The EDPB's public consultation on Recommendations 1/2026 (Processor Binding Corporate Rules) closed on 2 March 2026.
Processor BCRs are used by processor groups to legitimise certain intra-group international transfers and to demonstrate governance and enforceable commitments across the group.
The Recommendations address the application route for approval and outline elements and principles expected to be reflected in processor BCR documentation under Article 47 GDPR.
Acompli perspective: Transfer mechanisms reduce risk only if the underlying controls and governance are real and auditable. Treat BCR documentation as an operational evidence set, not a legal formality. Assess binding corporate rules as part of your processor risk management, and ensure data transfer mechanisms are backed by documented assessments.