Overview
- High-risk AI obligations would be postponed to December 2, 2027—or to August 2, 2028 for categories defined as high-risk by harmonization laws—an especially consequential shift for employment-related AI systems.
- Further AI Act adjustments would move AI literacy duties toward EU institutions, permit limited use of special-category data to detect bias once safer options are exhausted, and expand the role of the EU AI Office.
- Compliance relief includes dropping registration for providers that deem Annex III systems not high-risk, easing documentation, simplifying quality management for SMEs, and creating EU-wide sandboxes with priority access for small firms.
- GDPR revisions would narrow when data is considered personal and broaden lawful grounds to train models on Europeans’ data; privacy groups such as noyb warn this could weaken protections for adtech and data brokers.
- Cookie rules would reduce pop-ups by exempting low-risk uses and by honoring standardized, machine-readable browser privacy signals when available, with the entire package still subject to European Parliament and Council negotiations.