Ukraine Draft PDP Law

Draft Law 8153 on Personal Data Protection

Ukraine's draft GDPR-aligned data protection law establishing 72-hour breach notification and automated processing rules.

Jurisdiction

Ukraine

Enacted

Pending

Effective

TBD

Enforcement

To be established

GDPR-aligned framework under consideration

DataGuidance Ukraine Overview

Why It Matters

Ukraine's GDPR-aligned framework (when enacted) will create familiar compliance pathway for AI chatbot platforms serving Ukrainian users with automated risk assessments.

Recent Developments

Draft under consideration; passage timing affected by ongoing conflict

At a Glance

Applies to

AI CompanionMental Health AppGeneral Chatbot

Requires

Transparency User Rights

Who Must Comply

Data controllers and processors in Ukraine (when enacted)
Entities processing data of Ukrainian residents
Automated decision-making systems

Obligations fall on:

Safety Provisions

GDPR-aligned data protection framework
72-hour breach notification to supervisory authority
Automated processing safeguards
Data Protection Impact Assessment for high-risk
Cross-border transfer restrictions

Compliance & Enforcement

Penalties

To be determined upon enactment

Primary Source

DataGuidance Ukraine Overview

https://www.dataguidance.com/

View on map

Ukraine

Focus Areas

Mental health & crisis

Algorithmic accountability

Cite This

APA

Ukraine. (n.d.). Draft Law 8153 on Personal Data Protection.

Related Regulations

In Effect CH

Switzerland FADP

Switzerland's revised data protection law with Article 21 automated decision transparency requirements, human review rights, and fines up to CHF 250,000.

In Effect PT

Portugal Digital Rights Charter

Portugal's Charter of Digital Rights with Article 9 requiring AI to respect fundamental rights and establishing algorithmic auditability principles.

In Effect RS

Serbia PDP Law

Serbia's GDPR-aligned data protection law with profiling safeguards and DPIA requirements.

In Effect AT

Digital Austria 2.0

Austria's digital sovereignty framework establishing Sovereignty Compass for AI audits and mandatory Digi-Check for all legislation.

In Effect AT

Austria AI Service Center

Austria's national AI authority established within RTR (Rundfunk und Telekom Regulierungs-GmbH) for EU AI Act market surveillance coordination.

In Effect NL

Netherlands Algorithmic Framework

Netherlands' algorithmic risk assessment framework specifically addressing mental health chatbots in risk reports and requiring Fundamental Rights Impact Assessment (FRIA).

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.