I Support the EU AI Act Rollback — But Not for the Reasons Big Tech Does

Let me think through the next several years with as much clarity as available evidence allows. The near-term picture for the second half of 2026 centers on the formal legislative steps still separating the trilateral agreement from enacted law. The Digital Omnibus package has cleared its most politically complex stage — the three-way negotiation between Parliament, Council, and Commission — but still requires final chamber votes. The Greens/EFA and Left bloc in the European Parliament have characterized the deal as capitulation to Big Tech and will use the final vote process to push amendments, targeting the GDPR AI training clause particularly. These amendment efforts will generate media coverage and civil society mobilization. Realistically, however, trilateral agreements between the three EU institutions almost never get overturned in final votes — the political machinery required to reverse an inter-institutional deal is enormous, and the center-right majority that drove this agreement is stable. I assess the probability of the package passing final votes at above 85%, with member state transposition debates opening another front where France and Germany accommodate the liberalization while the Netherlands and Belgium may introduce additional domestic protections.

The more consequential near-term action will happen in courts rather than chambers. Max Schrems and the noyb organization have publicly announced they are preparing a legal challenge to the new GDPR AI training provision. This matters because Schrems has an exceptional litigation track record at the European Court of Justice — he successfully struck down both the EU-US Safe Harbor and Privacy Shield data transfer arrangements, affecting global data practices. If noyb files its challenge before the end of 2026, the GDPR provision could reach CJEU judicial review within 12 to 18 months. A successful challenge would not invalidate the entire Omnibus package, but it would remove its most commercially significant provision and create substantial legal uncertainty for every company that has structured AI training data practices around the "legitimate interest" basis. I rate the probability of a successful CJEU challenge at roughly 40 to 50%. That is high enough that any company with meaningful AI training data exposure should maintain contingency compliance architectures rather than fully relying on the new clause.

On the market side, the immediate signals after May 7 were positive. European AI sector sentiment improved noticeably, and flagship European companies like France's Mistral AI and Germany's Aleph Alpha publicly welcomed the deal. Grand View Research projects the European AI market to reach $370.3 billion by 2030 from $66.4 billion in 2024, at a 33.2% compound annual growth rate, and the regulatory extension creates meaningful runway for smaller players to reach commercial viability before heavy compliance costs land. I project the deadline extension will have a 15 to 20% positive impact on European AI startup venture capital fundraising in 2027. However, this positive signal does not close the structural investment gap with the United States, where venture capital accounts for 83% of global AI investment and the four largest tech companies are committing $725 billion to AI infrastructure annually. Regulatory relief alone cannot fix a capital formation deficit at that scale, and any framing of the Omnibus deal as a solution to Europe's AI competitiveness problem misreads both the problem and what this package actually delivers.

Looking at the 2027 to 2028 window, when the new compliance deadline actually arrives, the defining variable will be how the EU AI Office interprets its mandate and builds enforcement capacity during the extension period. An office that uses the 16 months to develop technically rigorous, practically workable guidance and evaluation infrastructure could make December 2027 implementation genuinely more effective than the August 2026 date would have been. An office that interprets the extension as permission to defer hard questions will arrive at December 2027 facing the same readiness deficit the current timeline revealed. My expectation, drawing on historical regulatory agency behavior, is that the EU AI Office will start in a company-accommodating mode and then pivot sharply toward stronger enforcement following the first major, publicly visible AI harm incident that generates political urgency. This mirrors the GDPR enforcement trajectory precisely: the regulation came into force in 2018 but meaningful large-scale enforcement didn't materialize until the British Airways incident in 2019 provided the political impetus. I assign greater than 70% probability to a similarly catalyzing AI harm incident occurring in Europe before the end of 2028.

The medium-term scenario that concerns me most is the intensification of global regulatory competition. The EU relaxing its framework sends a signal to the UK, Japan, Singapore, Canada, and politically active US states that their own approaches may be calibrated too restrictively relative to competitive pressure. The UK has already positioned itself explicitly as "pro-innovation" on AI policy, maintaining a sector-regulator-led soft framework rather than prescriptive horizontal legislation. Japan operates primarily on voluntary guidelines. Any further EU retreat could contribute to a global race to the bottom where each jurisdiction weakens AI requirements to avoid appearing less investment-friendly than its neighbors. The opposing scenario involves the US experiencing enough high-profile AI harm cases — documented algorithmic discrimination in hiring, financial injury from autonomous trading systems, medical errors from AI diagnostic tools — that federal legislative pressure produces comprehensive US AI regulation that makes the revised EU framework look permissive by comparison. I expect at least two major economies to pass new comprehensive AI regulation before 2028 ends. The EU AI Act will be referenced in those processes but will not be cited as a model framework to emulate.

The 2028 to 2031 long-term horizon is where the current Omnibus debate starts to look like a minor footnote to a larger structural transformation. The core architectural problem with any classification-based regulatory model — dividing systems into high-risk versus low-risk, prohibited versus permitted — is that it assumes AI deployments can be cleanly categorized by use case. By 2028, the most capable AI systems in commercial deployment will be general-purpose by design, with a single model handling medical diagnosis, legal research, hiring evaluation, financial forecasting, and creative content generation within the same deployment. What classification category does such a system belong to? The EU's current framework has no coherent answer, and it cannot develop one without fundamental architectural redesign. A second major revision of the EU AI Act — potentially amounting to a structural rewrite of its foundational approach — is, in my assessment, inevitable by 2029. The current Omnibus deal will be remembered as the moment the EU acknowledged its framework's structural limitations without being willing or able to address them at their root.

Running three scenarios forward to 2031: the bull case at roughly 20% probability has the EU using this transition period to fundamentally redesign its approach — shifting from pre-classification to post-hoc accountability, attracting a wave of AI investment that raises Europe's global share from 4% to 8-10%, and reestablishing Brussels as a credible global AI governance agenda-setter. EU InvestAI's €200 billion commitment and the AI Gigafactory program execute as projected, and a meaningful portion of McKinsey's estimated €480 billion annual AI sovereignty value is realized. The base case at 55% probability sees the Omnibus deal implemented roughly as written, with EU AI Office enforcement that is present but limited in practical effect during its first years, moderate European AI market growth that maintains rather than closes the structural gap with the US, and renewed reform pressure producing another major revision cycle starting around 2029. The bear case at 25% probability involves a successful CJEU challenge to the GDPR data clause combined with a major AI harm incident that triggers political backlash and a sharp regulatory overcorrection. European AI companies accelerate migration to US or UK jurisdictions. The Brussels Effect evaporates as a meaningful policy concept. Europe becomes globally characterized as the continent that only regulates AI rather than building it — a verdict that would be historically unfair and economically devastating.

I want to be transparent about where my projections could fail. If Big Tech exploits the GDPR data liberalization clause to enable large-scale privacy violations visible to European citizens in the second half of 2026, the political reaction could be fast and intense enough to reverse the Omnibus deal before full implementation — similar to how Cambridge Analytica provided the political energy that turned GDPR from aspirational framework to rigorously enforced regulation. If the US produces strong federal AI legislation before Europe finalizes its revised implementation, the EU's decision will look less like pragmatic adaptation and more like a historical miscalculation made at the worst possible moment. For startup founders, the right response is to treat the extended timeline as product development runway, not a compliance pass — December 2027 should remain a hard deadline in every product roadmap. For investors, gradually increasing European AI sector exposure while hedging against the data clause legal risk through portfolio diversification is the calibrated position. For individual citizens, the shift to "legitimate interest" as a default legal basis for AI training data means your data rights have quietly changed, and actively reviewing and exercising your opt-out options under the current GDPR framework is worth the time it takes. Ultimately, the most durable protection is informed individual agency — and that remains true regardless of how many times the rules change in Brussels.