December 8 was a fateful day for the European Union, but not many realized it. And it was because that day the AI Act was passedthe European regulation on artificial intelligence. Thierry Breton, European commissioner, he was pleased with a tweet that automatically became a meme.
I was bragging about how Europe had tripped itself up.
The responses to that tweet They made it clear that the reception of the regulations was very different from what the EU would have expected. The criticism was forceful and very clear: with these regulations the only thing the EU was achieving was to slow down innovation and make it even more difficult to compete in a segment that was defining the world.
While the US and China joined the party without asking permission and without asking for forgiveness, Europe stayed at home happily crocheting. That regulation, which came into force in August 2024instantly caused the AI segment out at two speeds: that of Europe, almost at a standstill, and that of the rest of the world, which stepped on the accelerator (without looking too closely at the consequences).
We have seen the consequences of that in the last two years. Europe has been relegated to the second (or third) plane, and with honorable exceptions like the Spanish Freepik or the French Mistral, we have very little to talk about in this area. Meanwhile, the US dominates the commercial plane and China is a steamroller both at a training level as in your open model development.
Europe wants to turn back: the question is whether it is too late
Yesterday the European Commission presented a project for simplify various digital regulationsand the most important modifications actually affect the General Data Protection Regulation (GDPRor GRPD for its acronym in English).
The changes proposed by the Commission will make it easier for companies to share sets of anonymised and pseudo-anonymised personal data. That will have a direct impact on the capacity of AI companies, which They will be able to legally use personal data to train their data models as long as that process meets the rest of the GDPR requirements.
The proposal also softens one of the key elements of the AI Act, which, as we say, came into force in August 2024 but included several elements that would come into force some time later. Thus, now the “grace period” for the regulations that regulate the high risk AI systems —those that pose a “serious risk” to health, safety or fundamental rights—is widespread.
It was supposed to be activated in summer 2016, but now that regulation will only apply when it is confirmed that “the necessary standards and supporting tools are available” for AI companies… whatever those standards and tools are, yet to be defined.
Other amendments in that new Digital Omnibus include simplified requirements for the documentation required of SMEsin addition to a unified interface so that companies can report cybersecurity incidents. Henna Virkkunen, vice president of technological sovereignty at the European Commission, explained that:
“In the EU we have all the ingredients to be successful. However, our businesses, especially startups and small businesses, are often held back by a set of rigid rules. By reducing bureaucracy, simplifying EU legislation, opening access to data and introducing a common European business portfolio, we are creating space for innovation to be produced and commercialized in Europe. This is being done the European way: by ensuring that users’ fundamental rights remain fully protected.”
These amendments to current digital regulations will now have to be approved by the European Parliament and the 27 member states of the European Union — which will need a qualified majority— to approve it. That process could last months, and during it the proposals themselves could see notable changes before being applied.
As indicated in The Guardianthis “massive setback” of this regulation has caused concern among groups fighting to continue protecting privacy of European citizens. The European Digital Rights (EDRi), a pan-European network of NGOs, Indian that if the changes to the regulation are accepted, it will become easier for technology companies to collect and use personal data to train AI models without asking for consent.
The European agenda seemed to change when former Italian Prime Minister Mario Draghi warned last fall of how Europe had fallen worryingly behind in the technology race.
That speech was a breath of fresh air for Europeand European business groups have welcomed the proposal with optimism, but believe that they still fall short. A representative of the Computer and Communications Industry Association of which Amazon, Apple, Google and Meta are members indicated that “efforts to simplify digital and technology regulations should not stop there.”
One click for cookies
This simplification of regulation that affects all types of digital scenarios can have a positive effect. Accepting or rejecting cookies has become a daily torture for millions of Europeansbut the user experience may improve significantly in the coming months.
And it may get better because the EU has proposed a modernization of policies related to cookies. To try to improve the browsing experience, it will limit the number of times cookie warning banners appear, but also will make it possible for us to accept or reject cookies with a single click.
In fact, the future may be even more promising, because what is intended is that said consent (or denial) of cookies is integrated into our browser so that once we configure it, the websites are not constantly asking us if we accept cookies or not: the browser will know what we want and will answer for us at all times.
In that “digital package” it is specified that once we accept or reject cookies with that “single-click“, websites must respect that choice of citizens for six months.
Image | Christian Lue
In Xataka | For the EU, our privacy has always been more important than AI. Until he understood that he was left behind
GIPHY App Key not set. Please check settings