Starting from an analysis of the EU Reg. n. 2016/679 on General Data Protection Regulation (GDPR), the Author deals with the opportunity to translate the current strategies on Artificial Intelligence into a possible general risk-based framework that combines hard and soft law instruments with the practical needs emerging in different sectors where AI technologies find application (i.e. healthcare, industrial innovation and robotics, workplace, etc.). This analysis allows the Author to provide a notion of “AI Controller”, whose main roles, responsibilities, and obligations are listed in a “General AI Regulation” proposal, illustrated in the last paragraphs.