PTEnforcement: August 2, 2026

Portugal — CNPD + EU AI Act + Portuguese National AI Strategy: AI Compliance Requirements

Portugal's Comissão Nacional de Proteção de Dados (CNPD) enforces GDPR and has issued sector-specific AI guidance for financial services, healthcare, and public administration. Portugal published its "Estratégia Nacional para a Inteligência Artificial — ENIA 2030" establishing AI governance principles. Portugal is an EU member and fully subject to EU AI Act. The CNPD actively monitors AI-driven profiling and credit scoring systems.

Check your compliance — free Download checklist

Key Facts

Effective Date

January 1, 2021

Enforcement Begins

August 2, 2026

Maximum Penalty

GDPR (CNPD): up to €20M or 4% global turnover. EU AI Act: €35M or 7% global turnover.

What Your Business Must Do

3 compliance requirements identified. Critical requirements carry the highest risk of enforcement action.

EU AI Act Compliance (Mandatory)

Critical

Portugal is subject to the EU AI Act. Risk classification required for all AI systems used in Portugal or processing data of Portuguese residents. High-risk AI in public administration, banking (Banco de Portugal oversight), healthcare (DGS oversight), and justice requires conformity assessment. Portugal's market surveillance authority coordinates with CNPD on AI enforcement.

Deadline: August 2, 2026

CNPD GDPR AI Compliance

High Priority

CNPD guidance requires: legal basis documentation for AI training data from Portuguese residents, DPIA for AI profiling systems, disclosure of automated decision-making under Art. 22, and explicit consent for sensitive AI processing. CNPD has issued guidance specifically on AI credit scoring and employee monitoring.

ENIA 2030 National AI Strategy Compliance

Lower Priority

Portugal's ENIA 2030 strategy creates AI ethics principles applicable to Portuguese public procurement. Organizations bidding on Portuguese government AI contracts must demonstrate ENIA compliance: human oversight, transparency, fairness testing, and data governance. Voluntary CNPD AI certification available.

Frequently Asked Questions

Does Portugal — CNPD + EU AI Act + Portuguese National AI Strategy apply to my business?

Portugal's Comissão Nacional de Proteção de Dados (CNPD) enforces GDPR and has issued sector-specific AI guidance for financial services, healthcare, and public administration. Portugal published its "Estratégia Nacional para a Inteligência Artificia. Use ComplianceIQ's free scanner to get a personalized assessment in under 5 minutes.

What is the penalty for non-compliance?

The maximum penalty under Portugal — CNPD + EU AI Act + Portuguese National AI Strategy is: GDPR (CNPD): up to €20M or 4% global turnover. EU AI Act: €35M or 7% global turnover.. Fines are typically scaled by company size, severity of violation, and whether violations were willful or accidental.

How do I comply with Portugal — CNPD + EU AI Act + Portuguese National AI Strategy?

The 3 requirements above cover the core obligations. The fastest path to compliance is: (1) conduct an AI risk assessment, (2) document your AI systems, (3) implement transparency disclosures where required. ComplianceIQ generates all required documents automatically.

Official Source

https://www.cnpd.pt/home/orientacoes/orientacoes.htm

Last updated: 2026-04-14 — verify at source before relying on this information.

Don't leave compliance to chance

ComplianceIQ scans your AI tools, tells you exactly which regulations apply, and generates all required documents — in 30 minutes.

Start your free compliance scan