This article examines the overlaps between the AI Act and the GDPR, analysing their overall relationship, conceptual similarities and differences, as well as specific provisions in the AI Act that explicitly overlap with the GDPR. The primary focus of this article lies on AI data governance, with a detailed analysis of the requirements set out in Article 10 AI Act. This provision establishes quality criteria for data and data governance in high-risk AI systems that rely on training AI models with data. The article introduces a novel approach to understanding, interpreting, and applying these criteria in order to facilitate GDPR compliance. As a result, we propose a principles-based framework for AI data governance, categorising the quality criteria in Article 10 into three overarching principles: data accuracy, data transparency, and data fairness. To ensure practical quality assurance, providers of high-risk AI systems should adopt specific methods outlined in the AI Act, such as data-preparation processing operations and the processing of personal data for bias detection and correction. Finally, we propose a cycle-approach to AI data governance, aligning the requirements of Article 10 AI Act with the limitations imposed by the GDPR.
(Less)
- author
- Holtz, Hajo Michael and Ledendal, Jonas LU
- organization
- publishing date
- 2026
- type
- Contribution to journal
- publication status
- in press
- subject
- keywords
- AI Act, AI data governance cycle, data accuracy, data fairness, data governance, data transparency, GDPR
- in
- Law, Innovation and Technology
- publisher
- Taylor & Francis
- external identifiers
-
- scopus:105031219115
- ISSN
- 1757-9961
- DOI
- 10.1080/17579961.2026.2633677
- language
- English
- LU publication?
- yes
- additional info
- Publisher Copyright: © 2026 The Author(s). Published by Informa UK Limited, trading as Taylor & Francis Group.
- id
- 6883b8ab-b0af-4585-98f3-ac78f375c681
- date added to LUP
- 2026-04-21 14:23:37
- date last changed
- 2026-04-21 14:24:39
@article{6883b8ab-b0af-4585-98f3-ac78f375c681,
abstract = {{<p>This article examines the overlaps between the AI Act and the GDPR, analysing their overall relationship, conceptual similarities and differences, as well as specific provisions in the AI Act that explicitly overlap with the GDPR. The primary focus of this article lies on AI data governance, with a detailed analysis of the requirements set out in Article 10 AI Act. This provision establishes quality criteria for data and data governance in high-risk AI systems that rely on training AI models with data. The article introduces a novel approach to understanding, interpreting, and applying these criteria in order to facilitate GDPR compliance. As a result, we propose a principles-based framework for AI data governance, categorising the quality criteria in Article 10 into three overarching principles: data accuracy, data transparency, and data fairness. To ensure practical quality assurance, providers of high-risk AI systems should adopt specific methods outlined in the AI Act, such as data-preparation processing operations and the processing of personal data for bias detection and correction. Finally, we propose a cycle-approach to AI data governance, aligning the requirements of Article 10 AI Act with the limitations imposed by the GDPR.</p>}},
author = {{Holtz, Hajo Michael and Ledendal, Jonas}},
issn = {{1757-9961}},
keywords = {{AI Act; AI data governance cycle; data accuracy; data fairness; data governance; data transparency; GDPR}},
language = {{eng}},
publisher = {{Taylor & Francis}},
series = {{Law, Innovation and Technology}},
title = {{AI data governance–overlaps between the AI Act and the GDPR}},
url = {{http://dx.doi.org/10.1080/17579961.2026.2633677}},
doi = {{10.1080/17579961.2026.2633677}},
year = {{2026}},
}