Business

European Commission proposes delays and relaxations to AI and GDPR regulations amid criticism

Wednesday, 19 November 2025 4:55PM UTC

The European Commission has unveiled a 'digital omnibus' plan that delays key AI and GDPR provisions, prompting concerns over reduced digital protections amid industry lobbying and debates on innovation versus rights.

The European Commission has recently unveiled a package of proposals described as a “digital omnibus” aimed at simplifying and streamlining the EU’s complex web of digital regulations. Central to these plans are measures that would delay key provisions of the AI Act and dilute aspects of the General Data Protection Regulation (GDPR), moves critics argue amount to a significant rollback of digital protections.

The AI Act, which entered into force in August 2024, places stringent obligations on companies deploying high-risk artificial intelligence systems, those that could impact health, safety, or fundamental rights, including technologies used in healthcare, exam scoring, or biometric identification. Under the new Commission proposal, companies would be granted up to 18 additional months, extending high-risk AI compliance deadlines until December 2027 from the earlier date of August 2026. The Commission insists this delay is necessary to ease burdens on European startups and SMEs to foster innovation and prevent firms from relocating to less regulated jurisdictions. However, this step follows intense lobbying by major technology firms, including Alphabet and Meta, which had sought postponements over concerns about implementation costs. The Commission maintains that while simplification is the goal, deregulation is not on the agenda.

Alongside AI, the European Commission plans to recalibrate key aspects of the GDPR, potentially loosening rules around personal data usage for AI training without the need for individual consent. This would address “cookie banner fatigue” by enabling simplified, one-click consent processes that could last six months, reducing the frequency with which internet users must permit tracking. Critics, including the pan-European network European Digital Rights (EDRi), warn that these changes could open the door to “unchecked use” of deeply personal data by AI systems and undermine foundational data privacy rights. They describe the proposals as a dismantling of Europe’s hard-won digital safeguards, raising fears for both privacy and fundamental human rights.

Despite these criticisms, some in the business community view the proposals as insufficiently ambitious. The Computer and Communications Industry Association (CCIA), representing influential tech firms, has urged even broader overhaul of the EU’s digital rulebook to make Europe more competitive globally, especially in the face of US and Chinese technological supremacy.

Complicating the debate, former EU officials like Thierry Breton have voiced alarm at what they see as a transatlantic-driven attempt to erode European digital regulations under the guise of simplification. Breton argues the move risks unraveling safeguards designed to protect innovation and rights without falling prey to external pressures.

The broader context to this regulatory pivot is Europe’s struggle to keep pace with rapid technological advances. A report last year by former Italian Prime Minister Mario Draghi highlighted Europe’s lag behind the US and China in AI and other critical future technologies, prompting calls for a recalibrated policy approach to boost competitiveness while maintaining core rights frameworks. The Commission’s economy chief, Valdis Dombrovskis, defended the proposals as necessary to unlock the “full benefits of the digital revolution” and projected that administrative cost savings from the simplification measures could reach €5bn by 2029.

The proposals remain subject to debate and approval by both the European Parliament and EU member states. The bloc is also tackling other contentious digital regulations, such as the Digital Markets Act (DMA), which Apple recently criticised for stifling innovation and raising security concerns, although the Commission remains firm on its enforcement.

Privacy advocates and numerous civil society organisations have expressed strong opposition to the delays and dilution efforts, warning that the EU’s reputation as a global leader in digital rights could be compromised. They argue that diluting the AI Act and GDPR at this critical juncture risks eroding public trust and weakening protections against misuse of personal data and discriminatory AI applications.

As the European digital regulatory framework faces this period of potential transformation, the key questions remain how to balance fostering innovation and competitiveness with safeguarding individual rights and maintaining robust regulatory standards that have distinguished the EU’s approach to technology governance.

📌 Reference Map:

^[1] (The Guardian) - Paragraphs 1, 2, 3, 6, 7, 8
^[2] (Reuters) - Paragraphs 1, 2, 3
^[3] (Council of the EU) - Paragraph 4
^[4] (Reuters) - Paragraph 2
^[5] (AP News) - Paragraph 7
^[6] (Le Monde) - Paragraphs 1, 2, 5
^[7] (Euronews) - Paragraph 6

Source: Noah Wire Services

More on this

https://www.theguardian.com/world/2025/nov/19/european-commission-accused-of-massive-rollback-of-digital-protections - Please view link - unable to able to access data
https://www.reuters.com/sustainability/boards-policy-regulation/eu-delay-high-risk-ai-rules-until-2027-after-big-tech-pushback-2025-11-19/ - The European Commission has proposed delaying the implementation of stricter AI regulations for 'high risk' applications under the AI Act to December 2027, from the previously scheduled August 2026. This move is part of a broader effort to streamline digital regulations and reduce bureaucratic red tape, following pushback from Big Tech and pressure to enhance Europe's economic competitiveness. The delay impacts regulations covering biometric identification, job applications, healthcare, credit assessments, and law enforcement. The new proposal, termed the 'Digital Omnibus,' also includes revisions to major digital laws like the GDPR, the Data Act, and the e-Privacy Directive. Notably, the changes may allow companies like Google, Meta, and OpenAI to use European personal data to train AI models. While the Commission insists that simplification doesn't mean deregulation, it acknowledges the need for a critical review of its existing policies. The proposal will still undergo debate and voting among EU member states.
https://www.consilium.europa.eu/en/press/press-releases/2025/06/16/data-protection-council-and-european-parliament-reach-deal-to-make-cross-border-gdpr-enforcement-work-better-for-citizens/pdf/ - On June 16, 2025, the Council of the EU and the European Parliament reached a provisional agreement on a new law aimed at improving cooperation between national data protection authorities in enforcing the General Data Protection Regulation (GDPR) in cross-border cases. The objective is to expedite the handling of cross-border GDPR complaints filed by citizens or organisations. The agreement includes streamlined administrative procedures concerning the rights of complainants and the admissibility of cases, thereby enhancing the enforcement of the GDPR, which has been in effect since May 25, 2018.
https://www.reuters.com/world/europe/artificial-intelligence-rules-go-ahead-no-pause-eu-commission-says-2025-07-04/ - The European Commission has confirmed that the implementation of the EU's new AI regulations will proceed as scheduled, despite calls from both American and European companies for a delay. Major firms such as Alphabet, Meta, Mistral, and ASML had recently requested the Commission to postpone the AI Act, citing concerns over compliance costs and stringent requirements. However, Commission spokesperson Thomas Regnier emphasised that there will be no pause, grace period, or halt, highlighting that the law's deadlines are legally binding. According to the timeline, general-purpose AI model obligations will begin in August 2025, with high-risk model regulations set to take effect in August 2026. In response to broader concerns, the Commission plans to propose simplifications to its digital regulations later in the year, particularly to ease burdens on small companies. The AI Act seeks to establish firm safety and compliance measures for AI technologies, an area where the United States and China are currently global leaders.
https://apnews.com/article/7a90787f54b407c888999969a014e700 - Apple has urged the European Union to repeal or revise the Digital Markets Act (DMA), arguing that the legislation hinders innovation, compromises privacy and security, and causes delays in introducing new features to European users. The company claims that the DMA’s requirements—such as making features compatible with non-Apple devices and allowing third-party app stores—have delayed the rollout of tools like live translation for AirPods and iPhone Mirroring. Apple also expressed concern that complying with these rules poses security risks and exposes users to potential threats such as malware and online scams. Despite Apple’s complaints, the European Commission firmly rejected any plan to repeal the DMA. Commission spokesman Thomas Regnier reaffirmed the EU’s stance, stating the regulations are aimed at increasing user choice rather than compromising privacy or security standards. Apple, which has already faced a €500 million fine under the DMA, stated it is complying with the rules but asked regulators to reassess their broader impact on European consumers.
https://www.lemonde.fr/en/economy/article/2025/11/19/european-commission-launches-digital-regulation-simplification_6747624_19.html - On November 19, 2025, the European Commission introduced a digital regulation simplification package aimed at reducing bureaucracy and enhancing Europe's competitiveness in digital innovation, especially in artificial intelligence (AI). Backed by Germany and influenced by the U.S. and tech industry, the proposal seeks to update regulatory frameworks like the 2016 General Data Protection Regulation (GDPR) and delay certain provisions of the 2024 AI Act until 2027 for high-risk AI models. The package has sparked criticism from liberal and leftist Members of the European Parliament (MEPs), as well as privacy advocates like Austria’s Noyb, who argue it undermines privacy rights and gives big tech excessive leeway. Key proposals include redefining pseudonymised data outside the scope of GDPR, allowing AI training on personal data under “legitimate interest,” and simplifying cookie consent to a one-click six-month validity. Meanwhile, supporters argue that Europe needs to 'innovate before regulating' to avoid becoming a passive consumer of American and Chinese technologies. While the proposal has backing from the European People's Party and some conservatives, it faces contentious debates in the European Parliament and among member states.
https://www.euronews.com/next/2025/07/09/privacy-consumer-groups-warn-against-delays-and-backtracking-on-ai-act - Over 50 organisations, including Access Now, Centre for Democracy and Technology Europe (CDT), and the European Consumer Organisation (BEUC), have warned EU Technology Commissioner Henna Virkkunen against potential delays or backtracking on the AI Act. In a letter dated July 9, 2025, the groups expressed concern over the 'growing pressure regarding a potential 'stop the clock' mechanism to suspend or delay the implementation and enforcement of the AI Act.' They emphasised that the EU's 'simplification' agenda should not be used to drive deregulation, especially in the absence of credible evidence that this would be necessary or effective. The letter underscores the importance of maintaining the integrity of the AI Act to uphold fundamental rights and public trust.

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The narrative presents recent developments regarding the European Commission's proposed changes to the AI Act and GDPR, with the earliest known publication date being 19 November 2025. The Guardian's report on this date aligns with other reputable outlets, such as Reuters, which also published on the same day. This suggests the content is fresh and not recycled. However, earlier reports from 7 November 2025 indicate that discussions about delaying parts of the AI Act were already underway, indicating that the core information has been in circulation for over a week. ([theguardian.com](https://www.theguardian.com/world/2025/nov/07/european-commission-ai-artificial-intelligence-act-trump-administration-tech-business?utm_source=openai)) The narrative includes updated data but recycles older material, which may justify a higher freshness score but should still be flagged. Additionally, the report references a press release from the European Commission, which typically warrants a high freshness score.

Quotes check

Score: 9

Notes: The narrative includes direct quotes from European Commission officials and critics. A search for the earliest known usage of these quotes indicates that they were first published in The Guardian's report on 19 November 2025. No identical quotes appear in earlier material, suggesting that the quotes are original to this report. This supports the narrative's originality.

Source reliability

Score: 10

Notes: The narrative originates from The Guardian, a reputable organisation known for its rigorous journalism. The inclusion of direct quotes from European Commission officials and critics further enhances the credibility of the report.

Plausability check

Score: 9

Notes: The claims made in the narrative are plausible and align with recent developments in EU digital regulations. The European Commission's proposal to delay parts of the AI Act and amend the GDPR has been reported by multiple reputable outlets, including Reuters and Le Monde. ([reuters.com](https://www.reuters.com/sustainability/boards-policy-regulation/eu-delay-high-risk-ai-rules-until-2027-after-big-tech-pushback-2025-11-19/?utm_source=openai)) The narrative provides specific details, such as the proposed delay of high-risk AI compliance deadlines until December 2027, which are consistent with these reports. The tone and language used are appropriate for the topic and region, and the structure focuses on the key issues without excessive or off-topic detail.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): HIGH

Summary: The narrative is fresh, original, and sourced from a reputable organisation. The claims made are plausible and supported by multiple reputable outlets. The inclusion of direct quotes from European Commission officials and critics adds credibility to the report.

European Union
Digital regulation
AI Act
GDPR
Data privacy