Brazil's ANPD Conducts International Mission in London: LGPD, AI Governance and UK Cooperation

Brazil's National Data Protection Authority (ANPD) conducted an institutional mission to London in March 2026, marking a significant step in positioning Brazil as a relevant actor in the global digital regulation landscape. The agenda included meetings with the ICO (Information Commissioner's Office) and UK government representatives, focusing on regulatory interoperability between LGPD and international standards, bilateral cooperation on cross-border data flows, and alignment on AI governance. ## Why London? The UK holds a strategic position in the global data protection ecosystem. Post-Brexit, the country maintained the UK GDPR and has been actively building its own adequacy agreement network. For Brazil, a UK adequacy recognition would facilitate data flows between the two jurisdictions without additional contractual mechanisms, reducing friction for companies operating in both markets. ## Key Discussion Points The LGPD and UK GDPR share foundational principles but differ in operational aspects: incident notification deadlines, DPO requirements, and international transfer mechanisms. The meetings focused on mapping these gaps and finding harmonization paths that make data flows less bureaucratic. AI governance occupied a central place in the agenda. Brazil is advancing AI regulation through Bill 2.338/2023, which requires algorithmic transparency and impact assessments for high-risk systems. The UK took a more flexible, sector-by-sector approach without a dedicated AI law. Finding common ground between these two models matters because AI systems are rarely contained within a single jurisdiction. The ICO's enforcement track record — fining British Airways £20 million and Marriott £18.4 million for GDPR violations — also provided a useful reference point for the ANPD as it develops its own oversight methodology. ## What This Means for Businesses Companies already compliant with GDPR or UK GDPR have a head start. The more urgent task is preparing for AI regulation — organizations using systems that affect Brazilian data subjects should begin documenting their high-risk models now, before the law is finalized. Brazil is committed to integrating its data protection framework into the global regulatory ecosystem. The London mission was a concrete step in that direction.