India's DPDP Rules are notified, time to gap-assess your India programmeSee how we helpEU AI Act obligations are phasing in: the privacy groundwork comes firstAI privacy advisoryTransfer documentation is a top enforcement target: SCCs, IDTA, TIAsTransfer servicesIndia's DPDP Rules are notified, time to gap-assess your India programmeSee how we helpEU AI Act obligations are phasing in: the privacy groundwork comes firstAI privacy advisoryTransfer documentation is a top enforcement target: SCCs, IDTA, TIAsTransfer services
Abhishek Bansiwal
EURegulation (EU) 2024/1689, the AI Act

The privacy groundwork for AI obligations that are phasing in now.

The AI Act's obligations arrive in phases through 2027, prohibited practices and AI literacy first, general-purpose AI and high-risk systems after. Most companies' first exposure isn't the AI Act at all: it's the GDPR questions their AI features already raise. We do that privacy work now, and scope AI Act readiness alongside dedicated AI compliance specialists.

At a glance

Who it catches

Providers and deployers of AI systems placed on the EU market or affecting people in the EU

Maximum fines

Up to €35 million or 7% of global turnover for prohibited practices; lower tiers for other breaches

Timeline

Phased application: prohibitions and literacy duties first, general-purpose AI next, most high-risk obligations through 2026–2027

Privacy overlap

Training data, transparency, and profiling all trigger GDPR obligations today, before AI Act deadlines land

What it requires

The obligations that matter in practice.

  • Know your inventory: which systems you provide or deploy, and their risk classification
  • GDPR-side work that's already due: lawful basis for training data, DPIAs, transparency
  • Prohibited-practice screening, some AI uses are simply off the table
  • Preparation for transparency and documentation duties as high-risk obligations phase in

How we help

Where our practice comes in.

FAQ

Common EU AI Act questions.

No, the GDPR already applies to your AI features today: training data needs a lawful basis, users need transparency, and high-risk processing needs a DPIA. That work is due now and it's also the foundation the AI Act obligations will sit on.

Start here

Tell us what you're dealing with.

Pick the service that sounds closest, or just describe the situation. You'll get an honest reply within 24 hours: where you stand, what actually needs doing, and whether we're the right fit for it.

Prefer to talk? Book a free 30-min call

Email: abhishek.adv@yahoo.com

LinkedIn: linkedin.com/in/abhishekbansiwal

Working with clients across the EU, UK, US, India, and beyond. See the privacy notice for how enquiries are handled.

Replies within 24 hours. No mailing list, no follow-up sequence.