June 2025

by Adela Nuță

Brussels was, once again, the epicenter of European dialogue on personal data protection and the impact of emerging technologies, during the CPDP.ai 2025 conference organized last May. The event provided valuable insight into the anticipated regulatory developments, with a focus on the upcoming revision of the General Data Protection Regulation (GDPR) and the challenges raised by the widespread adoption of artificial intelligence (AI) across industries.

Our participation in the conference offered a multidisciplinary understanding of the strategic directions that will shape future compliance with EU legislation. The dialogue between legal, technological and academic experts helped to define both the emerging challenges and the regulatory responses currently under discussion.

The panels dedicated to the so-called “GDPR 2.0” highlighted that, while the Regulation remains the cornerstone of the European data protection framework, it was designed in a pre-AI era. In the absence of immediate legislative amendments, the European Commission and the European Data Protection Supervisor (EDPS) have announced three strategic priorities, which were confirmed and discussed during the conference:

• the introduction of explicit algorithmic transparency obligations, requiring data controllers to describe the logic behind automated decisions and provide evidence of effective bias mitigation measures;
  •strengthening the right to challenge automated decisions, including clear response deadlines and the duty to provide intelligible explanations;
• establishing a unified mechanism for data transfers to the United States, aimed at reducing legal uncertainty while preserving individuals’ control over their personal data.

These initiatives are not intended to change the spirit of the GDPR, but rather to close the regulatory gaps that have emerged through the industrial-scale use of AI.

While the GDPR prepares for possible revision, the AI Act is entering its implementation phase. The panels dedicated to the AI Act outlined the practical difficulties faced by economic operators, particularly with regard to risk-based classification of AI systems, documentation of data quality, and the setup of continuous auditing mechanisms. To support compliance, the European Data Protection Board (EDPB) is working together with the newly established AI Office on joint guidance documents to clarify the interaction between the AI Act and the GDPR.

The event gathered prominent voices from European institutions, academia, and the tech industry, reinforcing its interdisciplinary nature and international relevance.

For us and our clients, attending events of such caliber is not merely a ”checking-in” alike exercise, but a strategic investment. First-hand information allows us to proactively align internal policies with upcoming legal and technical requirements, ensuring a seamless transition to an updated GDPR framework in sync with the mandatory standards introduced by the AI Act. We continue to closely monitor these developments and remain fully committed to supporting our partners in navigating the evolving digital regulatory landscape.

Details about our Data Privacy & Personal Data Processing practice are available HERE.