What is the scope of the AI how-to sheets?

07 June 2024

The CNIL wishes to provide concrete clarifications and recommendations for the development of artificial intelligence (AI) systems and the creation of datasets used for their training, when they involve personal data. The CNIL defines the scope of the different how-to sheets.

This content is a courtesy translation of the original publication in French. In the event of any inconsistencies between the French version and this English translation, please note that the French version shall prevail.

Item detail:

The following sheets concern only the development phase of AI systems, not their deployment, where this involves the processing of personal data. They are limited to the processing of data subject to the General Data Protection Regulation (GDPR).

They aim at accompanying a large number of professionals with both legal and technical profiles (such as data protection officers, legal officers, legal professionals, AI practitioners, etc.).

Please note:
These how-to sheets, adopted following a public consultation, provide a framework to help professionals with their compliance. They recall the obligations imposed by GDPR and make recommendations to comply with them. These recommendations are not binding: data controllers may deviate from it, under their responsibility and provided that they can justify their choices. Some recommendations are also made as good practices and allow one to go beyond GDPR obligations.

The presence of personal data


The AI systems concerned


The phases of the treatment concerned


Applicable texts