PORTUGAL Law and Practice Contributed by: Jorge Silva Martins, João Carminho and Inês Coré, CS’Associados
higher security standards and additional regula - tory safeguards. Cloud computing raises significant legal con - cerns regarding security, data transfers, and the role of cloud providers in personal data process - ing. A major issue is that cloud providers often act as processors under the GDPR, meaning they process data on behalf of controllers and must comply with Article 28 of the GDPR, which imposes contractual obligations to ensure data security and regulatory compliance. Control - lers must verify that cloud providers implement robust security measures, access controls, and breach response mechanisms. 3. Artificial Intelligence 3.1 Liability, Data Protection, IP and Fundamental Rights Portugal does not yet have specific national legislation dedicated to AI. However, as an EU member state, it is subject to all EU regulatory initiatives in this field, particularly the AI Act, which applies in Portugal and serves as the pri - mary legal framework for AI. Under the AI Act, however, member states must adopt an implementing act by 2 August 2025, which will establish, among other provisions, rules on penalties, including administrative fines. To comply with Article 77 of the AI Act, Portugal has designated 14 national authorities respon - sible for overseeing compliance with EU funda - mental rights legislation in the use of high-risk AI systems. Among them, ANACOM has been assigned the role of co-ordinating efforts among all designated authorities.
Beyond the AI Act, Portugal’s AI regulatory land - scape encompasses both horizontal and sec - tor-specific regulations at the national and EU levels, including, but not limited to, consumer protection laws and privacy and data protection regimes (particularly, the GDPR). Although not a legislative instrument, the Por - tuguese Charter on Human Rights in the Digital Age (Law No 27/2021) is also relevant. The Char - ter emphasises ethical principles such as trans - parency, accountability, and non-discrimination in the design and application of AI and robotics, as outlined in Article 9. With regards to deepfake technologies, Portu - gal has not yet introduced legislation address - ing this specific use of technology. However, existing laws provide legal safeguards against the unauthorised use or manipulation of an indi - vidual’s likeness and voice: • The Portuguese Civil Code protects individu - als against unauthorised use of their image and voice, meaning that creating or distribut - ing without consent may constitute a violation of personality rights. • The Portugal Penal Code includes provisions on defamation and offences against a per - son’s honour, which may apply to the mali - cious use of deepfake technology. • The GDPR, applicable across the EU, also provides protection by regulating the pro - cessing of personal data, including visual and audio data used in deepfakes. Finally, Portugal has yet to implement specific legislation for AI application in the transport sector, such as self-driving cars and/or drones. However, existing national and EU regulations provide a foundational legal framework:
385 CHAMBERS.COM
Powered by FlippingBook