After more than a decade of aggressively regulating the technology industry, the European Union is having second thoughts. In a significant shift, policymakers in Brussels are moving to scale back and simplify landmark rules for artificial intelligence and data privacy. Driven by growing concern that over-regulation is stifling economic growth, officials and business leaders across the 27-nation bloc are questioning whether Europe’s digital rule book has gone too far and left companies lagging the United States and China. The Trump administration has also criticised Europe’s regulations.

The rethinking is set to be laid out in a “digital package of simplification” that the European Commission, which manages much of the bloc’s day-to-day work, plans to unveil Wednesday. According to drafts circulated in recent weeks, which were reviewed by The New York Times, key aspects of the General Data Protection Regulation, or GDPR, a data privacy law, would be rewritten. Parts of a law restricting certain uses of AI would also be delayed.

Europe has long been seen as Big Tech’s most formidable global watchdog. Authorities in Brussels have levied billions of dollars in fines and forced business changes at Amazon, Apple, Google and Meta for antitrust breaches, data abuses and the unchecked spread of illicit content.
Policymakers passed laws to keep the biggest tech companies from boxing out smaller rivals and to force social media platforms to combat disinformation and harmful material.

Those actions contrasted with the more hands-off approach of the United States, while offering a template for governments from Latin America to Asia to regulate the tech sector. Any retreat by Europe could ease pressure on the largest tech companies and signal the start of a more restrained era of oversight for the digital economy.

“Regulation cannot be the best export product of the EU,” said Aura Salla, a member of the European Parliament from Finland. Salla, who once worked as a lobbyist for Meta, said companies faced a “jungle” of overlapping and sometimes contradictory rules that slowed product development and pushed businesses to move elsewhere.

The digital simplification package is part of broader deregulatory push this year by Ursula von der Leyen, the European Commission president. It follows the departure of officials like her former vice president, Margrethe Vestager, who spearheaded much of the tech clampdown over the
past 10 years.

How far Europe’s policy shift might go remains to be seen. The proposals, already the target of heavy lobbying from Silicon Valley and other interest groups, are relatively narrow. But they reflect a growing belief in Brussels that changes are needed to revive Europe’s competitiveness. Criticism from the Trump administration that the bloc’s rules unfairly target US firms has added to the urgency.

The changes may not happen for months, as they require approval
from the European Parliament and a substantial majority of countries in the European Union.

Many of the proposed changes aim to encourage AI development in Europe. The potential changes to the GDPR would make it easier for companies to use data — including sensitive personal information — to build AI systems.

Officials also want to delay, until at least 2027, key pieces of the AI Act, the world’s most comprehensive law for the use of artificial intelligence. That could postpone enforcement of measures related to “high-risk” uses of AI in areas such as hiring and education. Regulators have faced pressure from US tech firms, as well as European businesses like Airbus, ASML and Mercedes-Benz, to slow the rollout of the law.

Another major change would redefine the European Union’s concept of “personal data,” relaxing a key privacy protection to make it easier for companies to sell information collected about users.

“This is really a mind-shift,” said Patrick Van Eecke, head of European cyber, data and privacy at the law firm Cooley, which represents many tech companies.

Some of the moves may be welcomed by consumers. One would scale back the widespread use of the pop-up boxes on websites that ask users to allow data tracking. People would be allowed to set their privacy preferences once in a browser, rather than being bombarded with requests at each website.

European officials have said the proposals do not represent a major deregulatory pivot and are aimed at simplifying rules to help businesses and consumers. But proponents of regulation fear the changes would weaken one of the few bulwarks against the tech industry.

“It’s really clear that the winds have been changing,” said Mathias Vermeulen, a co-founder of the digital policy consultancy AWO in Brussels. “A continent that has prided itself for at least a decade on its tech-focused regulation is now almost doing this complete U-turn and rethinking its approach.”

Vermeulen said tech regulation had become an easy scapegoat for Europe’s economic malaise. Scaling back oversight could benefit American and Chinese companies most of all, he said.

“Tweaks to the GDPR aren’t magically going to solve Europe’s competitiveness problem,” he said.

Many in Brussels are preparing to protect the tech regulations. Brando Benifei, a member of the European Parliament from Italy who helped draft the AI Act, warned of a “race-to-the-bottom deregulatory agenda.”

“The claim that Europe must choose between innovation and regulation is a false dichotomy,” he said. “Weakening accountability would be shortsighted from an economic point of view and democratically irresponsible.”

The European Union is not abandoning its oversight. Regulators are pressing ahead with major cases against tech companies. In April, Apple was fined 500 million euros (about $580 million) for anticompetitive business practices. Elon Musk’s social platform X is under investigation for its freewheeling approach to policing user content. Last week, the commission began investigating Google’s search-ranking policies.

The commission has not proposed amending two regulations that US tech companies complain the most about. One, the Digital Markets Act, is meant to encourage digital competitiveness. The other, the Digital Services Act, requires platforms to monitor harmful content on their websites.

Yet the changes to be released Wednesday are a notable evolution. The shift in tone could have global repercussions, if countries elsewhere follow suit.

“The EU is the most established, credible, legitimate model regulator,” said Anu Bradford, a Columbia Law School professor who coined the term “Brussels effect” to describe the European Union’s outsize influence on global oversight. If Europe pulls back, she said, other nations might think that “maybe we should be having second thoughts as well.”

Policymakers are trying to boost Europe’s position in the digital economy. The region trails in startup investment and is home to only a few major tech companies, like the music service Spotify, business software firm SAP and semiconductor equipment maker ASML. The highest-profile AI companies, such as OpenAI, are in the United States or China.

The European Union faces an “existential” threat to its prosperity without sweeping economic changes, Mario Draghi, a former president of the European Central Bank, warned in an influential report last year.

Michael McGrath, the European Union commissioner overseeing justice and consumer protection issues, said last week that the point of the digital tech package was “reducing administrative burden” for companies, calling it a “sensible initiative” that would iron out duplication through targeted tweaks.

Disclaimer: The views expressed above are the author's own. They do not necessarily reflect the views of DH.