Source: National Law Review

The National Law Review article details the newly published 2025-2028 strategic plan by CNIL (Commission Nationale de l’Informatique et des Libertés), France’s data protection authority. The plan outlines key priorities for AI governance, personal data protection, and compliance with the European Union’s evolving regulatory landscape, particularly the GDPR and the upcoming AI Act.

One of the main focuses of the strategy is increasing oversight of AI systems to ensure they comply with transparency, fairness, and data security requirements. CNIL aims to strengthen enforcement mechanisms against companies that misuse AI for automated decision-making, profiling, and biometric data processing.

The plan also emphasizes user rights, aiming to improve access to personal data controls and enhance protection against AI-driven privacy risks. CNIL will expand its role in auditing AI algorithms, promoting accountability for businesses developing and deploying AI technologies.

In addition, the strategic plan includes initiatives to support ethical AI development, urging companies to adopt privacy-by-design principles and conduct risk assessments before deploying AI-based solutions. The report also signals a potential increase in regulatory fines for violations related to AI mismanagement and non-compliance with GDPR obligations.

Legal experts believe CNIL’s 2025-2028 plan will influence AI governance across Europe, as France continues to play a leading role in shaping EU-wide data protection and AI regulations. The discussion concludes with recommendations for businesses to prepare for stricter compliance obligations under CNIL’s evolving oversight.