GDPR Evidence Mapping for AI Agents

Name: Veto
Availability: InStock
Author: Veto

GDPR predates tool-using AI agents, but Articles 22, 25, 30, 32, and 35 already constrain what an agent can do with personal data. The hardest question is Article 22: are decisions solely automated? Inserting an approval workflow at the runtime boundary is how you keep the right answer to that question while still running the agent.

Last updated: May 20, 2026

What is GDPR?

Regulation (EU) 2016/679, the General Data Protection Regulation, entered into force May 25, 2018. It applies to any controller or processor handling personal data of individuals in the European Union, regardless of where the organization is established. The European Data Protection Board (EDPB) issues guidance; supervisory authorities in each member state investigate and enforce. For AI agents, the regulation matters most through Articles 22, 25, 30, 32, and 35: automated decisions, data protection by design, records, security, and DPIAs.

Why it applies to AI agents

Any agent that processes personal data, regardless of architecture, is a processing operation under GDPR. The governed tool path is where the regulation bites: an agent that drafts an email is one thing; an agent that sends a debt-collection letter, denies a service, or shares records with a third party is processing with legal or significant effects on the data subject.

Article 22 is the article most often misread. It does not prohibit AI-assisted decisions; it prohibits decisions based solely on automated processing where they produce legal or similarly significant effects. The runtime authorization boundary is where that prohibition either bites (deny by default with no review) or is satisfied (route to a human approver before execution).

Control mapping: GDPR articles to Veto features

The table maps the articles that most directly govern AI agent processing.

Article	Requirement	Veto feature
5(1)(c)	Data minimisation: personal data adequate, relevant, limited to what is necessary	Per-tool argument validation; field-level allowlists in policy YAML
5(1)(f)	Integrity and confidentiality: appropriate security against unauthorized processing	Deny-by-default authorization; per-agent scoping; environment isolation
22(1)	Right not to be subject to a decision based solely on automated processing	Approval workflow routes significant decisions to human reviewers before execution
22(3)	Right to obtain human intervention, express their view, and contest the decision	Approval queue with reviewer identity; decision record preserves contestable evidence record
25(1)	Data protection by design: technical and organisational measures from the outset	Policy-as-code authored before agent deployment; validation gates can flag missing policy before release
25(2)	Data protection by default: only personal data necessary for each specific purpose processed	Least-privilege default: agents allowed only what policy explicitly permits
30(1)	Records of processing activities for each category of processing	Policy YAML acts as records of processing for agent operations; auto-exportable for Article 30
32(1)	Appropriate technical and organisational measures to ensure security	Runtime authorization, decision records, alerting, and incident response evidence
33(1)	Notification of personal data breach to supervisory authority within 72 hours	Forensic decision records reconstruct incident timeline for breach notification narrative
35(1)	DPIA required when processing likely to result in high risk to rights and freedoms	Policy files and decision records supply operational evidence input for the DPIA
35(3)(a)	DPIA mandatory for systematic evaluation including profiling with significant effects	Approval workflow + decision record demonstrate human oversight to lower assessed risk
5(2)	Accountability: controller responsible for and able to demonstrate control	Versioned policy history, decision record retention, exportable reports

Evidence Veto provides

Supervisory authority investigations rarely accept a privacy notice as evidence. They want documented processing records, security measures, and the operational artifacts that support the data protection by design claim.

Records of processing

Policy YAML lists each tool, allowed arguments, intended purpose, and approval rules. Exportable as Article 30 records of processing activities.

DPIA evidence

Decision records show risk treatment effectiveness: approval rates, denial counts, latency. Direct input to the DPIA risk assessment matrix under Article 35(7).

Article 22 evidence

Approval queue records show human reviewers are involved in significant decisions. Reviewer ID, justification, and timestamp documented per decision.

Breach notification material

Filtered decision record reconstructs exactly what an agent did before, during, and after a suspected incident. Feeds the Article 33 narrative within 72 hours.

Implementation timeline

April 27, 2016GDPR adopted as Regulation (EU) 2016/679

May 25, 2018GDPR enters into force; enforcement begins across EU and EEA

February 2025EDPB Opinion 28/2024 on AI models clarifies processing of personal data for AI training

OngoingSupervisory authorities (CNIL, Garante, DPC, AEPD) actively investigate AI deployments under existing GDPR provisions

August 2, 2026EU AI Act Article 50 transparency obligations apply; high-risk timing is addressed separately in the AI Omnibus political agreement, pending formal adoption

Article 83 creates tiered penalty exposure for records, security, DPIA, lawful-basis, transparency, data-subject-rights, and cross-border-transfer failures. Veto's role is the action-layer evidence: policy, purpose, verdict, and log.

Frequently asked questions

Does an AI agent count as automated decision-making under Article 22?

Article 22(1) covers decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects on the data subject. If an AI agent takes an action with that kind of effect and no meaningful human review, Article 22 analysis is required. Human approval at the runtime boundary gives the organization an operational review point, but legal classification still depends on the full workflow and jurisdiction.

How does Veto support data protection by design (Article 25)?

Article 25 requires controllers to implement appropriate technical and organizational measures at the time of processing design. Policy-as-code supports data protection by design: each agent has a documented set of allowed actions, denied actions, and approval-required actions before it processes any data. Deny-by-default and least-privilege scoping create action-layer evidence for the data-minimization principle in Article 5(1)(c).

When is a DPIA required for an AI agent?

Article 35 requires a Data Protection Impact Assessment when processing is likely to result in high risk to rights and freedoms of natural persons. AI agents that perform automated decisions with significant effects, large-scale processing of special categories, or systematic monitoring trigger Article 35(3). Decision records from Veto supply the operational risk evidence that feeds a DPIA: who has access, what actions are possible, what monitoring is in place.

What are the GDPR fines for non-compliance?

GDPR penalties are tiered and can be material for records, security, lawful-basis, data-subject-rights, and transfer failures. For agent teams, the practical question is whether each sensitive action has a policy, a purpose, and a reviewable record.

Related evidence resources

EU AI Act

Risk classification and Article 14 human oversight

ISO/IEC 42001

AI management system standard for European deployers

SOC 2

Trust service criteria for service organizations

Article 22 is not a prohibition. It is a design constraint. Build for it.