On 6 May 2025, the European Data Protection Board (EDPB) published Opinion 06/2025 addressing the European Commission´s proposal to extend the United Kingdom´s adequacy status for personal data transfers under both the General Data Protection Regulation (GDPR) and Law Enforcement Directive (LED). The opinion is a response to the ongoing evaluation of whether data originating in the European Economic Area can continue to flow lawfully to the UK while ensuring a level of protection essentially equivalent to that guaranteed within the EU.
The EDPB opinion scrutinizes the UK’s legal and regulatory framework to determine whether it continues to uphold high data protection standards in view of recent legislative developments. Notably, the EDPB considers the impact of newer European regulatory initiatives, such as the proposed Artificial Intelligence Act and the Data Act, assessing their intersection with cross-border data flows and the robustness of privacy safeguards in the UK post-Brexit. Particular attention is paid to mechanisms for data subject rights, independent oversight, and effective remedies in the UK, as well as international data-sharing agreements that may affect the adequacy decision.
The outcome of this EDPB assessment carries substantial weight for organizations operating transnationally, as it underpins secure and predictable data transfer frameworks between the EU and the UK. The opinion also advises the European Commission on potential risks and points of regulatory divergence, urging ongoing monitoring of UK practices, particularly as both the UK and EU continue to update their laws to keep pace with advancements in technology such as Artificial Intelligence. Stakeholders across sectors—spanning technology, law enforcement, and industry—are paying close attention to the implications of this opinion for the future landscape of international data transfers, compliance requirements, and digital innovation governance in Europe and beyond.
