EU AI Act + GDPR Article 32: A 12-Item Compliance Checklist

Policies are not evidence

The EDPB cooperation framework published in 2025 made one thing clear to every European DPO: regulators do not ask you to prove you have AI policies. They ask you to prove you have evidence those policies are followed. The distinction matters. A 40-page "Acceptable Use of Generative AI" PDF stored on SharePoint is not evidence. A timestamped log showing that on 14 March at 11:42 an employee tried to paste a customer contract into ChatGPT, and your DLP layer redacted three names and one IBAN before transmission — that is evidence.

This checklist maps the obligations of the EU AI Act (Article 4 on AI literacy, Article 26 on high-risk deployer duties, Article 50 on transparency) to GDPR Article 32 (security of processing) and Article 35 (DPIA). For each item: the obligation in one sentence, the evidence regulators will request, and the concrete artifact to produce now. Where Zeuslock’s audit log fits, we say so — not because every box must be checked with a vendor, but because most CISOs we work with discover, around audit time, that the missing piece is always the same: continuous logs of who sent what to which AI tool.

The 12-item checklist

1. Article 4 — AI literacy. Operators of AI systems must ensure staff using AI have a sufficient level of literacy relative to the risk. Evidence: a maintained inventory of every AI tool used by employees (sanctioned and shadow), refreshed at least quarterly, plus training completion records tied to roles that handle personal data. Produce now: an inventory CSV with tool name, vendor, hosting region, data categories permitted, owner, and last-reviewed date. The shadow-AI portion is the one most often missing — a passive discovery layer (Zeuslock’s extension flags DeepSeek, Perplexity, Poe, and any unsanctioned destination by default) fills that gap.

2. Article 50 — Transparency to staff and data subjects. When AI interacts with humans or processes their data, that fact must be disclosed in a clear, accessible way. Evidence: a per-tool transparency notice, plus logs showing each AI interaction’s destination (model, provider, region) was recorded and surfaced to the user. Produce now: an onboarding screen or banner that lists permitted AI tools and their data-handling characteristics, and a log retention policy that captures destination URL, model, and timestamp for every prompt.

3. Article 26 — High-risk deployer monitoring. Deployers of high-risk AI systems must monitor operation and keep automatically generated logs for at least six months. Evidence: continuous logging of inputs and outputs to AI systems used in HR, credit, employment, or safety contexts — we recommend a 13-month retention floor so that a full audit cycle (annual review + 1 month) is always covered. Produce now: pipe AI interaction logs to your SIEM with hash-based input fingerprints (not raw text, to respect Article 32 minimization) and the policy decision applied.

4. Article 32 GDPR — State-of-the-art technical measures. Confidentiality, integrity, availability, and resilience of processing, with measures appropriate to the risk. Evidence: documented controls showing PII is anonymized before being sent to third-party LLMs, plus tests demonstrating the controls work. Produce now: a redaction matrix listing which data categories (api_key, IBAN, credit_card, NIR, email, phone, source code) are blocked, anonymized, or monitored, per AI destination, with an automated weekly regression test.

5. Article 35 GDPR — Data Protection Impact Assessment. A DPIA is mandatory for processing likely to result in high risk — using generative AI on personal data almost always qualifies. Evidence: a DPIA covering the AI prompt flow itself, not only the underlying business process, signed off by the DPO. Produce now: a DPIA template that explicitly addresses prompt content, model provider, hosting region, retention by the provider, and re-identification risk. The ICO’s 2024 generative-AI guidance is a usable starting point.

6. Article 5(2) GDPR — Accountability. The controller must be able to demonstrate compliance. Evidence: a single dashboard where a regulator can see, for any date range, the volume of AI interactions, the number of policy interventions, the categories of data intercepted, and the resolution of each incident. Produce now: a monthly export from your DLP layer to a board pack — Zeuslock’s Operator Console exports this as CSV in one click.

7. Article 28 GDPR — Processor due diligence. Each AI provider you use is a processor (sometimes joint controller). You need a DPA, SCCs where applicable, and a clear position on training-on-customer-data. Evidence: signed DPAs with OpenAI, Anthropic, Google, Microsoft, plus the enterprise tier opt-out confirmation for each. Produce now: a single processor register row per AI vendor with contract reference, hosting region, sub-processor list, and training-data status.

8. Article 25 GDPR — Data protection by design. Technical and organizational measures must be integrated into the processing itself, not bolted on after. Evidence: proof that detection runs before the prompt leaves the endpoint, not after the fact in log analysis. Produce now: an architecture diagram showing client-side interception (browser extension or desktop agent) with the network path that makes "data already left" impossible.

9. Article 33-34 GDPR — Breach notification. A prompt containing un-redacted personal data sent to a third-party LLM is a notifiable breach in most member states. Evidence: an incident runbook that treats AI exfiltration as a personal-data incident, with the 72-hour clock starting at detection. Produce now: a Slack/Splunk webhook that pages the DPO on any Block decision involving more than a configurable count of personal identifiers per prompt.

10. EU AI Act Article 15 — Robustness and cybersecurity. AI systems must be resilient against attempts to alter their behavior — jailbreaks, prompt injection, model evasion. Evidence: documented prompt-injection and jailbreak tests against any internal AI agent or chatbot, with results and remediations. Produce now: a quarterly red-team exercise; if you operate MCP-based agents, a DLP layer that inspects both directions of the agent ↔ tool exchange (this is where Zeuslock’s MCP integration sits).

11. Article 22 GDPR — Automated decision-making. Solely automated decisions with legal or similarly significant effects require explicit consent or contractual necessity, plus the right to human review. Evidence: per-decision logs of the AI output, the human reviewer, and the override rate. Produce now: a decision-log schema with fields {decision_id, model, input_hash, output, reviewer, override, timestamp}.

12. Article 30 GDPR — Records of processing activities. Your ROPA must list AI-mediated processing explicitly — many still do not. Evidence: a ROPA entry per AI use case with purpose, legal basis, data categories, recipients, retention, and international transfer mechanism. Produce now: a row per AI tool that crosses an EU border, with the SCC version and the transfer impact assessment reference. The CNIL’s 2024 ROPA template now includes an AI annex; use it.

13. NIS2 cross-cut — Supply-chain risk. If you fall under NIS2 (essential or important entity), your AI vendors are part of your supply chain risk assessment. Evidence: a vendor questionnaire covering hosting region, sub-processors, model provenance, and the ability to disable training. Produce now: a one-page "AI vendor assessment" appended to your standard third-party security review — the BSI has published a usable template in its 2024 cloud-services catalogue.

Why continuous logs are the load-bearing artifact

Eleven of the twelve items above resolve, in practice, to one technical requirement: a tamper-resistant log of every AI interaction, with the decision the DLP layer applied. The EDPB’s position in its 2025 opinion on generative AI is consistent with national authorities — CNIL, AEPD, the ICO — and converges on the same evidentiary standard: continuous, queryable, retained at least as long as the audit cycle.

This is the gap a standalone policy document cannot close. A policy says "employees must not paste customer data into ChatGPT"; an audit log proves that on a given day, 1,847 prompts were sent, 23 contained personal data, 21 were anonymized in flight, 2 were blocked, and the user was shown the policy each time. That is the substance Article 5(2) GDPR calls accountability.

What to do this quarter

1. Inventory and classify. By the end of this quarter, produce a complete inventory of AI tools in use — including shadow tools surfaced by a discovery pass — classified by data sensitivity and EU AI Act risk tier.
2. Switch on continuous logging. Pick a DLP layer that logs every AI prompt with destination, model, policy decision, and outcome. Set retention to 13 months minimum. Send a copy to your SIEM.
3. Run one DPIA end-to-end. Choose your highest-volume AI use case and complete a DPIA against the template in Article 35, with the prompt flow itself in scope. Have your DPO sign it. That single artifact will tell you which of the other 11 items are weakest.

The audit log is the spine of every Article 32 conversation in 2026. Build it first, and the policy work has somewhere to land.