Spain has enacted laws and/or issued guidance on Artificial Intelligence (AI). Companies subject to Spanish laws and regulations should be familiar with all relevant AI-related laws, regulations, and guidance, including those listed below.
Laws and Regulations
General
The AI Act establishes harmonized rules for placing on the market, putting into service, and using artificial intelligence systems (“AI Systems”) in the European Union. It prohibits certain AI practices and establishes specific requirements for high-risk AI Systems and operators of such systems, rules on market monitoring, market surveillance governance and enforcement, and measures to support innovation, with a particular focus on SMEs, including start-ups.
Principles, Studies, & Recommendations
Requirements for audits of personal data processing that include Artificial Intelligence (January 12, 2021)
Spanish
The Spanish Data Protection Agency (AEPD) published a guide on auditing personal data processing with AI. It provides guidance and a list of control objectives and specific controls for data protection audits.
FRIA Model: Guide and Use Cases (January 2025)
English
Published by the Catalan Data Protection Authority, providing a practical methodology for conducting fundamental rights impact assessments (FRIA) in the design and development of AI systems.