The European Commission has proposed sweeping changes to the GDPR and AI Act, marking a significant regulatory shift in Europe’s tech landscape. The amendments aim to simplify compliance, promote economic growth, and support AI development across the bloc.
Under the proposal, companies could use anonymized or pseudonymized personal data to train AI models, provided other GDPR safeguards are met. The AI Act’s rules for high-risk AI systems have been delayed until supporting standards and tools are in place. Smaller firms would benefit from simplified documentation requirements and unified cybersecurity reporting, while oversight of AI would be centralized under the EU’s AI Office.
The overhaul also reduces the prominence of cookie pop-ups, allowing non-risk cookies to operate without user prompts and providing centralized controls for others. The Commission framed the changes as a modernization of EU tech law, balancing innovation with user protections. The proposal now moves to the European Parliament and member states for approval, a process that could take months and face significant political debate.
