CNIL finalizes recommendations for AI system development under GDPR

The Commission Nationale de l’Informatique et des Libertés (CNIL) published comprehensive recommendations on July 22, 2025, outlining how artificial intelligence developers must comply with the General Data Protection Regulation. According to the published documents, the guidance clarifies GDPR applicability to models, establishes security requirements, and sets conditions for annotating training data.

The French data protection authority’s latest recommendations address a significant regulatory gap in artificial intelligence development. Recent enforcement actions by CNIL demonstrate growing scrutiny of AI systems across France, including rejections of AI-powered age verification cameras in tobacco shops and stricter oversight of biometric analysis technologies.

According to the CNIL documentation, the initiative responds to rapid artificial intelligence advancement across commercial sectors. These technical tools serve various purposes including data processing, model training, and automated decision-making systems that affect individual privacy rights.

Security requirements for AI development

The CNIL established three primary security objectives for artificial intelligence system development. Data confidentiality requirements mandate protection of both restricted and publicly accessible information throughout the development process. According to the documentation, “a lack of security in the database can lead to losses of data confidentiality” even when dealing with publicly available datasets.

Performance and system integrity measures must address risks related to poor system performance that could affect end users. According to the CNIL, “although risks related to poor system performance only manifest during the deployment phase, the majority of measures must be taken during the development phase.”

General information system security encompasses traditional cybersecurity measures adapted for artificial intelligence environments. The authority notes that “the most likely risks today concern other components of the system (such as backups, interfaces and communications)” rather than the AI models themselves.

CNIL recommends conducting Data Protection Impact Assessments for AI systems that present high risks to individual rights. The assessment framework must consider AI-specific risks including automated discrimination, fictional content generation about real persons, and vulnerabilities specific to artificial intelligence systems.

Data annotation compliance framework

The CNIL’s data annotation guidance addresses a critical phase in machine learning development where training data receives labels or descriptions that serve as “ground truth” for model learning. According to the documentation, “annotation is a determining step in developing a quality AI model, both for performance issues and respect for people’s rights.”

Minimization principles require annotations to contain only information necessary for achieving the intended functionality. The CNIL states that “annotations containing information not relevant to the intended functionality do not respect the principle of minimization.”

Accuracy requirements mandate that annotations contain only precise information about individuals represented in the data. According to the authority, “inaccurate annotation or annotation based on inappropriate or arbitrary criteria will not respect the principle of accuracy.”

The documentation establishes specific procedures for annotation protocols including documented workflows, clear task attribution, and validation phases to confirm label choices and procedure effectiveness. Quality control measures must include regular verification through random sampling and inter-annotator agreement evaluation.

Technical implementation requirements

CNIL requires organizations to verify the reliability of training data sources and their annotations throughout the entire system lifecycle. Data quality verification must occur during collection and continue throughout the data lifecycle to limit risks of data degradation.

Integrity verification processes must detect common security flaws including data poisoning attempts. The authority recommends implementing version control and logging systems to track modifications and prevent malicious alterations.

Encryption requirements apply to backups and communications, particularly for systems exposed through web interfaces or federated learning environments. The CNIL emphasizes using state-of-the-art cryptographic protocols to limit intrusion consequences.

Access control measures must restrict data access to authorized personnel with differentiated authentication procedures for users and administrators. The authority recommends anonymization or pseudonymization techniques including data redaction, random perturbations, and generalization methods.

Rights management for AI systems

The CNIL guidance clarifies how individual rights apply to AI model development and deployment. Organizations must implement procedures for identifying individuals within training datasets and models, particularly challenging for generative AI systems.

For generative artificial intelligence, the authority requires establishing internal procedures to query models using selected request lists to verify what personal data the system might have memorized. When individuals cannot be identified within models but exist in training databases, organizations must inform them about memorization risks.

Technical solutions for rights management typically require model retraining processes. According to the CNIL, retraining can be periodic to limit costs and satisfy multiple rights exercise requests simultaneously. Organizations must provide updated model versions to users and may contractually require using only regularly updated versions.

When retraining proves disproportionate, organizations must implement robust filters or other measures on AI system outputs. The authority recommends preferring general rules preventing personal data generation over simple “blacklists” of individuals who exercised their rights.

Industry impact assessment

For the marketing technology sector, these recommendations establish concrete compliance requirements that affect how companies develop and deploy AI-powered advertising systems. Previous CNIL actions against tracking technologies demonstrate the authority’s commitment to enforcing privacy regulations across digital marketing platforms.

The guidance particularly impacts programmatic advertising platforms that utilize machine learning for audience targeting and campaign optimization. Systems analyzing customer behavior, appearance, or demographics without clear legal basis face potential regulatory challenges under the new framework.

Marketing technology vendors must assess whether their products create similar GDPR compliance issues. Enhanced consumer analysis technologies face increasing restrictions across European jurisdictions, affecting companies developing or deploying such systems for commercial applications.

Companies developing AI-powered marketing tools must implement the CNIL’s recommended security measures including verified development libraries, secure file formats for model importation, and robust access control systems. The requirements extend beyond traditional cybersecurity to address AI-specific vulnerabilities.

Timeline

Key terminology explained

CNIL (Commission Nationale de l’Informatique et des Libertés): France’s independent data protection authority responsible for enforcing privacy regulations and issuing guidance on emerging technologies. The organization plays a crucial role in interpreting GDPR requirements for artificial intelligence systems, establishing precedents that influence regulatory approaches across the European Union. CNIL’s recommendations carry significant weight for companies operating in French markets and serve as reference points for other European data protection authorities developing their own AI oversight frameworks.

GDPR (General Data Protection Regulation): The comprehensive European Union privacy law that governs how organizations process personal data, including within artificial intelligence systems. The regulation establishes fundamental principles of data minimization, accuracy, and individual rights that directly impact AI development methodologies. GDPR compliance for AI systems requires careful consideration of data processing purposes, legal bases, and technical measures to protect individual privacy throughout the machine learning lifecycle.

Data annotation: The process of adding descriptive labels or metadata to training data that serves as ground truth for machine learning algorithms. Proper annotation methodology directly impacts both AI system performance and regulatory compliance, as annotations themselves may contain personal data requiring protection under GDPR. The quality and accuracy of annotations determine how effectively AI models learn to classify, predict, or generate outputs while respecting individual privacy rights.

Artificial intelligence systems: Technology platforms that process data to make automated decisions or generate outputs without explicit programming for each specific task. These systems encompass various approaches including machine learning, deep learning, and generative AI technologies that require careful privacy consideration throughout development and deployment phases. AI systems processing personal data must comply with data protection regulations regardless of their technical complexity or commercial application.

Security requirements: Technical and organizational measures designed to protect personal data throughout the AI development lifecycle from unauthorized access, modification, or disclosure. These requirements extend beyond traditional cybersecurity to address AI-specific vulnerabilities including model inversion attacks, membership inference attacks, and data extraction from trained models. Comprehensive security frameworks must consider data confidentiality, system integrity, and availability across development, training, and deployment environments.

Training data: The datasets used to teach artificial intelligence systems how to perform specific tasks, often containing personal information that requires regulatory protection. Training data quality, representativeness, and privacy compliance directly impact both AI system effectiveness and legal compliance under data protection regulations. Organizations must implement robust data governance practices to ensure training datasets meet minimization principles while providing sufficient information for effective model development.

Personal data processing: Any operation performed on information relating to identified or identifiable individuals, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, or destruction. In AI contexts, personal data processing occurs throughout the development lifecycle from initial data collection through model training, validation, and deployment phases. Each processing activity requires appropriate legal basis, technical safeguards, and individual rights protection mechanisms.

Rights management: The implementation of technical and procedural mechanisms that enable individuals to exercise their data protection rights including access, rectification, erasure, portability, and objection. For AI systems, rights management presents unique challenges as personal data may become embedded within model parameters through the training process. Organizations must develop innovative approaches including model retraining, output filtering, and consent management systems to ensure ongoing rights compliance.

Model development: The comprehensive process of creating artificial intelligence systems from initial conception through deployment, encompassing data collection, preprocessing, algorithm selection, training, validation, testing, and integration phases. Effective model development requires interdisciplinary collaboration between data scientists, privacy professionals, security experts, and domain specialists to ensure both technical performance and regulatory compliance. The development process must incorporate privacy-by-design principles and ongoing risk assessment methodologies.

Data protection compliance: The ongoing organizational commitment to meeting regulatory requirements for personal data processing through technical measures, procedural controls, documentation practices, and individual rights facilitation. Compliance in AI contexts requires specialized expertise in both technology and privacy law, as traditional compliance frameworks may not adequately address the unique characteristics of machine learning systems. Organizations must establish comprehensive governance frameworks that address data lifecycle management, algorithmic accountability, and cross-border data transfer requirements.

Summary

Who: The Commission Nationale de l’Informatique et des Libertés (CNIL), France’s data protection authority, issued recommendations affecting AI developers, technology companies, and organizations processing personal data for machine learning systems.

What: Comprehensive guidelines establishing GDPR compliance requirements for artificial intelligence development, including technical security measures, data annotation protocols, and individual rights management procedures for AI systems.

When: Published July 22, 2025, with immediate effect for new AI system implementations and assessment requirements for existing systems to maintain regulatory compliance.

Where: France, with broader implications for European Union companies developing or deploying AI systems that process personal data under GDPR jurisdiction.

Why: Address regulatory gaps in artificial intelligence development while ensuring individual privacy rights protection as AI adoption accelerates across commercial sectors, particularly in marketing and consumer analysis applications.