Share This Article
The new EDPB anonymisation guidelines update rules on personal data for the first time in over a decade introducing changes that heavily impact artificial intelligence systems.
On 7 July 2026, the European Data Protection Board adopted draft Guidelines 02/2026 on anonymisation and, the following day, opened them to public consultation until 30 October 2026. For anyone building or deploying artificial intelligence, this is not a marginal development. It goes to the very heart of when data escapes the GDPR, and when it does not.
The previous reference point was Opinion 05/2014 of the Article 29 Working Party. That opinion already relied on the same three-part logic, singling out, linkability and inference, yet it was written before large language models existed and before AI-driven re-identification attacks were demonstrated at scale. Since then, the legal, technical and privacy landscapes have changed dramatically. Crucially, the European Court of Justice has delivered a series of landmark rulings, and AI has moved from the lab to everyday business. The EDPB anonymisation guidelines respond precisely to this shift.
Why the EDPB anonymisation guidelines matter now
Under the GDPR, data is anonymous and therefore it is not deemed to be “personal data” only if it does not relate to an identified or identifiable person. The guidelines confirm for the first time that anonymity is relative, not absolute. In other words, the same dataset may be anonymous for one entity and personal for another, depending on the means each of them is reasonably likely to use.
This approach is firmly rooted in case law. In particular, the guidelines build on the CJEU judgment of 4 September 2025 in EDPS v SRB (C-413/23 P), together with earlier rulings such as Breyer, OC v Commission and Scania. The result is a standard that is contextual by design. Therefore, the assessment must run from the perspective of every relevant entity, including recipients, rogue employees, investigative journalists and even cybercriminals. Importantly, the likelihood of re-identification does not need to be zero. Instead, it must be insignificant in practice. This is a pragmatic standard, yet it is also a demanding one.
A context-based test, with a simplified shortcut
The EDPB proposes two ways to run the analysis. The first is a contextual approach, which weighs the actual capabilities of each entity. The second is a simplified approach, which ignores those differences and therefore errs on the side of caution. In practice, many controllers will combine the two: they can start with the simplified test and, if it flags a risk, move to the more granular contextual analysis.
The simplified approach is not a separate legal standard. It is a voluntary way to shift the risk from false positives to false negatives, buying greater confidence at the price of caution. For that reason, the Board also recommends building adequate safety margins into any contextual assessment, because the capabilities of attackers only grow over time.
The three criteria and why AI changes the game
At the core of the guidelines sit three criteria that data must satisfy to be considered anonymous:
- No Record Isolation – the data contains no unique combination of attributes that singles out an individual.
- No Linkage – a record cannot be linked to another dataset relating to the same person.
- No Inference – no specific and meaningful inference about an individual can be drawn.
If all three are met, the data can safely be treated as anonymous. If one fails, further analysis is needed before concluding that the data is personal. As a rule of thumb, the guidelines add, re-identification is more likely to succeed against record-level data with high dimensionality and high resolution.
What the EDPB anonymisation guidelines mean for AI systems
Here is where artificial intelligence takes centre stage. The EDPB anonymisation guidelines expressly acknowledge that AI, and especially agentic AI, will reduce the time and cost of re-identification. As a result, techniques that once looked disproportionate may soon become means reasonably likely to be used.
Three implications stand out for AI developers and deployers:
- Models and synthetic data fall firmly within scope. The guidelines warn that inferences can be drawn by querying or prompting a model, and they point to attacks that extract training data from supposedly anonymous AI models. Consequently, labelling a model “anonymous” is never a self-certifying exercise.
- Inference becomes the decisive battleground. This is where the anonymisation guidelines and the new web scraping guidelines converge. The Board flags the well-documented phenomenon of “regurgitation” or memorisation, where a generative model reproduces fragments of its training data when prompted with the right context. That behaviour maps directly onto the No Inference criterion. It also echoes the EDPB’s earlier Opinion 28/2024 on AI models, which found that only a limited number of AI systems can actually be considered anonymous. In effect, the Board has doubled down on a position that offers little comfort to developers hoping to treat their models as data-protection-free zones.
- Anonymity is not permanent, and the assessment cannot be a one-off. Because re-identification risk grows over time, the EDPB recommends periodic reassessment. For AI, that means testing anonymity per model and, arguably, per deployment — not once as a general policy. Meeting the No Inference bar may therefore require genuine engineering controls, from differential privacy to output filtering and post-training audits, rather than a simple removal of names and identifiers.
The Digital Omnibus backdrop
There is a wider regulatory chessboard here. In its 2025 Digital Omnibus, the European Commission floated a narrower definition of “personal data”, which would have shrunk the practical reach of the GDPR — and of any anonymisation standard. However, the EDPB and the European Data Protection Supervisor pushed back in their Joint Opinion 2/2026, and the contested definition was ultimately dropped. The takeaway is important: the EDPB anonymisation guidelines are the operative framework today, not a placeholder awaiting reform.
Practical steps for businesses
So, what should organisations actually do? Above all, they should
- map their data and any additional information early,
- document the anonymisation process, and
- retain that documentation as evidence of compliance.
Moreover, they should avoid describing data as “anonymous” or “de-identified” when individuals remain identifiable, since transparency obligations under the GDPR continue to apply. Finally, AI developers should align their pipelines with the companion web scraping guidelines, run a proper legitimate-interest assessment, and revisit every conclusion as models, datasets and attack techniques evolve.
The message is clear. The EDPB anonymisation guidelines do not close the door on anonymisation, rather they turn it into a rigorous, evidence-based exercise. For AI, that is both a challenge and an opportunity.
The guidelines remain open to public consultation until 30 October 2026, which is a valuable chance to help shape the final text before it is set in stone.
On a related topic, you may find of interest the article “Legitimate interest as a legal basis for AI training” on this blog. And if your organisation needs support in testing whether its datasets or AI systems are truly anonymous, our team is happy to help.

