EUEnforcement: August 2, 2026

Bulgaria — GDPR + EU AI Act + National Digital Transformation Programme: AI Compliance Requirements

Bulgaria's Commission for Personal Data Protection (CPDP / Комисия за защита на личните данни) supervises data protection. Bulgaria's National Programme for Accelerated Digital Transformation 2022-2024 and subsequent Digital Decade participation plan include AI governance. Bulgaria is investing in AI for e-government, healthcare, and the automotive supply chain sector.

Check your compliance — free Download checklist

Key Facts

Effective Date

May 25, 2018

Enforcement Begins

August 2, 2026

Maximum Penalty

Up to BGN 20,000,000 (~€10,225,000) or 4% of global turnover for GDPR violations; EU AI Act: €35M or 7%

What Your Business Must Do

2 compliance requirements identified. Critical requirements carry the highest risk of enforcement action.

GDPR AI Compliance — CPDP Supervision

Critical

CPDP supervises GDPR compliance for AI systems processing Bulgarian residents' data. Required: lawful basis documentation for AI training datasets, DPIA for high-risk AI (profiling, automated decisions, biometric systems), DPO appointment for public authorities and large-scale processors, and data subject rights implementation for AI-generated decisions.

Deadline: August 2, 2026

EU AI Act Compliance — Priority Sectors

High Priority

Bulgaria's digital transformation plan focuses on AI in healthcare (telemedicine, diagnostic AI) and automotive manufacturing (AI-driven quality control). EU AI Act Annex III classifies medical diagnostic AI and safety-critical industrial AI as high-risk. Conformity assessment and CE marking readiness required before deployment.

Deadline: August 2, 2026

Frequently Asked Questions

Does Bulgaria — GDPR + EU AI Act + National Digital Transformation Programme apply to my business?

Bulgaria's Commission for Personal Data Protection (CPDP / Комисия за защита на личните данни) supervises data protection. Bulgaria's National Programme for Accelerated Digital Transformation 2022-2024 and subsequent Digital Decade participation plan. Use ComplianceIQ's free scanner to get a personalized assessment in under 5 minutes.

What is the penalty for non-compliance?

The maximum penalty under Bulgaria — GDPR + EU AI Act + National Digital Transformation Programme is: Up to BGN 20,000,000 (~€10,225,000) or 4% of global turnover for GDPR violations; EU AI Act: €35M or 7%. Fines are typically scaled by company size, severity of violation, and whether violations were willful or accidental.

How do I comply with Bulgaria — GDPR + EU AI Act + National Digital Transformation Programme?

The 2 requirements above cover the core obligations. The fastest path to compliance is: (1) conduct an AI risk assessment, (2) document your AI systems, (3) implement transparency disclosures where required. ComplianceIQ generates all required documents automatically.

Official Source

https://www.cpdp.bg/en

Last updated: 2026-04-14 — verify at source before relying on this information.

Don't leave compliance to chance

ComplianceIQ scans your AI tools, tells you exactly which regulations apply, and generates all required documents — in 30 minutes.

Start your free compliance scan