EC Withdrawal of ePrivacy, and AI Liability Proposals Brings Mixed Reactions
The European Commission withdrew two controversial pieces of legislation from its 2025 work program, bringing cheers Wednesday from the tech sector as a consumer group jeered.
Sign up for a free preview to unlock the rest of this article
It pulled a proposal for an ePrivacy regulation protecting personal data in electronic communications because of "no foreseeable agreement" between the European Parliament and EU Council.
In addition, it said in an annex, "the proposal is outdated in view of some recent legislation in both the technological and the legislative landscape." The regulation would have extended electronic privacy rules beyond telcos to new players providing e-communications such as WhatsApp and Facebook Messenger.
The EC also decided not to pursue its plan for a directive on non-contractual civil liability rules for AI (AILD), citing the lack of a foreseeable agreement between the Parliament and Council, and adding that it would "assess whether another proposal should be tabled or another type of approach should be chosen." The AILD would, among other things, have ensured that victims of damage caused by AI received equivalent protection to victims of damage caused by other products.
Binning the proposals is intended to simplify EU rulemaking and reduce administrative burdens at least 25%, and at least 35% for small and mid-sized businesses, the EC said. Among other things, "We will accelerate our path to a digital regulatory environment, and will propose to remove inefficient requirements for paper formats in product legislation and build synergies and consistency for data protection and cybersecurity rules."
Industry groups representing AI developers and users pressed the EC in late January to drop the AILD, saying it would "add unnecessary legal complexity and uncertainty to an already intricate and novel legal framework impacting AI in Europe." Moreover, the groups wrote, the value of the proposal is unclear given existing laws on liability and consumer protection.
The EU recently adopted a Product Liability Directive to extend the bloc's liability regime for defective products to software and AI, the letter said. EU countries have until December 2026 to enact the directive into their national laws, so it should at least be given time to work before new liability rules are enacted, it said.
In addition, AI is already subject to other laws, such as the EU AI Act, GDPR, Digital Services Act and Data Act, the groups wrote. Signers included the Computer and Communications Industry Association Europe (CCIA), Business Software Alliance and Information Technology Industry Council.
CCIA Europe cheered the EC's decision on ePrivacy and AI. Proposed in 2017, the ePrivacy regulation has been "caught in limbo" since 2020, CCIA noted. Withdrawing the AILD reflects "serious concerns raised by industry, multiple Member States, and Members of the European Parliament."
The European Consumer Organisation (BEUC), however, criticized removal of the legislation. When consumers use AI, they must be sure someone is held accountable when something goes wrong, said BEUC Director General Agustin Reyna. He urged the EC to "not listen to industry interests only."