Key takeaways from IAPP AI Governance Global Europe 2025

The IAPP, now in its 25th year, is the world’s largest community of privacy, AI and digital trust professionals. Since the introduction of the GDPR, the organisation has seen explosive growth in both membership and scope. Its certification programmes have become the industry standard, with many Data Protection Officers (DPOs) holding multiple credentials. We were proud to have members of our team attend the conference and host a reception aboard the MV Cill Airne, showcasing sunny Dublin to our international guests. 

CEO & President of IAPP, J Trevor. Hughes (far right) on board MV Cill Airne with (L to R) Onur Korucu, IAPP Advisory Board Member and KnowledgeNet Chapter Chair; Liam McKenna, Consulting Partner, Forvis Mazars and David O’Sullivan, Consulting Director and IAPP KnowledgeNet Chapter Chair.

AI Governance Global (AIGG) focuses on a topic that’s now at the top of the agenda for boards, CEOs and strategy leaders worldwide. The event featured a stellar lineup of speakers, including:

• Commissioner Michael McGrath
• Minister of State at the Department of Enterprise, Trade and Employment Niamh Smyth
• Emma Redmond (OpenAI)
• Ronan Davy (Anthropic)
• Former Data Protection Commissioner Helen Dixon
• Children’s Ombudsman Niall Muldoon

 Key takeaways:

•  AI governance is about more than compliance. While ensuring compliance with laws like the AI Act and GDPR is essential, governance is primarily about enabling the safe, responsible and innovative use of AI. Effective governance helps manage risks and unlock opportunities, positioning organisations for long-term success.
• AI literacy is essential at every level. AI literacy empowers employees to use AI tools confidently and responsibly, facilitating innovation while managing risk. Beyond the AI Act’s Article 4 requirement for training, building AI awareness across your workforce is crucial. DPC Commissioner Dale Sutherland noted that AI training can be integrated into existing cyber and GDPR programmes. While no regulatory standard exists yet for Article 4 compliance, helpful guidance is available from the European Commission – see here for more details.
• Data is the lifeblood of AI. Whether you’re developing or deploying AI, high-quality, well-managed data is critical. Boosting digital literacy can help organisations identify where AI can add value. Notably, up to 97% of healthcare data goes unused after collection. With proper governance, this data can be leveraged to deliver better outcomes.
• Post-deployment monitoring remains a challenge. Monitoring AI systems after deployment is essential but often difficult. However, many existing tools and practices – like logs, access controls, and data loss prevention – can be adapted for AI. The most frequently cited success factor? Effective training and policy enforcement, paired with access to controlled tools. Many times over we have heard that “the horse has bolted” and cannot be put back in the stable – but organisations need to move the stable and make it more appealing for their employees to use the tools that have gone through governance and are within their control.
• Leverage existing governance structures. For SMEs especially, building new governance frameworks can be resource intensive. Many speakers, including regulators, highlighted how existing GDPR structures can be adapted for AI governance. For example:
  • Privacy by Design and DPIAs can be applied across the AI lifecycle.
  • GDPR training programmes can be expanded to include AI literacy.
  • The Record of Processing Activities (ROPA) can help track AI systems within your organisation.

Upskilling current teams or partnering with external experts may be needed, but these changes might not be as daunting as they seem.

Next steps for organisations

Continue building your knowledge of AI and consider the impact you want it to have on your organisation. Realising that impact will require strong governance and effective risk management. Talk to your industry peers and trusted advisors – and most importantly, start now!