Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NLยทEN
Explainer

AI in retail: pricing, recommendations and profiling

Adopted 2026-06-22 ยท ≈ 2 min read ยท Dirk Baaijen

Retail and e-commerce use AI for dynamic pricing, recommendations and profiling. These trigger the AI Act (prohibited practices, transparency), the GDPR (profiling, automated decisions) and the DSA (recommender systems, advertising) at the same time.

Short answer: AI in retail rarely falls under the high-risk regime, but it sits squarely at the crossroads of three frameworks. The AI Act bans manipulative systems and requires transparency for chatbots and generated content; the GDPR governs when you may profile and decide automatically; the DSA sets requirements for recommender and advertising systems on platforms. Looking only at the AI Act misses most of the obligations.

Dynamic pricing

Dynamic pricing โ€” prices that move with demand, stock or competition โ€” is permitted in itself. The line lies at personalised pricing based on individual behaviour or profiles. Under the GDPR that requires a valid legal basis and transparency; the consumer must know a price has been tailored to them. The AI Act (prohibited practices) further bans pricing systems that exploit vulnerabilities โ€” for example using financial distress or age to push someone into a purchase.

Recommendations and profiling

Recommender systems run on profiling: the system infers preferences from behaviour. That is processing of personal data and falls under the GDPR, including the rights to information and to object. On large online platforms the DSA requires that the main parameters of the recommender system are explained in the terms, and that very large platforms offer at least one option without profiling. Targeting ads on the basis of special-category data (health, religion) is prohibited under the DSA, as is targeted advertising to minors.

Manipulation and transparency

The AI Act draws a hard line at manipulation. Systems that use subliminal or deceptive techniques to materially distort behaviour and can cause harm are prohibited. In practice this means: no AI-driven fake scarcity or misleading urgency, and no exploitation of vulnerable groups. In addition, Article 50 transparency applies: customers must know they are talking to a chatbot and that product images or text are AI-generated.

Overlap with other rules

Alongside these three, consumer law (unfair commercial practices), the Omnibus Directive (price transparency) and sectoral rules also apply. The common thread: the same application is hit by several regimes at once. A recommender engine is processing for the GDPR, a recommender system for the DSA and possibly a transparency duty for the AI Act. Related applications recur in AI in legal services and AI in housing allocation.

What to do

  • Map your applications and test each against the AI Act, GDPR and DSA โ€” not one regime at a time.
  • Document the legal basis for profiling and personalised pricing, and offer an opt-out.
  • Avoid manipulation: no AI-driven deception, no exploitation of vulnerabilities.
  • Be transparent that customers are dealing with AI (chatbots, generated content).
  • Check platform duties under the DSA if you operate an online platform.

AI in retail is rarely "prohibited" or "high-risk", but almost always subject to a stack of transparency and data rules.

Sources

  1. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act): Art. 5 prohibited practices (manipulation, exploiting vulnerabilities) and Art. 50 transparency duties.
  2. https://eur-lex.europa.eu/eli/reg/2016/679/oj
    Regulation (EU) 2016/679 (GDPR): legal basis, profiling and Art. 22 automated decision-making.
  3. https://eur-lex.europa.eu/eli/reg/2022/2065/oj
    Regulation (EU) 2022/2065 (DSA): transparency of recommender systems and advertising on online platforms.

Share on LinkedIn

Read next

U

AI in hospitality and tourism: dynamic pricing, profiling and the GDPR

Hospitality and tourism use AI for dynamic pricing, recommendations and guest profiling. The AI Act rarely treats this as high-risk, but the GDPR is decisive: profiling, automated decisions and transparency call for clear legal bases.

U

AI and minors: extra protection under the AI Act, GDPR and DSA

Stricter rules apply to children. The AI Act prohibits manipulation and exploitation of vulnerability (Art. 5), the GDPR sets requirements for consent and profiling, and the DSA bans profiling-based advertising aimed at minors.

U

AI and non-discrimination: equal-treatment law alongside the AI Act

An AI system that treats people unequally is caught not only by the AI Act but also by existing equal-treatment law. The two regimes apply side by side โ€” and the ban on discrimination applies even where your AI system is not high-risk.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject โ€” programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method โ†’

A project or programme? Work with YRproject โ†’

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.