Short answer: European teams can use ChatGPT, Claude, and Gemini under the GDPR — but only after they have a lawful basis, an Article 28 data processing agreement (DPA), an updated record of processing activities (Article 30), and, for higher-risk uses, a Data Protection Impact Assessment (Article 35). Layered on top, the EU AI Act began phasing in obligations in 2025 and 2026 that change what "compliant" looks like for general-purpose AI and high-risk use cases. This guide explains, in plain English, what European users — DPOs, security leads, and engineers — actually need to do in 2026.

The two regimes you have to satisfy at once

Generative-AI use in the EU sits inside two overlapping regimes:

The General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) — applies whenever personal data of individuals in the EU is processed. AI prompts, RAG inputs, fine-tuning datasets, and outputs are all "processing" if they contain personal data.
The EU AI Act (Regulation (EU) 2024/1689) — entered into force August 2024, with obligations phasing in from February 2025 (prohibited practices), August 2025 (general-purpose AI / GPAI rules and governance), August 2026 (high-risk AI systems), and August 2027 (full coverage). Applies to providers and deployers of AI systems used in the EU, regardless of where they are established.

For most European deployers of ChatGPT, Claude, or Gemini, GDPR is the day-one regime, and the AI Act adds obligations that compound — they do not replace GDPR.

GDPR obligations that apply to every AI use case

1. A lawful basis for the processing

Article 6 requires one of six lawful bases (consent, contract, legal obligation, vital interests, public task, legitimate interests). For AI use, the realistic options for most B2B contexts are:

Legitimate interests (Art. 6(1)(f)) — for internal productivity, routing, or summarization use cases, after a documented Legitimate Interests Assessment (LIA) that balances the interests against the data subject's rights and reasonable expectations.
Contract (Art. 6(1)(b)) — when the AI processing is necessary to perform a contract with the data subject (e.g., AI-assisted customer support).
Consent (Art. 6(1)(a)) — required for many marketing and profiling use cases, and the only safe basis for sensitive operations such as automated decision-making with significant effects (combined with Article 22 safeguards).

Special category data (Art. 9 — health, biometric, religious, sexual orientation, etc.) and criminal-conviction data (Art. 10) need an additional Article 9 / 10 condition. Pasting a patient summary or HR-discipline note into an AI tool engages this layer.

2. A DPA with the AI provider (Article 28)

The provider becomes a processor (or sub-processor) when it processes personal data on your behalf. Article 28 requires a written Data Processing Agreement (DPA) covering:

Subject-matter, duration, nature, purpose, and types of personal data.
The controller's documented instructions.
Confidentiality obligations on personnel.
Article 32 security measures.
Sub-processor authorization and restrictions.
Assistance with data-subject rights, breach notification, DPIAs, and prior consultation.
Return or deletion at the end of the engagement.
Audit rights.

OpenAI, Anthropic, Google, and Microsoft all publish DPAs for their enterprise tiers. The consumer tiers typically do not include an Article 28 DPA — which is one reason consumer ChatGPT / Claude / Gemini accounts are hard to defend for any processing of EU personal data.

3. International transfers (Chapter V)

US-based AI providers transfer EU personal data to the US, which is a third country under GDPR. Lawful transfer requires:

An adequacy decision (the EU-US Data Privacy Framework, in force as of July 2023, covers participants).
Or standard contractual clauses (SCCs) plus a Transfer Impact Assessment (TIA) that addresses Schrems II concerns about US surveillance laws.
Or another transfer mechanism (BCRs, Article 49 derogations).

Verify that your AI provider participates in the EU-US DPF (or has equivalent transfer documentation) and that your DPA references it. Without this, every prompt to a US-hosted model can be a non-compliant transfer.

4. Records of processing (Article 30)

Every controller of more than occasional processing must maintain a record of processing activities. AI use cases need to appear in the ROPA: the categories of data, recipients (the AI provider, its sub-processors), retention, transfer mechanism, and security measures.

5. DPIAs (Article 35)

A DPIA is required when processing is "likely to result in a high risk." EU regulators have repeatedly stated that uses of generative AI involving personal data — particularly in HR, education, public services, and decisions affecting individuals — fall into the DPIA-mandatory category. The CNIL (France), AEPD (Spain), and EDPB guidance all emphasize this.

A DPIA addresses risks, mitigations, and the residual risk acceptable to the controller; consult your DPO before deploying any new AI use case that touches significant personal data.

6. Data-subject rights

Articles 15–22 grant rights of access, rectification, erasure, restriction, portability, objection, and the right not to be subject to solely automated decisions with legal or similarly significant effects.

For AI, the practical implications:

Access / rectification / erasure must be operable through your AI provider. Most enterprise tiers offer admin tools to query and delete data; map them into your DSAR process.
Article 22 restricts solely automated decisions; either build a human-in-the-loop signoff, or rely on consent / contract necessity with appropriate safeguards.

7. Article 32 — appropriate technical and organisational measures

The standard of "appropriate" depends on the state of the art, the cost of implementation, and the risk. In 2026, the regulators' published expectations include:

Encryption in transit and at rest.
Access controls and least privilege.
Pseudonymization or anonymization where reasonably possible.
Logging and audit trails.
Regular testing of security measures.
Incident response.

Local-first redaction at the browser layer is increasingly cited in DPO guidance as a "state-of-the-art" technical measure to reduce the scope of personal data sent to AI providers. Tools such as Sonomos detect entities in the prompt — names, IDs, contact details, special-category data — and replace them with reversible tokens before the request leaves the device. Where the redaction is sufficient to render the data effectively anonymous, the GDPR may not apply to the redacted prompt at all (Recital 26); even where the data is only pseudonymized, Article 32 expectations are easier to meet.

EU AI Act obligations layered on top

The AI Act's risk-tier model adds obligations on top of GDPR:

Prohibited practices (Art. 5). Effective February 2025: certain uses are banned outright (e.g., social scoring, real-time biometric ID in public spaces with narrow exceptions, exploitation of vulnerabilities). For most enterprise users, this affects what you cannot build, not what you cannot use.
General-purpose AI (Chapter V). Effective August 2025: providers of GPAI models (OpenAI, Anthropic, Google, etc.) have transparency, technical-documentation, copyright-policy, and (for systemic-risk models) safety / cybersecurity obligations. Deployers can rely on the provider's published documentation.
High-risk AI systems (Chapter III). Phased through August 2026: systems used in HR, education, credit scoring, law enforcement, migration, justice, biometric ID, critical infrastructure, and similar contexts must meet conformity assessment, risk-management, data-governance, transparency, human-oversight, and post-market monitoring requirements.
Limited-risk AI systems. Transparency obligations: chatbots must disclose AI use; AI-generated content (deepfakes, synthetic media) must be labelled; systems generating synthetic content must mark it as such.

For most European companies using ChatGPT / Claude / Gemini in productivity workflows in 2026, the most likely AI Act trigger is transparency (chatbot disclosure, synthetic-content labelling) and the GPAI deployer position (using documentation provided by the model provider, plus internal policies on use). High-risk obligations attach if you are deploying AI in HR, credit, biometric ID, or one of the other listed domains.

What examiners and DPAs are asking about

Based on 2024–2026 supervisory priorities from CNIL, AEPD, ICO (UK GDPR), Datatilsynet (Norway), and the EDPB's coordinated AI enforcement actions, the recurring questions are:

Lawful basis for each AI use case, with a documented LIA when relying on legitimate interests.
Article 28 DPA in place with each AI provider, and sub-processor flow-downs.
TIA / transfer mechanism for US-hosted providers.
DPIA for higher-risk uses, with explicit consideration of residual risk.
Article 32 measures including, increasingly, redaction or pseudonymization at the input layer.
DSAR readiness — can you delete a person's data from an AI provider on request, including in caches and embeddings if applicable?
Records of processing that include the AI use cases.
Training and policies ensuring staff understand the boundaries.
Vendor diligence documented: what reviews have you performed on the AI provider's security, transfers, and sub-processors?

Examples: what is and is not defensible in 2026

| Scenario | Defensible under GDPR? | Why | | --- | --- | --- | | Marketing team uses ChatGPT Free to brainstorm campaign copy from public information | Yes | No personal data | | Same team pastes a B2B contact list into ChatGPT Plus to write personalized outreach | No | Personal data to a non-DPA, non-EU-DPF account | | Sales team uses ChatGPT Enterprise (DPA + DPF + ZDR) to draft outreach with names redacted at the browser | Yes (with LIA) | DPA in place; redaction reduces the data sent | | HR uses Gemini to summarize CVs and rank candidates | High-risk under AI Act + significant DPIA exposure | Article 22 + AI Act Annex III obligations | | Customer-support team uses Claude for Work to summarize tickets | Yes (with controls) | DPA, contract basis, Article 32 measures | | Engineering pastes production logs (containing user emails) into ChatGPT Plus to debug | No | Personal data to consumer-tier account; possible breach |

Frequently asked questions

Is consent always needed to use AI on personal data?

No. Consent is one lawful basis among six. For most B2B productivity uses, legitimate interests (with a documented LIA) or contract necessity (where the AI is necessary to deliver a service) are more practical. Consent is necessary when you cannot reach legitimate interests — typically marketing profiling, intrusive monitoring, or automated decisions with significant effects.

Does using ChatGPT API instead of the web app change the analysis?

It changes one piece — the API operates under enterprise terms, with Zero Data Retention available — but the rest (lawful basis, DPA, transfer mechanism, ROPA, DPIA where applicable) still applies. The API is not a "compliance dodge"; it is one tier of a broader assessment.

What about Schrems II and US transfers?

Major AI providers participate in the EU-US Data Privacy Framework, which covers most transfers in 2026. Verify your specific provider's certification, include the DPF reference in your DPA, and document your TIA. If the DPF is invalidated (a Schrems III scenario remains a possibility), have SCCs as fallback.

How does the EU AI Act apply if my company is outside the EU?

The Act applies extraterritorially: if your AI system's output is used in the EU, or you are placing an AI system on the EU market, the Act reaches you. For a US company offering an AI product to EU customers, the deployer obligations of the EU customer flow back through the contract; expect EU customers to ask for documentation aligned with the Act.

Is local-first AI privacy required by GDPR?

Not explicitly, but it is increasingly the cleanest way to demonstrate "appropriate" Article 32 measures. By detecting and pseudonymizing personal data at the browser before transmission, a tool like Sonomos materially reduces the data shared with processors, simplifies sub-processor flow-downs, and reduces breach impact. EDPB guidance and several DPA opinions in 2024–2026 cite this category of tool as state-of-the-art for AI workflows.

How do data-subject erasure requests work for AI providers?

Most enterprise AI providers offer admin tooling to delete a customer's data on request. The harder question is whether deletion extends to derived artifacts (embeddings, caches, fine-tuned models). For now, GDPR erasure obligations focus on the data the controller can reasonably reach; document the technical limits in your DSAR response and your DPA.

What about the AI Act's foundation-model / GPAI obligations — do those apply to me?

Almost certainly not as a provider — those obligations sit with the OpenAI / Anthropic / Google / Microsoft of the world. As a deployer, you rely on the provider's published documentation, plus your own use-case-specific assessment. Keep the provider's GPAI documentation in your AI program file.

A short checklist for European teams

Identify lawful basis for each AI use case; document an LIA where relying on legitimate interests.
Sign DPAs with each AI provider; verify EU-US DPF participation or equivalent transfer mechanism.
Update Records of Processing Activities with AI use cases.
Run DPIAs for higher-risk uses; document residual risk and DPO consultation.
Implement Article 32 measures, including local-first redaction at the browser layer where personal data is processed.
Map DSAR processes onto the AI provider's admin tooling.
Train staff on the policy; cover both GDPR and the AI Act's transparency obligations.
Maintain an AI inventory aligned with the AI Act's risk tiers.
Watch for sector-specific guidance from CNIL, AEPD, ICO, EDPB, and the EU AI Office.
Re-assess annually; the regulatory landscape is moving every quarter.

The bottom line

For European teams in 2026, GDPR is the day-one regime and the AI Act is the rapidly adding layer above it. Compliance is achievable — the major AI providers have the contracts, the transfer mechanisms, and the configuration knobs. The work is on the deployer's side: lawful basis, DPA, transfer, ROPA, DPIA, Article 32 controls, DSAR readiness, and documentation. Local-first redaction at the input layer is increasingly the highest-leverage control: it reduces the scope of personal data sent to processors, simplifies the entire downstream pipeline, and is consistent with the state-of-the-art measures regulators expect. Get those right and ChatGPT, Claude, and Gemini are useful tools inside a proper European privacy program. Skip them and you have a multi-regime exposure on every prompt.

GDPR and AI: A 2026 Compliance Guide for European Teams Using ChatGPT, Claude, and Gemini