Europe Scales Back AI Act and GDPR Under Industry Pressure

Europe is scaling back its landmark privacy and AI laws

After years of staring down the world's biggest tech companies and setting the bar for tough regulation worldwide, Europe has blinked. Under intense pressure from industry and the US government, Brussels is stripping protections from its flagship General Data Protection Regulation (GDPR) -- including simplifying its infamous cookie permission pop-ups -- and relaxing or delaying landmark AI rules in an effort to cut red tape and revive sluggish economic growth. The proposed overhaul won't land quietly in Brussels, and if the development of the GDPR and AI Act are anything to go by, a political and lobbying firestorm is on its way. The GDPR is a cornerstone of Europe's tech strategy and as close to sacred as a policy can be. Leaked drafts have already provoked outrage among civil rights groups and politicians, who have accused the Commission of weakening fundamental safeguards and bowing to pressure from Big Tech. The decision follows months of intense pressure from Big Tech and Donald Trump -- as well as high-profile internal figures like ex-Italian prime minister and former head of the European Central Bank Mario Draghi -- urging the bloc to weaken burdensome tech regulation. With very few exceptions, Europe doesn't have any credible competitors in the global AI race, which is dominated by US and Chinese companies like DeepSeek, Google, and OpenAI.

EU to delay 'high risk' AI rules until 2027 after Big Tech pushback

BRUSSELS/STOCKHOLM, Nov 19 (Reuters) - The European Commission proposed on Wednesday streamlining and easing a slew of tech regulations, including delaying some provisions of its AI Act, in an attempt to cut red tape, head off criticism from Big Tech and boost Europe's competitiveness. The move by the EU comes after it watered down some environmental laws after blowback from business and the U.S. government. Europe's tech rules have faced similar opposition, though the Commission has said the rules will remain robust. Sign up here. "Simplification is not deregulation. Simplification means that we are taking a critical look at our regulatory landscape," a Commission official said during a briefing. In a 'Digital Omnibus', which will still face debate and votes from European countries, the Commission proposed to delay the EU's stricter rules on the use of AI in a range of areas seen as more high risk, to December 2027 from August 2026. That includes AI use in biometric identification, road traffic applications, utilities supply, job applications and exams, health services, creditworthiness and law enforcement. Consent for pop-up 'cookies' would also be simplified. The Digital Omnibus or simplification package covers the AI Act which became law last year, the landmark privacy legislation known as the General Data Protection Regulation (GDPR), the e-Privacy Directive and the Data Act, among others. Proposed changes to the GDPR would also allow Alphabet's Google (GOOGL.O), opens new tab, Meta (META.O), opens new tab, OpenAI and other tech companies to use Europeans' personal data to train their AI models. Reporting by Supantha Mukherjee in Stockholm and Jan Strupczewski and Foo Yun Chee in Brussels Our Standards: The Thomson Reuters Trust Principles., opens new tab

European policymakers want to ease AI and privacy laws

European policymakers have proposed sweeping changes to the way the EU regulates the tech industry. In just the last few months, the likes of Meta and Google have questioned strict EU policies relating to privacy and AI expansion, but if the European Commission's new package of proposals are passed, a number of big tech roadblocks will be removed. Or at least lifted up a bit. Changes to rules around AI, cybersecurity and data will, according to policymakers, generate growth for European businesses, while "promoting Europe's highest standards of fundamental rights, data protection, safety and fairness." Among the proposals are amendments to the AI Act that Google has recently expressed concerns about, which would allow AI companies to access shared personal data for training models. It also wants to simplify paperwork for smaller companies, and to make AI literacy a requirement for member states. AI oversight would also be centralized into the AI Office where general-purpose AI models are being used, a move intended to "reduce governance fragmentation." In addition, strict rules around the use of AI in areas deemed to be high-risk, which were expected to come in next summer, could be delayed until the Commission confirms that "the needed standards and support tools" are available to affected companies. The infamous (and admittedly very annoying) cookie banners that are foundational to the EU's General Data Protection Regulation (GDPR) will also be rethought under the Commission's proposals. If approved, people would see these banners pop up with less regularity, give their consent with one click, and save their cookie preferences so they presumably could be automatically applied within a browser. The European Commission's "digital omnibus" now goes to the European Parliament for approval, where it could face serious opposition. While the proposals are likely to be welcomed by the rapidly-growing AI industry, sceptics could argue that watered down privacy and AI legislation is evidence of Europe bowing to pressure from big tech and Donald Trump, who has publicly criticized the EU's digital regulation. This would represent a marked turnaround from the EU's long-standing reputation as the tech industry's most stubborn adversary. Back in September, it rejected calls from Apple to repeal its Digital Markets Act (DMA), a legal framework that Apple has repeatedly been accused of violating by the EU. In the summer, Meta refused to sign the EU's AI Code of Practice, with its global affairs officer, Joel Kaplan, calling the code an "over-reach."

European Commission accused of 'massive rollback' of digital protections

Proposed changes to AI Act would make it easier for tech firms to use personal data to train models without consent The European Commission has been accused of "a massive rollback" of the EU's digital rules after announcing proposals to delay central parts of the Artificial Intelligence Act and water down its landmark data protection regulation. If agreed, the changes would make it easier for tech firms to use personal data to train AI models without asking for consent, and try to end "cookie banner fatigue" by reducing the number times internet users have to give their permission to being tracked on the internet. The commission also confirmed the intention to delay the introduction of central parts of the AI Act, which came into force in August 2024 and does not yet fully apply to companies. Companies making high-risk AI systems, namely those posing risks to health, safety or fundamental rights, such as those used in exam scoring or surgery, would get up to 18 months longer to comply with the rules. The plans were part of the commission's "digital omnibus", which tries to streamline tech rules including GDPR, the AI Act, the ePrivacy directive and the Data Act. After a long period of rule-making, the EU agenda has shifted since the former Italian prime minister Mario Draghi warned in a report last autumn that Europe had fallen behind the US and China in innovation and was weak in the emerging technologies that would drive future growth, such as AI. The EU has also come under heavy pressure from the Trump administration to rein in digital laws. The EU's economy commissioner, Valdis Dombrovskis, said: "Europe has not so far reaped the full benefits of the digital revolution and we cannot afford to continue to pay the price for failing to keep up with a changing world." He added that the measures would save business and consumers €5bn in administrative costs by 2029. They are part of the bloc's wider drive for "simplification", with plans under way to scale back regulation on the environment, company reporting on supply chains and agriculture. Like these other proposals, the digital omnibus will need to be approved by EU minsters and the European parliament. European Digital Rights (EDRi), a pan-European network of NGOs, described the plans as "a major rollback of EU digital protections" that risked dismantling "the very foundations of human rights and tech policy in the EU". In particular, it said that changes to GDPR would allow "the unchecked use of people's most intimate data for training AI systems" and that a wide range of exemptions proposed to online privacy rules would mean businesses would be able to read data on phones and browsers without asking. European business groups welcomed the proposals but said they did not go far enough. A representative from the Computer and Communications Industry Association, whose members include Amazon, Apple, Google and Meta, said: "Efforts to simplify digital and tech rules cannot stop here." The CCIA urged "a more ambitious, all-encompassing review of the EU's entire digital rulebook". Critics of the shake-up included the EU's former commissioner for enterprise, Thierry Breton, who wrote in the Guardian that Europe should resist attempts to unravel its digital rulebook "under the pretext of simplification or remedying an alleged 'anti-innovation' bias. No one is fooled over the transatlantic origin of these attempts." The commission's vice-president in charge of tech policy, Henna Virkkunen, pushed back against suggestions that Brussels was responding to US pressure. "We want to support our start ups, our SMEs to scale up their businesses to innovate in the EU," she said. "We are not so much here looking at big industries or the very big tech companies ... They have also the resources to comply with different rules." She also rejected claims that the AI Act was being watered down, saying that action was needed to prevent European start-ups from moving to other jurisdictions. Michael McGrath, the EU commissioner responsible for the GDPR, said most of the feedback on the proposals had come from companies in the EU. He said the commission was introducing "targeted amendments to GDPR" that clarified existing concepts and principles while "ensuring a high level of data protection across the EU". EU officials said users would remain in control of their data on the internet, but new rules on cookies - the internet files that are stored on a user's device so a website can remember them - would make life simpler by ensuring one-click consent. "I think we can all agree we have spent too much of our time accepting or rejecting cookies," Virkkunen said.

EU moves to delay 'high-risk' AI rules amid pressure to boost innovation

The European Commission on Wednesday proposed easing key AI and data privacy rules to help Europe's tech sector compete globally, despite criticism that the bloc is retreating from its role as a digital watchdog. The EU executive proposed rolling back key AI and data privacy rules on Wednesday as part of a push to slash red tape and help Europe's high-tech sector catch up with global rivals. The landmark EU tech rules have faced powerful pushback from the US administration under President Donald Trump - but also from businesses and governments at home complaining they risk hampering growth. Read moreTrump calls for single federal standard to govern AI Brussels denies bowing to outside pressure, but it has vowed to make businesses' lives easier in the 27-nation bloc - and on Wednesday it unveiled proposals to loosen both its rules on artificial intelligence and data privacy. Those include: * giving companies more leeway to access datasets to train AI models like personal data when it is "for legitimate interests" * giving companies extra time - up to 16 months - to apply 'high-risk' rules on AI * in a plan many Europeans will welcome, Brussels wants to reduce the number of cookie banner pop-ups users see, which it says can be done without putting privacy at risk. "We have talent, infrastructure, a large internal single market. But our companies, especially our start-ups and small businesses, are often held back by layers of rigid rules," EU tech chief Henna Virkkunen said in a statement. After cheering the so-called "Brussels effect" whereby EU laws were seen as influencing jurisdictions around the world, European lawmakers and rights defenders increasingly fear the EU is withdrawing from its role as Big Tech's watchdog. Campaigners from different groups including People vs Big Tech drove across Brussels on Wednesday with large billboards calling on EU chief Ursula von der Leyen to stand up to Trump and the tech sector, and defend the bloc's digital rules. Striking a 'balance' The commission says the plans will help European businesses catch up with American and Chinese rivals - and reduce dependence on foreign tech giants. For many EU states, the concern is that the focus on regulation has come at the expense of innovation - although Brussels insists it remains committed to protecting European citizens' rights. But experts say the EU lags behind the bigger economies for several reasons including its fragmented market and limited access to the financing needed to scale up. The EU raced to pass its sweeping AI law that entered into force last year, but dozens of Europe's biggest companies - including Airbus, Lufthansa and Mercedes-Benz - called for a pause on the parts they said risked stifling innovation. Watch moreEU orders AI companies to clean up their act, stop using pirated data Brussels met them part of the way by agreeing to delay applying provisions on "high-risk" AI - such as models that could endanger safety, health or citizens' fundamental rights. With the proposed change on cookie banners, an EU official said the bloc wanted to address "fatigue" at the pop-ups seeking users' consent for tracking on websites, and "reduce the number of times" the windows appear. The commission wants users to be able to indicate their consent with one click, and save cookie preferences through settings on browsers and operating systems. Brussels has insisted European users' data privacy will be protected. "It is essential that the European Union acts to deliver on simplification and competitiveness while also maintaining a high level of protection for the fundamental rights of individuals -- and this is precisely the balance this package strikes," EU justice commissioner Michael McGrath said.

France, Germany support simplification push for digital rules

The Commission, with French-German backing, plans to ease AI and data rules to ease the burdens on European companies. Members of Parliament and NGOs fear it will open "pandora's box" of negative ramifications. As the European Commission prepares to simplify digital rules with a new omnibus plan due to presented on Wednesday, Berlin pulled out the red carpet in a glitzy summit dedicated to digital sovereignty. "I'm very curious about what tomorrow will bring. Hopefully it's a big bold step in the right direction," said Karsten Wildberger, German Ministry for Digital Transformation on a panel at the Berlin summit. The European Commission has been working for months on a new proposal to "simplify" rules, reduce administrative for companies, in particular SMEs which struggle to comply with complex EU rules, to keep talent in Europe and stay competitiveness in a global race. The Commission, supported by France and Germany, hopes that the digital simplification plan that will be announced Wednesday after months of negotiations will "save billions of euros and boost innovation". Still, the push text has been met with skepticism among the progressive forces of the European Parliament and civil society citing a dismantling of protections. The text proposes to modify the rules of data protection and the recently adopted AI Act. According to a draft version, the rules for "high-risk AI systems", AI technologies used for sensitive purposes such as analysing CVs, evaluating school exams or loan applications, which were originally scheduled to take effect in August 2026, are now expected to be delayed until December 2027. The European Commission cites difficulties in establishing the necessary standards as the reason for the postponement. Under the original text, the classification of system as "high-risk" would have been evaluated by a national authority. The leaked draft, which is still to be officially approved, suggests that this provision would now be replaced by a simple self-assessment, potentially weakening the safeguards intended to ensure compliance with the rules. Anne Le Hénanff, French Minister for AI and Digital Affairs said during the Berlin summit that she supports the postponement. "The AI Act now comes with too many uncertainties. These uncertainties are slowing our own ability to innovate," she said, before adding "the United States and China are leading the way in the AI race. We simply cannot afford to hinder our companies' ability to innovate." A position German minister, Karsten Wildberger said that his country also supports a delay, adding that " it's important to continue this conversation because the world is moving so fast that we have to continuously rework the rules." He prefers a "learn-by-mistakes" approach: "We do not rule out from ex ante all the risks. Let's first build the products, and then take very seriously how these products work - that they are safe, that we have the right processes in place." Resistance from the Parliament to open damaging Pandora's box Still, members of the European Parliament fear that the Commission's proposal will open "pandora's box", increase risks for consumers and ultimately benefit US Big Tech, MEPs consulted by Euronews who did not wish to be named as the Commission's plan is not yet official and talks ongoing. They suggested big tech companies have been dragging their feet to avoid complying with the current rules and paid more than ever in lobbying. Members of the European Parliament from political groups ranging from the traditional majority, which includes The Left to centrist-liberal Renew, have already signalled their intention to vote against the proposal. Other provisions include exemptions of reporting obligations for smaller companies, or the delay in the labelling of AI-generated contents for 2027. Recently, deep fakes created with AI disturbed the Irish presidential elections with viral AI video depicting a fake version the presidential candidate Catherine Connolly saying she was withdrawing from the race. Another part of the omnibus focuses on simplifying the General Data Protection Regulation (GDPR). It aims to make it easier to access data for training AI models, reduce the number of cookies displayed to users, and harmonise GDPR implementation across all member states. At present, national authorities interpret data protection obligations differently, which can lead to inconsistencies. Online rights advocates believe that the omnibus overreaches its mandate to the point of undermining fundamental rights. A letter signed by three major NGOs and addressed to Commission Virkkunen reads "the legislative changes now contemplated go far beyond mere simplification. They would deregulate core elements of the GDPR, the e-Privacy framework and AI Act, significantly reducing established protections." On Wednesday, the Commission will also launch a "digital fitness check" to examine how effective existing digital rules, such as the Digital Services Act and the Digital Markets Act, are, and examine areas where overlapping may be happening. This could prompt another wave of simplification from the part of the Commission. "We are going to have a deeper dive into our regulation also, and after that we will also propose the next simplification effort," said Commissioner Henna Virkkunen.

Under pressure, EU to scale back digital rules

Brussels (Belgium) (AFP) - The EU will unveil plans on Wednesday to overhaul its AI and data privacy rules after coming under pressure from European and US companies. The proposals are part of the bloc's push to cut red tape to drive greater economic growth and help European businesses catch up with American and Chinese rivals -- and reduce dependence on foreign tech giants. EU tech chief Henna Virkkunen will present the plans on Wednesday alongside the justice commissioner in charge of data protection, Michael McGrath. Brussels has dismissed claims that its push to "simplify" its digital rules -- deeply unpopular in the United States -- are the result of pressure from US President Donald Trump's administration. For many EU states, the concern is that the focus on regulation has come at the expense of innovation -- although Brussels insists it remains committed to protecting European citizens' rights. Berlin hosted a Franco-German summit on Tuesday focused on propelling the bloc to lead in the AI race during which France's Emmanuel Macron said Europe does not want to be a "vassal" dependent on US and Chinese tech companies. Once proud of the "Brussels effect" -- referring to the influence many EU laws had on other jurisdictions around the world -- European lawmakers and rights defenders fear the EU appears to be withdrawing from being Big Tech's watchdog. The EU executive has its eye on changes to its landmark data protection rules and the AI law that only entered into force last year. There could be one proposal in Wednesday's package that would bring joy to nearly all Europeans: Brussels wants to tackle the annoying cookie banners that demand users' consent for tracking on websites. Crumbling cookie banners Based on draft documents that could still change and EU officials, Brussels plans to: - redefine personal data and how companies can use it, for example allowing firms to process such data to train AI models "for purposes of a legitimate interest", but rights defenders have warned this could downgrade users' privacy - a one-year pause on implementing many provisions on high-risk AI, for example, models that can pose dangers to safety, health or citizens' fundamental rights -- a move that will please American and European firms. Instead of taking effect next year, the provisions would apply from 2027. Dozens of Europe's biggest companies, including France's Airbus and Germany's Lufthansa and Mercedes-Benz, had called for a pause in July on the AI law which they warn risks stifling innovation. Brussels has insisted European users' data privacy will be protected. 'Complex' rules One lawmaker from EU chief Ursula von der Leyen's conservative EPP grouping supported the push to simplify the digital rules. "Europe's problem is in the excessive complexity and inconsistency of the rules we already have. Laws built in silos, overlapping obligations, and uneven enforcement create uncertainty for businesses and fracture the single market," MEP Eva Maydell told AFP. But von der Leyen could face a difficult road ahead as the changes will need the approval of both the EU parliament and member states. Her camp's main coalition partners have already expressed concern. In letters sent to the European Commission last week, socialist EU lawmakers said they oppose any delay to the AI law, while the centrists warned they would stand firm against any changes that put privacy at risk.

EU to delay 'high risk' AI rules until 2027 after Big Tech pushback

The European Commission proposed easing and delaying parts of major tech laws, including shifting high-risk AI rules to 2027. The "Digital Omnibus" aims to cut red tape while maintaining strong regulation, simplifying cookie consent and allowing limited personal-data use for AI training under revised GDPR rules. The European Commission proposed on Wednesday streamlining and easing a slew of tech regulations, including delaying some provisions of its AI Act, in an attempt to cut red tape, head off criticism from Big Tech and boost Europe's competitiveness. The move by the EU comes after it watered down some environmental laws after blowback from business and the U.S. government. Europe's tech rules have faced similar opposition, though the Commission has said the rules will remain robust. "Simplification is not deregulation. Simplification means that we are taking a critical look at our regulatory landscape," a Commission official said during a briefing. 'High risk' AI use in job applications, biometrics In a 'Digital Omnibus', which will still face debate and votes from European countries, the Commission proposed to delay the EU's stricter rules on the use of AI in a range of areas seen as more high risk, to December 2027 from August 2026. That includes AI use in biometric identification, road traffic applications, utilities supply, job applications and exams, health services, creditworthiness and law enforcement. Consent for pop-up 'cookies' would also be simplified. The Digital Omnibus or simplification package covers the AI Act which became law last year, the landmark privacy legislation known as the General Data Protection Regulation (GDPR), the e-Privacy Directive and the Data Act, among others. Proposed changes to the GDPR would also allow Alphabet's Google, Meta, OpenAI and other tech companies to use Europeans' personal data to train their AI models.

EU to delay 'high risk' AI rules until 2027 after Big Tech pushback

BRUSSELS/STOCKHOLM (Reuters) -The European Commission proposed on Wednesday streamlining and easing a slew of tech regulations, including delaying some provisions of its AI Act, in an attempt to cut red tape, head off criticism from Big Tech and boost Europe's competitiveness. The move by the EU comes after it watered down some environmental laws after blowback from business and the U.S. government. Europe's tech rules have faced similar opposition, though the Commission has said the rules will remain robust. "Simplification is not deregulation. Simplification means that we are taking a critical look at our regulatory landscape," a Commission official said during a briefing. 'HIGH RISK' AI USE IN JOB APPLICATIONS, BIOMETRICS In a 'Digital Omnibus', which will still face debate and votes from European countries, the Commission proposed to delay the EU's stricter rules on the use of AI in a range of areas seen as more high risk, to December 2027 from August 2026. That includes AI use in biometric identification, road traffic applications, utilities supply, job applications and exams, health services, creditworthiness and law enforcement. Consent for pop-up 'cookies' would also be simplified. The Digital Omnibus or simplification package covers the AI Act which became law last year, the landmark privacy legislation known as the General Data Protection Regulation (GDPR), the e-Privacy Directive and the Data Act, among others. Proposed changes to the GDPR would also allow Alphabet's Google, Meta, OpenAI and other tech companies to use Europeans' personal data to train their AI models. (Reporting by Supantha Mukherjee in Stockholm and Jan Strupczewski and Foo Yun Chee in Brussels)