AI at Risk in the EU: It’s Not Regulation, It’s Implementation
The implementation of the General Data Protection Regulation (GDPR) in the EU, rather than the regulation itself, is holding back technological innovation. The EU’s data protection governance architecture is complex, leading to contradictory interpretations among Member States. This situation is pro...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Cambridge University Press
|
| Series: | European Journal of Risk Regulation |
| Subjects: | |
| Online Access: | https://www.cambridge.org/core/product/identifier/S1867299X25000194/type/journal_article |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849232968250294272 |
|---|---|
| author | Judith Arnal |
| author_facet | Judith Arnal |
| author_sort | Judith Arnal |
| collection | DOAJ |
| description | The implementation of the General Data Protection Regulation (GDPR) in the EU, rather than the regulation itself, is holding back technological innovation. The EU’s data protection governance architecture is complex, leading to contradictory interpretations among Member States. This situation is prompting companies of all kinds to halt the deployment of transformative projects in the EU. The case of Meta is paradigmatic: both the UK and the EU broadly have the same regulation (GDPR), but the UK swiftly determined that Meta could train its generative AI model using first-party public data under the legal basis of legitimate interest, while in the EU, the European Data Protection Board (EDPB) took months to issue an Opinion that national authorities must still interpret and implement individually, leading to legal uncertainty. Similarly, the case of Deepseek has demonstrated how some national data protection authorities, such as the Italian Garante, have moved to ban the AI model outright, while others have opted for investigations. This fragmented enforcement landscape exacerbates regulatory uncertainty and hampers EU’s competitiveness, particularly for startups, which lack the resources to navigate an unpredictable compliance framework. For the EU to remain competitive in the global AI race, strengthening the EDPB’s role is essential. |
| format | Article |
| id | doaj-art-5a2ea36338134e6e9cb222c870cb068e |
| institution | Kabale University |
| issn | 1867-299X 2190-8249 |
| language | English |
| publisher | Cambridge University Press |
| record_format | Article |
| series | European Journal of Risk Regulation |
| spelling | doaj-art-5a2ea36338134e6e9cb222c870cb068e2025-08-20T13:13:31ZengCambridge University PressEuropean Journal of Risk Regulation1867-299X2190-824911010.1017/err.2025.19AI at Risk in the EU: It’s Not Regulation, It’s ImplementationJudith Arnal0https://orcid.org/0009-0008-8323-2961Centre for European Policy Studies, Brussels, Belgium Real Instituto Elcano, Madrid, SpainThe implementation of the General Data Protection Regulation (GDPR) in the EU, rather than the regulation itself, is holding back technological innovation. The EU’s data protection governance architecture is complex, leading to contradictory interpretations among Member States. This situation is prompting companies of all kinds to halt the deployment of transformative projects in the EU. The case of Meta is paradigmatic: both the UK and the EU broadly have the same regulation (GDPR), but the UK swiftly determined that Meta could train its generative AI model using first-party public data under the legal basis of legitimate interest, while in the EU, the European Data Protection Board (EDPB) took months to issue an Opinion that national authorities must still interpret and implement individually, leading to legal uncertainty. Similarly, the case of Deepseek has demonstrated how some national data protection authorities, such as the Italian Garante, have moved to ban the AI model outright, while others have opted for investigations. This fragmented enforcement landscape exacerbates regulatory uncertainty and hampers EU’s competitiveness, particularly for startups, which lack the resources to navigate an unpredictable compliance framework. For the EU to remain competitive in the global AI race, strengthening the EDPB’s role is essential.https://www.cambridge.org/core/product/identifier/S1867299X25000194/type/journal_articleAIcompetitivenessdata protectionGDPRregulation |
| spellingShingle | Judith Arnal AI at Risk in the EU: It’s Not Regulation, It’s Implementation European Journal of Risk Regulation AI competitiveness data protection GDPR regulation |
| title | AI at Risk in the EU: It’s Not Regulation, It’s Implementation |
| title_full | AI at Risk in the EU: It’s Not Regulation, It’s Implementation |
| title_fullStr | AI at Risk in the EU: It’s Not Regulation, It’s Implementation |
| title_full_unstemmed | AI at Risk in the EU: It’s Not Regulation, It’s Implementation |
| title_short | AI at Risk in the EU: It’s Not Regulation, It’s Implementation |
| title_sort | ai at risk in the eu it s not regulation it s implementation |
| topic | AI competitiveness data protection GDPR regulation |
| url | https://www.cambridge.org/core/product/identifier/S1867299X25000194/type/journal_article |
| work_keys_str_mv | AT juditharnal aiatriskintheeuitsnotregulationitsimplementation |