Europe AI Laws Face Major Changes

After years of confronting the most influential tech companies in the world and setting a precedent for stringent regulation on a global scale, Europe has recently shifted its stance. Under mounting pressure from the industry and the US government, Brussels is making significant revisions to its flagship General Data Protection Regulation (GDPR), which includes simplifying the well-known cookie consent pop-ups. Additionally, the region is relaxing or postponing critical artificial intelligence (AI) regulations aimed at reducing bureaucratic hurdles and stimulating economic growth.

The European Commission, the executive arm of the EU, has proposed alterations to fundamental components of the GDPR, streamlining the process for companies to share anonymized and pseudonymized personal data. These changes will permit AI firms to utilize personal data for model training, provided they adhere to other GDPR stipulations.

Equally important is the proposed dilution of the AI Act, which regulates high-risk AI systems deemed to jeopardize health, safety, or fundamental rights. Originally set to become effective in 2024, the implementation of these rules is now extended. They will only be activated once it’s established that necessary standards and support tools for AI companies are in place.

A welcomed change for most users is the proposed reduction of cookie consent banners across Europe. Under the new guidelines, non-risk cookies would not require consent notifications, and users could manage permissions through centralized browser settings applicable across numerous websites.

Additional amendments within the Digital Omnibus include eased AI documentation rules for smaller enterprises, a standardized platform for reporting cybersecurity incidents, and consolidating AI oversight into a singular entity—the EU’s AI Office.

Henna Virkkunen, executive vice-president for tech sovereignty at the European Commission, stated, “This is being done in the European way.” She added, “We possess all the essential elements in the EU to thrive. However, our firms, predominantly start-ups and small corporations, are frequently constrained by rigid regulations. By alleviating bureaucratic burdens, simplifying EU legislation, broadening access to data, and launching a common European Business Wallet, we are fostering an environment for innovation and market growth in Europe.”

This proposal will soon be presented to the European Parliament and the EU’s 27 member states, requiring a qualified majority for approval—a process expected to extend over several months and could lead to further amendments.

The revamping of these standards is unlikely to proceed without controversy. Based on the historical context of the GDPR and AI Act, we can anticipate significant political and lobbying challenges ahead. The GDPR has long been viewed as a cornerstone of Europe’s tech policy and is almost regarded as sacrosanct. Initial drafts of the amendments have already sparked outrage among civil rights activists and politicians who argue that the changes undermine crucial protections and yield to the interests of Big Tech.

This decision follows sustained pressure from major tech firms and figures such as former President Donald Trump and ex-Italian Prime Minister Mario Draghi, who have urged the EU to ease its stringent tech regulations. The Commission is attempting to frame these developments as simplifications of tech laws, rather than rollbacks, to alleviate growing concerns about Europe’s competitive stance in the global market. Currently, Europe appears to lack credible rivals in the international AI landscape, dominated predominantly by US and Chinese entities such as DeepSeek, Google, and OpenAI.