AI systems are powered by data and datasets. Ensuring safe and trustworthy AI development, therefore, necessitates proper data and AI governance mechanisms. Recognizing this, the EU AI Act attaches particular importance to data governance and management, introducing strict data-related requirements for high-risk AI systems and general-purpose AI models to comply with.

However, data processing often involves personal data as well, particularly employed in the training, testing, and validation of AI systems. This raises questions on the use and processing of personal data, which is primarily governed in the EU by the Regulation (EU) 2016/679 (“GDPR”). With the EU AI Act recently entering into force, it is vitally important to address the interplay between these two legislative frameworks.