The European Union faces a contradiction that defines its relationship with artificial intelligence (AI): while it studies relaxing the General Data Protection Regulation (GDPR) to boost innovation, it is simultaneously postponing until December 2027 the application of the AI Act for high-risk systems.
The GDPR made Europe a global benchmark in data protection since 2018, but its principles of minimization and purpose limitation clash with the needs of generative AI, which requires large volumes of information to train models like ChatGPT or Gemini
According to the newspaper Politico, Brussels is considering reclassifying the development of AI as an activity of public interest or scientific research, which would allow the reuse of anonymized data without requesting new consent.
For Sergio García Estradera, manager of the technology services company i3e, this proposal “represents a profound ideological shift. Redefining scientific research to include commercial products opens the door to a systematic erosion of digital rights”.García insists: "Europe is arriving late to the AI race, but it cannot betray the principles that have defined it. Privacy should not be a bargaining chip, but a competitive advantage if integrated into a framework of responsible innovation."
At the same time, the European Commission has delayed the entry into force of the AI Act, approved in 2024 to ensure that innovation does not compromise privacy or digital resilience, by more than a year.
The official objective is to buy time to define technical standards and alleviate the administrative burden, which could save companies up to 225 million euros. However, the postponement leaves critical systems such as biometric identification, credit scoring, or urban traffic management exposed to a legal vacuum
"Postponing regulation means coexisting with technologies that handle critical information without clear security standards," warns García. In a context where **cyberattacks are growing 30% annually and AIs are becoming attack vectors**, the expert warns: " **Administrative simplification should not translate into a lack of protection**. Companies must anticipate with audits, robust authentication, and continuous monitoring to prevent the lack of regulation from becoming a systemic risk."Europe seeks to confront giants like the United States and China in this technological race, but it does so amidst political and ethical tensions. The Commission plans to present a formal proposal on the GDPR in the coming months, while the AI Act remains on hold.
