WebinarsResearchIMPACT AwardsCMSWire TVPodcastsEvents CalendarEditorial CalendarAdvertising
Berlaymont building, headquarters of the European Commission, executive branch of the European Union, in Brussels, Belgium
News Analysis

EU Proposes Major Rewrite of AI and GDPR Laws

3 minute read
Nathan Eddy avatar
By
November 19, 2025
AI Ethics Law Risk
SAVED
Here's what's in the proposed "digital simplification" package, including targeted changes to the General Data Protection Regulation (GDPR).

The European Commission (EC) proposed sweeping overhauls to its AI and data protection regulations. These changes still require the green light from the EU Council and Parliament before taking effect.

The package, released this week as part of the EC’s long-anticipated “digital simplification” agenda, introduces a narrower definition of personal data, relaxes consent requirements and postpones key elements of the EU AI Act by at least a year.

The changes are framed as an effort to reduce administrative burdens on European companies and boost competitiveness in the global technology market. Yet critics argue other forces are behind the proposal. 

Table of Contents

What the EC’s Overhaul Actually Changes

“By cutting red tape, simplifying EU laws, opening access to data and introducing a common European Business Wallet we are giving space for innovation to happen and to be marketed in Europe."  

- Henna Virkkunen

EU Technology Czar

The digital simplification package introduces several major changes aimed at reducing regulatory complexity while supporting innovation.

A New Reporting Portal 

A central feature is a unified cybersecurity incident reporting portal that will replace the current system requiring companies to file reports under multiple laws such as NIS2, GDPR and DORA.

Updates to GDPR 

The package also includes targeted changes to the General Data Protection Regulation (GDPR) intended to clarify and harmonize rules without weakening core data protection principles. Cookie rules will be modernized to reduce frequent consent pop-ups, allowing users to manage preferences through a single browser or operating system setting.

A Consolidated Data Act 

On the data front, the reforms streamline access and use by consolidating several laws into an updated Data Act, introducing exemptions to cloud-switching rules for smaller companies and providing model contractual terms to ease compliance.

The overall goal is to make it easier for European businesses — particularly AI developers — to tap into higher-quality datasets and accelerate innovation while maintaining key privacy safeguards.

Related Article: The Billion-Dollar AI Lab With No Website: Inside Project Prometheus

AI Act Delay Follows Big Tech Pressure

High-risk systems, which include AI used in healthcare, transportation, policing and employment, were initially subject to some of the strictest rules in the world under the 2024 legislation.

A European Commission meeting in June of 2022 in Brussels
A European Commission meeting in June of 2022 in BrusselsU.S. Mission to the European Union

These rules, however, have had some adverse effects on competitiveness, according to the EC, writing, "Fast and visible improvements are needed for people and businesses, through a more cost-effective and innovation-friendly implementation of our rules — all the while maintaining high standards and agreed objectives." 

The proposed softening of the AI Act was driven in part by intensified lobbying from the world's leading tech companies. Industry groups and multinational firms argue that the original rules impose costly requirements that could slow AI development and disadvantage European businesses relative to US and Chinese competitors.

Critics Say Reforms Risk Weakening Privacy

Privacy advocates warn that the reforms erode long-standing protections and grant unprecedented leeway for companies to collect, analyze and repurpose user data — including for AI training — without explicit consent.

Last week, an open letter signed by 127 civil society organizations, including Amnesty International, argued the “technical streamlining” of EU digital laws was actually an “attempt to covertly dismantle Europe’s strongest protections against digital threats”.

“By recasting vital laws... as ‘red tape,’ the EU is giving in to powerful corporate and state actors who oppose the principles of a fair, safe and democratic digital landscape and who want to lower the bar of EU laws for their own benefit,” the letter says.

Related Article: AI Regulation in the US: A State-by-State Guide

What Happens Next for the Digital Simplification Package

High risk systems still carry the most stringent requirements in the Act. This means organizations should prepare now for disciplined data governance across retention practices, model training workflows and cross-border data flows, according to Diana Kelley, chief information security officer at Noma Security

“It also means building the capability to maintain training and validation datasets that are as accurate and bias tested as possible and ensuring continuous logging to support traceability and post-incident investigations once the relevant articles take effect,” she added.

Learning Opportunities
Webinar
How to Build a Solid Knowledge Foundation for AI Success
Nov
20
How to Build a Solid Knowledge Foundation for AI Success
See how leading brands keep their AI honest, compliant and actually helpful.
Register
Webinar
From Manual to Magical: How AI Transforms CX Teams
Dec
2
From Manual to Magical: How AI Transforms CX Teams
Learn how to replace manual support processes with automation that actually delivers.
Register
Webinar
Rebrand. Migrate. Optimize. How to Do It All (Without Slowing Down)
Dec
9
Rebrand. Migrate. Optimize. How to Do It All (Without Slowing Down)
Cresta leveled up site speed, design flexibility and marketer sanity (in record time). Find out how.
Register
Webinar
Juggling things
Dec
10
Beyond Composability: How Modern Marketers Build Connected Experiences
Ready to launch campaigns faster, personalize smarter and prove your marketing ROI? Discover the power of a modern DXP.
Register
Webinar
Blue sky
Dec
10
Unlock Connected Service: How to Forecast, Staff & Support Every Channel
Stop juggling tools. 73% of CX leaders say silos damage CX. Build a seamless service operation instead.
Register
Webinar
Real-time signal
Dec
16
Roundtable: Turning Real-Time CX Signals into Business Results
Four big brands. One live, unscripted discussion on how modern CX teams move from dashboards to real impact.
Register
Webinar
How to Build a Solid Knowledge Foundation for AI Success
Nov
20
How to Build a Solid Knowledge Foundation for AI Success
See how leading brands keep their AI honest, compliant and actually helpful.
Register
Webinar
From Manual to Magical: How AI Transforms CX Teams
Dec
2
From Manual to Magical: How AI Transforms CX Teams
Learn how to replace manual support processes with automation that actually delivers.
Register
Webinar
Rebrand. Migrate. Optimize. How to Do It All (Without Slowing Down)
Dec
9
Rebrand. Migrate. Optimize. How to Do It All (Without Slowing Down)
Cresta leveled up site speed, design flexibility and marketer sanity (in record time). Find out how.
Register

The recent political rollbacks did not eliminate these underlying guardrails, said Kelley. For now, they primarily affect timelines, implementation guidance and certain documentation expectations.

The proposed delays and revisions will only take effect if both the Council and the European Parliament adopt their positions and then negotiate a single compromise text, a process that could significantly slow the timeline. Wrangling an agreement on the digital omnibus could drag into mid-2026 — potentially just weeks before high-risk AI rules are currently due to take effect in August.

About the Author
Nathan Eddy

Nathan is a journalist and documentary filmmaker with over 20 years of experience covering business technology topics such as digital marketing, IT employment trends, and data management innovations. His articles have been featured in CIO magazine, InformationWeek, HealthTech, and numerous other renowned publications. Outside of journalism, Nathan is known for his architectural documentaries and advocacy for urban policy issues. Currently residing in Berlin, he continues to work on upcoming films while contemplating a move to Rome to escape the harsh northern winters and immerse himself in the world's finest art. Connect with Nathan Eddy:

Main image: Mirko | Adobe Stock
Tags
ai lawsai developmentai regulationdata governanceeu ai actgdprai implementation guidelinesnews
Featured Research
Featured research
White Paper
How to Outsmart the AI Bot Boom
A practical framework for keeping your healthcare site secure, performant and visible, even as AI traffic explodes
Read now
Featured research
On-Demand Webinar
How to Build Trust and Keep Patients Coming Back
Hear how Twilio and Forrester are helping healthcare teams design AI that feels human—and earns loyalty.
Read now
Featured research
On-Demand Webinar
AI in Healthcare: Less Manual Work, More Human Care
Learn how healthcare teams are using AI to lighten workloads, strengthen patient connections and scale care with empathy.
Read now
Featured research
Guide
How to Turn Data, AI and Empathy Into 1:1 CX
A practical guide to transforming customer experience through real-time insights, intelligent orchestration and a little human understanding
Read now
Featured research
Guide
2026 CX Trends Guide: Top 10 Insights for Smarter Strategy
Smarter service. Faster outcomes. Happier customers. NiCE breaks down the future of CX in one guide.
Read now
Featured research
Research Report
The CX Gap Is Real — AI Can Help Close It
78% of companies think they’ve improved CX. Only 31% of customers agree. This report shows what to do about it.
Read now
Featured research
eBook
The Blueprint for Building an AI-First Contact Center
Stop clinging to a phone-first strategy in a multimodal world. Build the workforce of the future with AI.
Read now
Featured research
White Paper
Cut Costs, Not Corners: Build a Smarter Customer Access Strategy with AI
The right conversational AI strategy can cut handling time by 70% and boost CSAT by 32%. We’ve got the blueprint.
Read now
Featured research
eBook
The Hidden Impact of AI in the Contact Center
AI’s biggest impact isn’t always flashy—it’s the smarter, quieter stuff that actually moves the needle.
Read now
Featured research
eBook
From Reactive to Ready: Scaling Contact Center Ops with WFM That Works
When customer demand shifts by the minute, your workforce strategy needs more than spreadsheets and guesswork it needs agile, AI-powered WFM built for digital service.
Read now
Featured research
Research Report
Closing the CX Gap: Leaders vs. Customers
81% of leaders use AI, 74% of customers still pick up the phone and the gap is costing loyalty
Read now
Featured research
eBook
Cut Through the AI Noise: Your CX Roadmap Starts Here
Five9 Genius AI helped leaders cut 50% of calls, save 44% in costs and match customer intent 80% of the time — here’s the roadmap
Read now