DSK guidance for AI systems: lifecycle-oriented approach

June 30, 2025

Categories:

Compliance, Data protection in the USA

With the increasing spread of artificial intelligence (AI) in companies, the issue of data protection-compliant development and use of AI systems is becoming increasingly important. The Data protection conference (DSK) published the "Guidance on recommended technical and organizational measures for the development and operation of AI systems" in June 2025. This document specifies the requirements of the GDPR for AI-related processing and provides a practical guide for manufacturers, developers and users with regard to AI systems.

Lifecycle-oriented approach and area of application for AI systems

The DSK breaks down the requirements for AI systems along their entire life cycle:

Design phase
Development phase
Introductory phase
Operation and monitoring

Each phase is analyzed taking into account the seven warranty objectives of the Standard Data Protection Model (SDM) rated:

Legal basis and responsibilities for AI systems

AI systems are fully subject to the GDPR. The following basic principles are particularly relevant:

Lawfulness (Art. 6 GDPR)
Earmarking (Art. 5 para. 1 lit. b GDPR)
Data minimization (Art. 5 para. 1 lit. c GDPR)
Transparency and Duty to inform (Art. 13, 14 GDPR)
Rights of data subjects (Art. 15-22 GDPR)
Data protection impact assessment (Art. 35 GDPR)
Security of the Processing (Art. 32 GDPR)

Manufacturer and developer are generally regarded as Responsible persons for the design and development phases. User organizations assume responsibility for implementation and operation.

1st design phase

The design phase forms the basis for the data protection-compliant development of AI systems. At this early stage, key decisions are made regarding the objectives, architecture and data processing of the system. The aim is to adequately consider and implement data protection requirements from the outset.

A central element here is the Transparency. Responsible persons must document the sources of the training data in detail and ensure their legitimate origin. The creation of so-called "datasheets for datasets" has become established as best practice. In these datasheets, data categories, collection methods, purpose and origin of the data are described in a comprehensible manner.

As part of the Data minimization it must be checked which data categories are actually required for the desired functionality of the AI system. Algorithms that are as data-efficient as possible should be selected. The use of anonymized or synthetic data should always be examined. Pilot studies and preliminary analyses can be used to realistically assess the actual need for personal data.

From the point of view of non-linking, risks that could arise from linking data from different sources must be avoided. The use of proxy attributes, which indirectly indicate sensitive characteristics, is particularly critical.

In order to Rights of data subjects (e.g. information, Correction, Deletion), organizational processes and technical measures for intervenability should already be defined in the design phase.

In addition, the requirements for Availability, Integrity and Confidentiality must be taken into account. This includes setting up robust backup concepts, data and system integrity measures and precautions against data poisoning or backdoor attacks. Access control mechanisms and encryption strategies should also be specified in the design.

2nd development phase

In the development phase of an AI system, the requirements defined in the design phase are implemented in concrete technical terms. In this phase, the AI algorithms are implemented, the training data is prepared and the actual training and validation of the AI models are carried out.

A central concern of the DSK orientation guide in this phase is the Transparency. Responsible persons must therefore comprehensively document the entire training process. This includes a precise description of the training data, the training methods used and the selection criteria for the algorithms used. All training decisions that have an influence on the subsequent model performance and data processing must also be recorded in a comprehensible manner.

In the spirit of Data minimization Only data that is absolutely necessary for the defined training purpose may be processed. Excessive or speculative data collection is not permitted. Particularly in the case of modular "compound AI systems", care must be taken to ensure that each component only receives the data it needs.

The guarantee objective of non-linking requires that AI models are trained exclusively for the purpose defined in the design phase. The unintentional acquisition of additional sensitive information (e.g. from highly correlated variables) must be actively prevented. Suitable statistical and technical testing mechanisms must be implemented for this purpose.

With regard to intervenability, it must be ensured during development that subsequent deletion or correction requests are technically feasible. Procedures such as "machine unlearning" or modular retraining without specific data records should therefore be considered at an early stage.

With regard to the Integrity those responsible must ensure that the training, validation and test data is correct, complete and free from manipulation. Measures such as data validation, bias detection and protection against data poisoning and adversarial attacks (e.g. evasion attacks) are absolutely essential.

The Confidentiality plays a key role: training data and models must be protected against unauthorized access and attacks such as model extraction or membership inference attacks. If necessary, intermediate results must be anonymized or aggregated in order to minimize personal references.

3rd introductory phase

The introduction phase describes the transition of an AI system from the development environment to productive use. In this phase, the focus is particularly on questions of data protection-compliant distribution and configuration of the software.

A key objective is to be transparent towards users and those affected. Those responsible must provide information about how the AI system works, the data sources used, the system architecture and the factors influencing the decision-making process. The configuration options and their data protection-relevant effects must also be documented in a comprehensible manner. This also includes the disclosure of the delivered elements of the AI system (e.g. model parameters, system versions, configuration files).

With regard to the Data minimization it must be ensured that only the personal data required for the respective purpose is provided and processed. The distinction between parametric models (e.g. neural networks, which no longer contain raw data) and non-parametric models (e.g. k-nearest neighbor algorithms, which still require training data) is particularly relevant here. These differences influence which data may be transferred as part of the software distribution.

Under the aspect of Confidentiality appropriate protective measures must be taken when providing and distributing the AI system. These include, in particular, encryption techniques, access restrictions and control over the group of recipients of the software distribution. If personal training data is part of the delivered system, this must also be subject to special protective measures.

It should also be noted that system delivery may be relevant under data protection law, even if no active data protection measures are taken during this phase. Processing personal data, as it forms the basis for subsequent data processing.

Overall, the introduction phase lays the foundation for a data protection-compliant operating environment for the AI system. It requires careful planning, Documentation and technical validation of the delivered software components.

Reading tip: Legitimate interest in the development of AI systems: CNIL guidance

4. operation and monitoring

The "Operation and monitoring" phase describes the active use of an AI system and the ongoing monitoring of its functionality and data protection compliance. It begins with the release of the AI system for productive use and includes all ongoing operational and maintenance activities.

A key concern of the DSK guidance in this phase is the Transparency. Responsible persons must therefore document all processing procedures, system updates and model adjustments in an audit-proof manner. In particular, this includes logging the data used, the AI model versions and the changes made to the system. The decision history of the AI system should also be archived in a traceable manner as far as possible, especially in the case of automated decisions with legal effect.

With regard to the Data minimization must continuously check whether the personal data collected and processed in the company is still required for the specified purposes. If this is not the case, the data must be deleted or anonymized. Data minimization is also necessary for the feedback of user feedback to improve the AI system. Processing ensure.

The ability to intervene must be guaranteed at all times. This includes the possibility of Rights of data subjects like information, Correction or Deletion effectively at all times. Technical solutions such as filter systems or input and output controls help to prevent or correct unwanted model outputs. Obligations to delete data contained in the model personal data (machine unlearning) must also be implemented if this is technically possible.

In order to Integrity of the AI system, companies must ensure that it is not compromised by adversarial attacks (e.g. manipulated inputs) or unauthorized model changes. Regular tests, validations and risk assessments - for example through red teaming - are important components of secure operation.

The Confidentiality is of central importance in day-to-day operations. Access controls, Encryption and logging are designed to prevent unauthorized persons from gaining access to sensitive model parameters or personal data When using retrieval augmented generation (RAG) systems in particular, it is important to monitor exactly who is authorized to access which data sources.

Additional aspects for AI systems

In addition to the phase-related requirements of the DSK guidance, there are other important aspects that are relevant for the data protection-compliant development and operation of AI systems.

Dealing with high-risk AI systems

For so-called high-risk AI systems within the meaning of the AI Regulation (KI-VO), stricter requirements apply. These relate in particular to the comprehensive Documentation of the data, algorithms and model decisions used, as well as a binding quality management system. Companies must ensure that the AI systems have undergone the required conformity assessment procedures. Regular risk analyses and the implementation of a Data protection impact assessment (DSFA) are mandatory here.

Consideration of third-party provider models

When using externally developed or pre-trained AI models (e.g. open source LLMs or API-based services), additional security and data protection checks must be carried out. These include in particular

A review of the origin and quality of the training data
Checking for possible backdoor attacks or data poisoning
The contractual safeguarding of data protection obligations by the provider
Evaluating the risks of model extraction or membership inference attacks

Companies should ensure that the traceability and transparency of the Transparency of these third-party provider models is documented. In addition, the use of such models must be regularly checked for GDPR compliance.

Contract design

The DSK recommends taking specific data protection requirements into account when drafting contracts with suppliers and service providers. Important contractual components should include

Clear definition of responsibilities (controller-processor relationship)
Specifications for technical and organizational measures (TOMs)
Audit and control rights of the client
Regulations on data return, erasure and portability
Agreements on reporting obligations in the event of data breaches

Especially when using AI-as-a-Service offerings, contractual regulations are essential in order to ensure an appropriate level of data protection for outsourced processing operations. Dealing with high-risk AI systems Additional documentation and quality management requirements apply to high-risk AI systems in accordance with the AI Regulation.

Conclusion and recommendations for practice

The DSK orientation guide offers for the first time a Systematic, practical and legally sound guidance for the entire AI life cycle. It places high demands on the Documentationtechnology design and organizational processes. Companies must Data protection into all phases of AI development and use.

The implementation of the requirements defined in the DSK Guidance requires companies to adopt a strategic and structured approach. The following recommendations are intended to support organizations in integrating the data protection requirements into their processes in a practical and efficient manner:

Creation of an AI data protection action plan: A detailed plan should be developed before the start of the project that defines the necessary data protection checks, measures and responsibilities. This should take into account all life cycle phases of an AI system.
Early and repeated implementation of data protection impact assessments (DPIA): A DPIA must be carried out for all high-risk AI projects. An iterative approach is recommended: initial assessments are carried out during the design phase, followed by further updates during the development and operational phases.
Establishment of an AI governance body: This interdisciplinary team of data protection officers, IT security specialists, AI developers and compliance officers manages data protection support for AI projects, assesses risks and coordinates measures.
Training and awareness measures for developer and product teams: Raising awareness of data protection requirements among all those involved in the AI project is essential. This includes training on topics such as Data minimizationtransparency requirements, risk assessments and data subject rights.
Implementation of a monitoring and auditing process: Companies should continuously monitor whether their AI systems comply with data protection requirements. This includes regular audits of data processing processes, reviewing the effectiveness of technical protection measures and constantly evaluating risks.
Documentation and verification: All decisions, measures and checks relevant to data protection should be documented in a comprehensible manner in order to meet the accountability requirements of Art. 5 (2) GDPR. GDPR to do justice to them.
Definition of an incident response plan for AI-related data breaches: As AI systems harbor specific risks, an emergency plan should be in place that defines rapid response and reporting channels as well as suitable countermeasures in the event of data protection incidents.

Source: Guidance on recommended technical and organizational measures for the development and operation of AI systems (version 1.0)

Next steps with Ailance - Integrated Risk Management

Would you like to implement the requirements of the DSK guidelines efficiently and sustainably in your company? Our software Ailance - Integrated Risk Management helps you to identify, assess and manage data protection risks in all phases of the AI lifecycle.

With Ailance you can: