Logo and page links

Main menu

How to apply to join the sandbox?

Do you have a project that involves both artificial intelligence and privacy issues? Could your project benefit from close communication with the Data Protection Authority to find good solutions that protect user privacy? If so, you could apply to join our regulatory sandbox.

Application deadline for the fourth round of sandboxing was 1st of February 2023. When the next round will be, is not yet decided. If you have a project for the sandbox, we you may contact us anytime on .

You may apply by downloading and submitting the application form to . The application will be registered in the Data Protection Authority’s archive system.

Applications must meet some general criteria. You can read more about this in our guide on the framework for the sandbox.


As applications are submitted via e-mail, we encourage you to protect the contents of your application if you believe all or some of the content is sensitive information. If you want to protect the content of your document before sending it, take the opportunity to password-protect the Word document (File, Save as, Tools, General options, Password to open). The password may be shared with us via telephone. Alternatively, you may use PGP encryption.

What happens next?

The Data Protection Authority will invite applicants to a short interview during the first weeks following the application deadline. Projects that meet the criteria will be asked to submit supplementary information. On this basis, the Data Protection Authority will select a handful of projects, which will receive an invitation to join the sandbox. Project initiation dates should be within December.

Applications are assessed and selected by an internal Data Protection Authority committee. Toward the end of the selection process, the Data Protection Authority will invite an external reference group to provide recommendations for the selection process. The objective of this reference group is to provide an external perspective, to make sure that the projects we select have the best possible potential for social relevance and benefit.

When projects are completed, we will accept applications for a new round of projects.

Practical information about submitting, receiving and archiving applications

The Data Protection Authority is subject to the Freedom of Information Act, which means that anyone may demand access to documents sent to and from us. We do not grant access to confidential information. This includes technical devices and procedures or operational or business matters, which, for reasons of competition, it is important for the organization to keep secret, see Section 13 of the Public Administration Act.

If any party requests access to the applications, we will first contact the applicants to find out what their position is.