EDPB Web-Scraping Rules for AI Training: What US Teams Owe | TLY

AI Regulation Tracker  /  EU guidance

EDPB sets EU web-scraping rules for AI training, all but barring sensitive-data scraping without filters

Regulatory summary: On July 8, 2026 the EDPB adopted Guidelines 03/2026 on web scraping for generative-AI training, with Sweden's IMY as lead rapporteur. Any organization scraping EU personal data must justify legitimate interest and add safeguards before, during and after scraping to filter out special-category data. Consultation runs to October 30.

New EDPB Guidelines 03/2026, drafted with Sweden's IMY as lead rapporteur, set when scraping public web data to train generative AI can rest on legitimate interest and force before, during and after controls on any sensitive data swept up.

Primary source

EDPB sets EU web-scraping rules for AI training, all but barring sensitive-data scraping without filters regulation briefing
The Leveraged Years AI Regulation Tracker

Key takeaways

  • The EDPB issued its first dedicated guidance on scraping web data to train generative AI, turning the abstract legitimate-interest debate into a documented control regime and sharply restricting the scraping of special-category data unless the controller actively filters it out before, during and after collection.
  • US AI developers, data brokers and vendors, and enterprise legal and compliance teams building in-house models on scraped corpora that touch EU or EEA personal data, alongside European controllers doing the same.
  • Status: Published guidance (open for public consultation).
  • Read the draft and map your current scraping and data-buying pipeline against the before, during and after control expectations while the consultation is still open.

What did the EDPB actually adopt, and why does Sweden sit at the center of it?

On July 8, 2026 the European Data Protection Board adopted Guidelines 03/2026 on web scraping in the context of generative AI, published as Version 1.0 for public consultation. The guidance is the first from the Board that deals directly with the practice of harvesting public web data to build and train generative models. Sweden's data protection authority, IMY, served as lead rapporteur, which means the Swedish regulator ran the drafting and now stands as the de facto reference voice on how the rules should read.

That authorship matters for anyone outside Europe. When a national supervisor writes the text that all 27 EU data protection authorities sign off on, its interpretation tends to set the tone for the enforcement that follows. IMY confirmed the adoption the same day and opened the document for feedback until October 30, 2026. The guidance sits alongside a companion set of anonymisation guidelines, also out for consultation, and a finalized set on blockchain that the Board adopted at the same plenary.

One point the guidance makes early is reach. It applies both to organizations that scrape data themselves and to those that buy pre-collected datasets from a vendor. A US developer cannot sidestep the analysis by purchasing a scraped corpus rather than gathering it, because the buyer inherits the same obligations as a controller under the General Data Protection Regulation.

When can legitimate interest justify scraping for AI training?

Most large-scale scraping cannot realistically rest on consent, so developers have leaned on legitimate interest under Article 6(1)(f) of the GDPR. The EDPB does not close that door, but it narrows the frame. Guidelines 03/2026 give clarifications and worked examples on how the legitimate-interest basis applies to scraping for AI training, and they treat it as a test the controller has to pass and document, not a label to attach after the fact.

The Board also flags data minimisation as a principle that is particularly hard to satisfy when scraping at web scale, since indiscriminate collection is the opposite of what the principle asks for. Rather than leave that as an abstraction, the guidance advises on concrete measures a controller should put in place so that a scrape collects what the stated purpose needs and not the entire open web. For teams used to grabbing everything and sorting it out later, that is a change in sequence: the filtering logic has to exist before the crawl runs.

What happens when scraping sweeps up sensitive data?

This is the part with teeth. The GDPR treats special categories of personal data, which include health, ethnicity, sexual orientation, political opinions and religious belief, as prohibited to process in principle under Article 9. The EDPB is blunt that there is no general exemption from Article 9 for AI training. If a scrape involves special-category data, the controller needs both a lawful basis under Article 6 and a separate exception under Article 9(2).

The Board then leans on the Court of Justice ruling in GC & Others (C-136/17). It suggests that the Court's reasoning may allow for the incidental or residual collection of special-category data during scraping, but only where the controller acts within the framework of its responsibilities, powers and capabilities and puts appropriate technical and organizational measures in place to prevent that data from being collected and spread. IMY describes the same condition plainly: sensitive data may be scraped only if the organization takes a set of measures before, during and after the web scraping.

Read together, that is close to a working prohibition unless a developer builds active filtering into the pipeline. Before the scrape means excluding sources and categories likely to surface sensitive data. During the scrape means detection and suppression as data flows in. After the scrape means validating the dataset and removing sensitive records before anything reaches training. The Board adds that there is no blanket pass here and that each case has to be assessed on its own facts to see whether the Court's logic actually fits.

What US developers and data buyers should do before October 30?

The immediate value of this document is that it converts a long-running argument into something a compliance team can act on. A US firm training on EU personal data now has a checklist it lacked a week ago. Write the legitimate-interest assessment down. Show the data-minimisation choices that shaped the crawl. Document the three-stage controls for special-category data, and keep the evidence that they ran.

Because the text is in consultation until October 30, 2026, it can still shift, and the comment window is a chance to push back on parts that read as unworkable at frontier scale. It is not binding law, and the fines that attach to the GDPR itself sit behind it rather than inside it. Even so, treating Version 1.0 as the standard your pipeline will be measured against is the safer bet, since the final text rarely softens the direction a first draft sets.

DateJurisdictionRuleAffected professionalsStatus or effective date
2026-07-11European UnionThe EDPB issued its first dedicated guidance on scraping web data to train generative AI, turning the abstract legitimate-interest debate into a documented control regime and sharply restricting the scraping of special-category data unless the controller actively filters it out before, during and after collection.US AI developers, data brokers and vendors, and enterprise legal and compliance teams building in-house models on scraped corpora that touch EU or EEA personal data, alongside European controllers doing the same.Published guidance (open for public consultation)

Frequently Asked Questions

Is Guidelines 03/2026 a binding law I can be fined under?

No. It is EDPB guidance adopted on July 8, 2026 and open for public consultation until October 30, 2026. It interprets the GDPR rather than adding new penalties, but it signals how EU regulators will read existing GDPR duties on scraping for AI.

Does buying a scraped dataset instead of scraping it myself get me off the hook?

No. The guidance applies to organizations that purchase pre-collected data as well as those that scrape it directly, so a buyer carries the same controller obligations under the GDPR.

Can I ever scrape special-category data like health or political views?

Only under tight conditions. Article 9 treats such data as prohibited in principle, and the EDPB says there is no general exemption for AI training. Incidental collection may be defensible under the GC & Others reasoning if you apply technical and organizational filters before, during and after scraping and assess each case individually.

What is the single most useful step to take now?

Produce a written legitimate-interest assessment and a documented before, during and after filtering plan for sensitive data, then map your existing scraping or data-buying pipeline against them before the October 30, 2026 consultation closes.

Browse the full AI Regulation News tracker

Informational analysis for working professionals, not legal advice. Confirm how any rule applies to your situation with qualified counsel.