The European Union (EU) faces a contradiction that defines its relationship with artificial intelligence (AI): while studying relaxing the General Data Protection Regulation (GDPR) to boost innovation and improve data management, it has decided to postpone until December 2027 the application of the AI Law for high-risk systems. Two decisions that reveal the difficulty that Europe is finding to advance in the technological race without compromising its principles.
Privacy in question
The GDPR made Europe a global benchmark in data protection since 2018, but its principles of minimization and purpose limitation clash with the needs of generative AI, which requires large volumes of data to train models such as ChatGPT or Gemini.
As revealed by the newspaper Politico, Brussels is considering reclassifying AI development as an activity of public interest or scientific research, which would allow anonymized data to be reused without requesting new consent.
For Sergio García Estradera, manager of i3e, this proposal “represents a profound ideological change. Redefining scientific research to include commercial products opens the door to a systematic erosion of digital rights and the protection of personal data.” García insists: “Europe is late to the AI race, but it cannot betray the principles that have defined it. Privacy should not be a currency, but rather a competitive advantage if it is integrated into a responsible innovation framework.”
A legal vacuum that worries
At the same time, the European Commission has delayed the entry into force of the AI Law, approved in 2024, for more than a year to ensure that innovation does not compromise privacy or digital resilience. The official objective: to gain time to define technical standards and alleviate the administrative burden, which could save companies up to 225 million euros. But the postponement leaves critical systems such as biometric identification, credit evaluation or urban traffic management exposed to a legal vacuum.
“Postponing regulation means living with technologies that handle critical data without clear security standards,” García warns. In a context where cyberattacks grow by 30% annually and AI become attack vectors, the expert warns: “Administrative simplification should not translate into lack of protection. Companies must anticipate with audits, robust authentication and continuous monitoring to prevent the lack of regulation from becoming a systemic risk.”
Europe seeks to confront giants like the United States and China in this technological race, but it does so amid political and ethical tensions. The Commission plans to present a formal proposal on the GDPR in the coming months, while the AI Law remains on hold. The challenge is clear: can Europe lead innovation in a data-driven economy without giving up its values?
Digital transformation processes
i3e is a Spanish company with 25 years of experience in the technology sector, specialized in offering comprehensive solutions in IT consulting, cybersecurity, managed services and custom software development. With an approach focused on innovation, quality and customer proximity, i3e accompanies organizations of all sizes in their digital transformation processes. Its multidisciplinary team works under methodologies such as PMP, AGILE, ITIL and Prince, guaranteeing efficiency, security and adaptation to current technological challenges.
The official objective: to gain time to define technical standards and alleviate the administrative burden
The business group is completed by Keyjob, specialized in temporary employment and with more than 2,000 active people; PC Tech, focused on technical assistance in Madrid; and Iberservicios, dedicated to the outsourcing of hotel management. Together, the ecosystem has 230 employees and operates under a centralized technological infrastructure that ensures efficiency, scalability and quality in all services.
