Government
FR · France Commission Nationale de l'Informatique et des Libertés (CNIL)

CNIL Recommendations on AI and the GDPR

CNIL's set of recommendations helping AI developers apply the GDPR through the AI lifecycle, covering purpose definition, legal basis, training data sourcing, security, and data subject rights.

Save to your dashboard for quick access later.
Share LinkedIn X Facebook

Official source

cnil.fr

Published
Apr 8, 2024
Last verified
Mar 19, 2026
Visit official page

Opens in a new tab. You are about to leave AI Resource Zone.

Editorial summary

CNIL's set of recommendations helping AI developers apply the GDPR through the AI lifecycle, covering purpose definition, legal basis, training data sourcing, security, and data subject rights.

Why this matters

France has the most assertive data-protection regulator in Europe, and the CNIL has decided not to wait for the EU AI Act to start enforcing against AI systems. Its recommendations walk developers through purpose definition, legal basis, training data sourcing, security, and data subject rights — each mapped to concrete articles of the GDPR. If you process data about anyone in France, this is the interpretation a CNIL inspector will be working from. Reading the official page, in French or English, gives you the exact phrasing and the worked examples that the third-party explainers usually strip out.

Topics covered

At a glance

Type
Government
Country
France
Agency
Commission Nationale de l'Informatique et des Libertés (CNIL)
Published
Apr 8, 2024
Last verified
Mar 19, 2026
Permalink
https://airesourcezone.com/resources/cnil-ai-gdpr-recommendations

Ready to read it at the source? Visit cnil.fr →

Related resources

Other resources that share at least one topic with this one.

  • Government Singapore

    Model AI Governance Framework for Generative AI

    Framework published by IMDA and the AI Verify Foundation extending Singapore's Model AI Governance Framework to generative AI, covering acco...

    Source: AI Verify Foundation

  • Government United States

    NIST AI Risk Management Framework (AI RMF 1.0)

    Voluntary framework released by NIST to help organizations manage risks across the AI lifecycle, organized around the Govern, Map, Measure,...

    Source: National Institute of Standards and Technology (NIST) — Artificial Intelligence

  • Government Japan

    AI Guidelines for Business (Ver. 1.0)

    Joint METI and MIC guidelines consolidating earlier Japanese AI R&D, utilization, and governance texts into a single living document setting...

  • Government United Kingdom

    ICO Guidance on AI and Data Protection

    ICO hub of guidance explaining how UK GDPR principles apply to AI systems, covering fairness, lawfulness, transparency, accountability, and...

    Source: Information Commissioner's Office (ICO)

  • Government United States

    Blueprint for an AI Bill of Rights

    White House OSTP non-binding framework setting out five principles for the design and use of automated systems: safe and effective systems,...

  • Government Australia

    Australia's AI Ethics Principles

    Eight voluntary principles — including human-centred values, fairness, privacy, reliability, transparency, contestability, and accountabilit...

    Source: Department of Industry, Science and Resources — National AI Centre