CoE Framework Convention signatory
This content is for informational and educational purposes only and does not constitute legal advice.
Draft Bill PL8476, presented to the Chamber of Deputies in June 2025, proposes a multi-authority framework extending the mandates of existing institutions rather than creating a new dedicated body. CNPD (Commission Nationale pour la Protection des Données) is designated as default market surveillance authority, single point of contact, and national coordinator. Sector-specific market surveillance authorities are: CSSF (financial sector); CAA (insurance); ILNAS (product safety and critical infrastructure under Annex I); ILR (high-risk AI deployers operating essential or important services under NIS2); ALMPS (medicines and healthcare products); and ALIA (audiovisual AI-generated content). CNPD is also proposed as notified body for high-risk AI systems used by law enforcement and asylum/immigration authorities. Formal designation is subject to enactment of PL8476.
On 3 February 2025, the National Commission for Data Protection (CNPD) adopted guidelines on the use of the Artificial Intelligence (AI) tool DeepSeek R1. It raised concerns about data protection risks, including DeepSeek's lack of sufficient safeguards for personal data protection. It highlighted that the AI model, developed in China, does not comply with the General Data Protection Regulation (GDPR) and offers no clear framework for data rights or security. It highlighted that DeepSeek's data controller is not based in the European Union and lacks a legal representative in the region, making it difficult for users to exercise their rights under GDPR, including data access or deletion. The CNPD advised against installing DeepSeek and entering personal data, urging users to choose AI tools that adhere to European regulations.
Last updated: 03/02/2025