top of page

Legal Regulations Concerning AI

Laws and regulations

The increasing prevalence of AI on a global level requires the establishment of legal frameworks to govern its development and deployment. These regulations are designed to mitigate potential risks and ensure that AI systems operate in a manner that aligns with societal values and legal principles. AI, while offering significant benefits, also presents potential harms, including but not limited to, discriminatory outcomes, privacy violations, and safety concerns. By implementing clear guidelines and prohibitions, regulatory bodies, such as the European Commission, seek to foster a responsible and trustworthy AI ecosystem, thereby safeguarding fundamental rights and promoting ethical innovation.


While national laws also govern some aspects of data privacy and regulation, the European Union is the first to present a legal framework on AI, positioning itself as a global leader on ethical and trustworthy AI development and use. The core pieces of the European legal framework are the GDPR and the EU AI Act.

​​

The GDPR
 

The General Data Protection Regulation (GDPR) is a European Union law that sets strict standards for the processing of personal data. As AI tools become increasingly integrated into employment counseling, it's essential to understand how GDPR applies to these technologies and the work practices around them.
 

Key GDPR considerations for AI in employment counseling include:
 

  1. Lawful basis for processing personal data:
     

    • Consent: Beneficiaries must give explicit consent for their data to be processed. This consent should be freely given, specific, informed, and unambiguous.

    • Legitimate Interest: In certain cases, processing personal data may be justified based on a legitimate interest, such as improving employment counseling services. However, this interest must be balanced against the individual's rights and freedoms.
       

  2. Data minimization:
     

    • Only collect the minimum amount of personal data necessary for the specific purpose.

    • Avoid over-collecting data that is not relevant to the counseling process.
       

  3. Data security:
     

    • Implement robust security measures to protect beneficiary data from unauthorized access, loss, or damage.

    • Use encryption to safeguard sensitive information.

    • Regularly update security protocols to address evolving threats.
       

  4. Data subject rights:
     

    • Beneficiaries have the right to access, rectify, erase, and restrict the processing of their personal data.

    • They also have the right to data portability and the right to object to processing.
       

  5. Accountability:
     

    • Employment counselors and organizations must be accountable for the processing of personal data.

    • Implement appropriate technical and organizational measures to ensure compliance with GDPR.

The EU AI Act
 

Another reference to ensure the lawful implementation of AI-based tools is the EU AI Act. The EU AI Act is the first comprehensive legal framework for regulating AI in Europe, proposed by the European Commission in April 2021. As part of the EU’s digital strategy, it aims to create better conditions for the development and use of AI while ensuring safety, transparency, and accountability. While most of the provisions mainly apply to the AI tool providers (manufacturers), some points are also relevant for the deployers (organizations or agencies that use the AI system under their authority).
 

EU AI Act contains AI system/tools classification based on the risk they pose, including prohibited AI practices, high risk, limited risk and minimal risk AI systems. While most AI applications available in the EU are considered minimal risk and unregulated, some AI tools that might be relevant for employment counseling services can also be categorized as high risk. This includes AI systems used for recruitment or selection, particularly targeted job ads, analysing and filtering applications, and evaluating candidates; and for determining access, admission or assignment to educational institutions or evaluating learning outcomes. It is crucial for employment counseling organizations to consult this categorization when choosing AI tools for their work.
 

Regardless of the AI system category, the EU AI Act also obligates all AI system deployers to ensure their staff and users have adequate AI literacy, considering their expertise, training, and the system's context and impact on affected individuals.
 

To read more about EU AI Act and the obligation of the deployer for different AI system category, please visit: https://artificialintelligenceact.eu/

References​

 

EU Artificial Intelligence Act. 2025. https://artificialintelligenceact.eu/ 


European Commission. (2024, August 1).  Artificial Intelligence – Questions and Answers*. https://ec.europa.eu/commission/presscorner/detail/en/qanda_21_1683 


European Parliament. (2023, June 8). EU AI Act: first regulation on artificial intelligence. https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence 


General Data Protection Regulation (GDPR): This EU law governs the processing of personal data within the EU. 2025. https://commission.europa.eu/law/law-topic/data-protection/legal-framework-eu-data-protection_en 

download.png

This project has been funded with support from the European Commission. This website reflects the views only of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein.

​

Visit EPALE - Electronic Platform for Adult Learning in Europe.

bottom of page