All regulations
European Union / UK
GDPR
The General Data Protection Regulation governs how personal data of EU and UK residents is collected, processed and protected, including special rules for automated decision-making.
Who it applies to
- Any organisation processing personal data of EU/UK residents
- Controllers and processors, including AI vendors handling personal data
- Automated decision-making and profiling that significantly affects individuals
Core obligations
- Establish a lawful basis for every processing activity
- Run DPIAs for high-risk AI processing
- Provide data subject rights including access, erasure and objection
- Maintain records of processing and report breaches within 72 hours
How Vigil24 helps
- Flags AI tools processing personal data
- Generates DPIA templates pre-filled from tool metadata
- Tracks vendor DPAs and sub-processor changes
Explore other regulations
EU AI Act
Risk tiers, transparency, high-risk AI obligations.
NIST AI RMF
US risk management framework for AI.
ISO 42001
AI management system standard.
DORA
Operational resilience for finance.
FCA Consumer Duty
Fair outcomes in UK financial services.
India DPDP Act 2023
Data protection for Indian users.
Singapore Model AI Governance
Responsible AI in Singapore.
ASEAN AI Governance Guide 2024
Regional framework across 10 member states.