EU proposal dilutes key AI Act provisions as privacy law rollbacks continue
Why does the EU’s latest legislative tweak matter now? While Europe has been tightening data‑privacy rules, a new draft appears to pull back on the very AI safeguards that were meant to accompany them. The proposal, unveiled amid ongoing rollbacks of privacy legislation, targets the AI Act—Europe’s comprehensive framework that officially began in 2024 but still holds many provisions in reserve.
Critics note that the amendment lengthens the interim window before stringent requirements kick in for AI tools classified as high‑risk and capable of causing “serious risks.” In practice, that means developers and operators will have more time before they must demonstrate compliance with the toughest standards. The shift has sparked debate over whether the EU is prioritising regulatory flexibility over the original intent to curb potentially harmful AI applications. The proposal also waters down a key part of Europe's sweeping artificial intelligence rules, the AI Act, which came into force in 2024 but had many elements that would only come into effect later.
The change extends the grace period for rules governing high‑risk AI systems that pose "serious risks".
The proposal also waters down a key part of Europe's sweeping artificial intelligence rules, the AI Act, which came into force in 2024 but had many elements that would only come into effect later. The change extends the grace period for rules governing high-risk AI systems that pose "serious risks" to health, safety, or fundamental rights, which were due to come into effect next summer. The rules will now only apply once it's confirmed that "the needed standards and support tools are available" to AI companies. One change that's likely to please almost everyone is a reduction in Europe's ubiquitous cookie banners and pop-ups.
Will the easing satisfy critics? Brussels has chosen to soften the GDPR, trimming cookie consent dialogs that once sparked debate. At the same time, the AI Act—launched in 2024—faces a notable rollback.
The proposal pushes back the enforcement timetable for high‑risk systems deemed to pose serious risks, extending the grace period by an unspecified length. Industry voices welcomed the reduction in compliance burden, while some privacy advocates warned that the changes could erode the protections that made Europe a benchmark. The move appears driven by pressure from both tech firms and the United States, and by a desire to stimulate lagging growth.
Yet it's unclear whether the delayed safeguards will compromise the original intent of the AI framework. The revised approach signals a shift from the earlier, more stringent stance, but the long‑term impact on user privacy and algorithmic accountability remains uncertain. Policymakers will need to balance economic incentives with the core values that underpinned the original legislation.
Further Reading
- EU AI Act draft guidelines water down safeguards for general-purpose AI models - Politico
- Privacy advocates warn EU’s latest AI Act tweaks weaken transparency and accountability - Euractiv
- EU’s AI Act implementation faces criticism over diluted rules and privacy rollbacks - Reuters
- New EU draft guidelines for AI Act spark debate on privacy and enforcement - Bloomberg
More in Policy & Regulation
DHS privacy breach, AI romance scams, Google sues text fraud, Lighthouse threat
The week’s roundup reads like a checklist of modern security headaches. First, the Department of...
Court rules AI model contains no copies, limits Getty watermark claim
Getty Images spent much of 2025 battling an AI developer over the data that fed its...
Embedding policy enforcement in query engines secures AI agents’ data access
Human‑centric identity‑and‑access‑management (IAM) was built for static users, not for autonomous...
Data Center Watch Unfunded, Separate from 10a Labs' AI Risk Services
The data‑center debate has moved from niche forums to a headline in policy circles.
OpenAI backs federal chip, job and security push, says it hasn't sought direct aid
Why does this matter now? The conversation around OpenAI has shifted from pure product hype to a...
Common Questions Answered
How does the EU proposal change the enforcement timeline for high‑risk AI systems under the AI Act?
The proposal extends the grace period for high‑risk AI systems that pose serious risks to health, safety, or fundamental rights, pushing back the start of strict enforcement from the originally planned summer date to an unspecified later date. This delay means that the required standards and support will not be mandatory until the new timeline is confirmed.
What impact does the EU's rollback of privacy legislation have on the AI Act's safeguards?
The rollback includes softening GDPR provisions, such as trimming cookie consent dialogs, which coincides with the AI Act's dilution of key safeguards. Critics argue that weakening privacy rules alongside delayed AI regulations could erode overall protections for individuals' data and fundamental rights.
Why have industry groups welcomed the EU's amendment to the AI Act?
Industry voices appreciate the reduced compliance burden resulting from the extended grace period for high‑risk AI systems, giving companies more time to adapt to the forthcoming standards. They view the delay as a practical relief amid complex regulatory requirements.
What concerns do privacy advocates raise about the EU's recent AI Act amendment?
Privacy advocates warn that extending the enforcement timetable and diluting key provisions may weaken protections for health, safety, and fundamental rights. They fear the changes could set a precedent for further erosion of both AI and data‑privacy safeguards in Europe.