https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Sat, 16 May 2026 00:00:00 GMT https://www.youngju.dev/blog/culture/2026-05-16-privacy-ai-regulations-2026-gdpr-eu-ai-act-dsa-dma-pipa-appi-nist-ai-rmf-iso-42001-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-16-privacy-ai-regulations-2026-gdpr-eu-ai-act-dsa-dma-pipa-appi-nist-ai-rmf-iso-42001-deep-dive.en In May 2026, privacy and AI regulation has split into five camps. The EU has stacked the EU AI Act (effective Aug 2024, prohibitions Feb 2025, full enforcement Aug 2026), DSA, DMA, Data Act, and Cyber Resilience Act on top of GDPR (2018). The US still has no federal omnibus law, while 8 states actively enforce comprehensive privacy laws and IL BIPA forms a separate biometric front. Koreas PIPA was amended in 2024 to formalize pseudonymized data, MyData, and medical MyData; Japans APPI continues to refine foreign transfer and anonymized processing rules. Layered on top: China PIPL, Brazil LGPD, OECD AI Principles, NIST AI RMF, ISO 42001, and the multilateral AISI agreements. This article maps all of it in one place and turns "what should we do?" into a phased compliance plan. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) privacyai-regulationgdpreu-ai-actdsadmadata-actcyber-resilience-actccpacpravcdpacpactdpatdpsaoapapipa-koreaappi-japanpipl-chinalgpd-brazilnist-ai-rmfiso-42001oecd-aiaisi2026deep-diveenglish https://www.youngju.dev/blog/culture/2026-05-16-privacy-ai-regulations-2026-gdpr-eu-ai-act-dsa-dma-pipa-appi-nist-ai-rmf-iso-42001-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-16-privacy-ai-regulations-2026-gdpr-eu-ai-act-dsa-dma-pipa-appi-nist-ai-rmf-iso-42001-deep-dive.ja 2026年5月、プライバシー・AI 規制は5陣営に分かれた。EU は GDPR(2018)の上に EU AI Act(2024.8 発効、2025.2 禁止、2026.8 全面施行)、DSA・DMA・Data Act・Cyber Resilience Act を積み上げた。米国は連邦の包括法がないまま、8つの州が包括プライバシー法を運用し、IL BIPA が生体情報の別戦線を形成する。韓国 PIPA は 2024 改正で仮名情報・MyData・医療マイデータを整備し、日本 APPI は外国移転・匿名加工情報の運用を磨いている。その上に中国 PIPL、ブラジル LGPD、OECD AI 原則、NIST AI RMF、ISO 42001、AISI 多国間協定が乗る。この記事ではその全体図を一度に整理し、「自社で何をすべきか」を段階で示す。 Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) privacyai-regulationgdpreu-ai-actdsadmadata-actcyber-resilience-actccpacpravcdpacpactdpatdpsaoapapipa-koreaappi-japanpipl-chinalgpd-brazilnist-ai-rmfiso-42001oecd-aiaisi2026deep-dive日本語 https://www.youngju.dev/blog/culture/2026-05-16-privacy-ai-regulations-2026-gdpr-eu-ai-act-dsa-dma-pipa-appi-nist-ai-rmf-iso-42001-deep-dive https://www.youngju.dev/blog/culture/2026-05-16-privacy-ai-regulations-2026-gdpr-eu-ai-act-dsa-dma-pipa-appi-nist-ai-rmf-iso-42001-deep-dive 2026년 5월, 프라이버시·AI 규제는 다섯 진영으로 갈라졌다. EU는 GDPR(2018) 위에 EU AI Act(2024.8 발효, 2025.2 금지, 2026.8 전면 시행)와 DSA·DMA·Data Act·Cyber Resilience Act를 차곡차곡 쌓았다. 미국은 연방법이 없는 채로 8개 주가 활성 프라이버시법을 시행 중이고, IL BIPA는 별도의 생체정보 전선을 형성한다. 한국 PIPA는 2024 개정으로 가명정보·MyData·의료데이터를 정비했고, 일본 APPI는 외국 이전·익명가공정보의 운영을 가다듬는다. 그 위에 중국 PIPL, 브라질 LGPD, OECD AI 원칙, NIST AI RMF, ISO 42001, AISI 다자 협정이 얹힌다. 이 글은 그 모든 지도를 한 번에 정리하고, "우리 회사는 무엇을 해야 하나"를 단계로 풀어준다. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) privacyai-regulationgdpreu-ai-actdsadmadata-actcyber-resilience-actccpacpravcdpacpactdpatdpsaoapapipa-koreaappi-japanpipl-chinalgpd-brazilnist-ai-rmfiso-42001oecd-aiaisi2026deep-dive