Coordinated Enforcement Framework

The Coordinated Enforcement Framework (CEF) was developed as part of the EDPB 2021-2023 Strategy to streamline enforcement and cooperation among Data Protection Authorities (DPAs). Each year, DPAs select the priority enforcement topic on which they will act in a coordinated way.  

The CEF creates a structure for DPAs to work together, coordinate or facilitate enforcement actions on a pre-defined topic and with an agreed-upon methodology.


What are the Coordinated Enforcement actions that have taken place so far? 

  • Launch of coordinated enforcement on the right of access, 2024


  • Coordinated enforcement on the designation and position of data protection officers (DPOs), 2023


  • Coordinated enforcement on use of cloud by public sector, 2022


How are the topics selected? 

Every year, EDPB members submit proposals for the topic of the next CEF annual action. All EDPB Members vote on the topic at the plenary meeting of the EDPB.  


What happens once a topic for an annual action is agreed upon? Who participates? 

The process is managed internally by EDPB members and coordinated by the EDPB Secretariat and one or several Data Protection Authorities (DPAs).

Participation of DPAs is on a voluntary basis.  

Every annual action is designed to be flexible:  DPAs can choose from a range of diverse actions and they participate in coordinated/annual actions in one or more of the following ways: 

  • fact finding exercises,
  • new formal investigations, and/or
  • follow-up of ongoing formal investigations.

Once the EDPB Plenary choses a topic for the annual action, the DPA which proposed the topic, assisted by the EDPB Secretariat, coordinates the work of the participating DPAs during a year.

  1. The collaborative work includes the following steps:
    The scope of the action is clarified and a questionnaire or audit guide is built. Next, all participating DPAs launch the action at the same time. During the whole process, participants stay regularly in contact with each other to discuss and share updates on the progress of their investigations and findings.
  2. A common outline and structure is proposed by the coordinators and agreed with the group of participants. Each DPA drafts its own national report based on the results of its action and shares it with the group.
  3. The coordinators gather and aggregate all national reports and prepare the EDPB report that is then submitted to the EDPB Plenary for adoption. The EDPB report usually presents the main findings of DPAs (e.g. challenges, points of attention), makes recommendations and describes the actions taken at national level.

How many external parties does a DPA reach out to in the framework of the CEF annual action?

The DPAs can decide how many and which types of organisations or stakeholders they will reach out to as part of their coordinated actions. This is decided on the basis of their strategy, enforcement priorities and resources, and taking into account the agreed scope.