Israel Privacy Protection Law (PPL 5741-1981) + 2023 Reform + INCD AI: AI Compliance Requirements

PPL Section 8 requires organizations maintaining databases of Israeli residents' personal data to register with the PPA (Privacy Protection Authority). AI training datasets containing Israeli personal data constitute registrable databases. The 2023 reform updates registration to include AI-specific processing activities and automated decision-making systems.

PPL Section 11 requires organizations to inform individuals of data processing purposes before collection. The 2023 reform adds specific disclosure requirements for AI-driven processing, profiling, and automated decision-making. Consent must be specific to each AI processing purpose. Privacy notices must explicitly mention AI use and automated decision logic.

The 2023 PPL reform (effective 2024) requires high-risk processing organizations to conduct Data Protection Impact Assessments (DPIAs) and appoint a Data Protection Officer (DPO). AI systems processing sensitive categories (health, financial, biometric, political) require mandatory DPIA. The DPO must be independent and report directly to senior management.

The Israel National Cyber Directorate (INCD) published AI security guidelines covering prompt injection defense, model security, and AI supply chain integrity. Organizations deploying AI in critical infrastructure, defense-adjacent sectors, or government contracts must comply with INCD guidelines and conduct AI security assessments. Israeli high-tech companies exporting AI must also comply with EU AI Act for European customers.