The European Union (EU) is quietly rewriting the rulebook that once made it the world’s toughest digital regulator, releasing a proposal law that involves rolling back parts of the GDPR and delaying core provisions of the artificial intelligence (AI) Act in the name of economic competitiveness and growth.
Touted as the EU’s Digital Omnibus it stands as a sharp reversal from the EU’s decade-long reputation as the world’s toughest enforcer of digital rights and privacy.
It goes without saying that these changes are being driven by mounting pressure from tech giants, including recent pressure from the U.S. President Donald Trump, concerns about Europe’s competitiveness in artificial intelligence, and a desire to simplify rules for businesses.
The impact of this rollback will ripple across tech companies, startups, everyday users across the continent, and more importantly accelerate tech innovation.
The EU Makes Major Changes to GDPR
The most significant change issued by the EU is targeted at the use of personal data for AI training. Under the proposed new rules, companies in Europe can now use pseudonymized and anonymized data to train AI models without needing explicit consent from individuals.
This is a major departure from the GDPR’s original framework, which required clear and informed consent for any processing of personal data. The Commission, being the executive branch of the EU, frames this move as a “legitimate interest,” arguing that it is necessary for innovation and economic growth across the continent.
Privacy advocates however warn that this will create a loophole that will allow tech firms to exploit vast amounts of European data with minimal oversight.
Another important change this move will herald is the simplification of cookie consent banners. The familiar pop-ups that have long plagued European websites since GDPR’s launch will be replaced with browser-level controls.
Instead of requiring users to click “accept” or “reject” every time they visit a site, browsers will manage non-risk cookies centrally. This action is intended to reduce what is known as consent fatigue and make the web experience smoother, although critics argue this will weaken privacy protections by shifting from opt-in to opt-out consent. As such, the definition of personal data will further be narrowed.
AI Act Enforcement Delayed
The AI Act, which was supposed to set a global standard for regulating artificial intelligence in Europe, will also be facing a major setback.
The rules for high-risk AI systems, those used in areas like biometric identification, law enforcement, and critical infrastructure, were originally set to take effect in August 2026. Now, full implementation has been pushed back to December 2027, with even some sector-specific rules delayed until August 2028.
While this gives companies in the region ample time to adapt, it also creates uncertainties. One is the possibility of companies taking advantage of the elongated period, which means they won’t be subjected to the confines of the Act if anything criminal were to happen and that strict accountability measures will be on hold for this period of time.
Two, however, is the fact that the Commission may still retain the power to accelerate enforcement if it deems it necessary, as there’s the urgent need for Europe to play catch-up in the AI arms race.
Why This Matters Now
The timing of this rollback is actually no coincidence. For a while now, Europe has been struggling to maintain pace with the U.S. and China, especially in the rapidly evolving AI race, with American tech giants like OpenAI, Google, and Anthropic, alongside China’s DeepSeek dominating the global AI landscape.
However, Europe, despite its bulky and strict regulatory laws, still lacks the computational power and capital to build AI systems that are capable of standing out and to further compete.
It is why the EU’s move is touted as a response to months of increasing pressure from tech companies as well as from the U.S. government, as President Trump recently argued that Europe’s strict rules were stifling innovation.
On the one hand, Mario Draghi, the former Italian Prime Minister and ex-President of the European Central Bank, recently called out the European digital regulations, warning that they were holding back the continent’s competitiveness.
On the other hand, civil rights organizations and privacy advocates are also sounding the alarm. Max Schrems, a lawyer and activist, who is known for carrying out campaigns against Facebook for its violations of Europe’s privacy laws, called EU’s Digital Omnibus “the biggest attack on European digital rights in years.”
Schrems further argued that the Commission’s claim to “maintain the highest standards” is misleading, as the current proposals aim to undermine the said standards.
“The Digital Omnibus would mainly benefit big tech, while failing to provide any tangible benefits to average EU companies,” the Austrian activist said in a statement. “This proposed reform is a sign of panic around shaping Europe’s digital future, not a sign of leadership. What we really need is a strategic, well-designed long-term plan to move Europe ahead.”
The Irish Council for Civil Liberties also echoed this argument, warning that Europe is trading its citizen’s privacy rights to give space for the U.S and Chinese tech giants’ dominance across the continent.
Additionally, there is also the argument that Europe’s real problem may not be excessive regulation but weak enforcement of existing rules. As such, there’s the fear that the rollback will set a dangerous precedent, and not just for Europe but for the rest of the world.
The GDPR has influenced privacy laws across continental borders, in countries like Brazil, India, etc. Although the Digital Omnibus proposal still needs approval from EU member states and the European parliament, if Brussels reverses course and goes through with it, the act could weaken global privacy standards and set precedent for other countries to follow suit.
