Contact
The Catalan Data Protection Authority (APDCAT) works to provide entities and organizations with new tools that facilitate compliance with regulations concerning both artificial intelligence (AI) and data protection. In this regard, and within the AI Congress, the Data Protection Officer and Head of Strategic Projects at APDCAT, Joana Marí Cardona, advocated for the Catalan FRIA model to promote the design and use of respectful AI. This model, developed by APDCAT within the “DPD in Network” community and supported by expert professor Alessandro Mantelero, is a European pioneer.
During the conference “AI Systems and Fundamental Rights: Legal Compliance and Competitive Advantage in a Global World,” Marí reminded attendees that this model provides a step-by-step guide for conducting impact assessments, based on practical cases that serve as reference points for identifying and mitigating risks. It addresses the requirements of the Artificial Intelligence Regulation (AIR), which establishes that, starting in August 2026, those responsible for deploying certain high-risk AI systems must assess and mitigate risks to fundamental rights before their systems enter the market.
Since its official presentation at the Parliament of Catalonia last January, APDCAT has presented the Catalan FRIA model in several international forums, and other countries such as Croatia, Brazil, and the Basque Country are already using it as a reference framework.
Given this positive reception, APDCAT is working to further streamline this process by designing a new application to automate the risk identification and mitigation process included in the Catalan FRIA model, following the recent update of the AIPD application. It is also working to incorporate new reference use cases.
An integrated model
In parallel, APDCAT is promoting a new model that integrates the impact assessment on fundamental rights in the use of AI (FRIA) with the data protection impact assessment (AIPD). This approach addresses the dual requirements that must be fulfilled when designing or using high-risk AI systems and data processing operations, in accordance with the AIR and the General Data Protection Regulation (GDPR), respectively. It should be recalled that, since the GDPR entered into force in 2018, entities or organizations carrying out high-risk data processing (due to volume or type of data, for example) must conduct a Data Protection Impact Assessment (AIPD) to mitigate identified risks. To support this task, APDCAT has recently renewed a guided application, its user manual, a template, and a specific guide to assist organizations in the process.
The AI Congress is an event organized by the Center for Innovation in AI and Data Technologies (CIDAI) and Eurecat, within the framework of the Catalonia Artificial Intelligence Strategy promoted by the Government of Catalonia. On October 22 and 23, it brings together more than 50 speakers—experts in various fields of AI—and serves as a knowledge exchange platform with the business sector on the future of artificial intelligence.
Within the framework of the AI Congress, the Catalan Data Protection Authority (APDCAT) has highlighted the Catalan FRIA model as a tool for entities and organizations to assess and mitigate the risks of their AI projects before they reach the market, in line with the Artificial Intelligence Regulation