BRUSSELS — The European Commission said it is “not empowered to take action” amid concerns about the appointment of a former tech lobbyist to Ireland’s privacy regulator. The Irish Council for Civil Liberties — a non-profit transparency campaign group — on Tuesday filed a complaint calling on the Commission to launch an inquiry into how Niamh Sweeney was appointed to co-lead the Irish Data Protection Commission. Citing reporting from POLITICO, the complaint alleges the appointment process “lacked procedural safeguards against conflicts of interest and political interference.” It’s the first formal challenge to the decision after Sweeney took up her role as one of three chief regulators at Ireland’s top data regulator this month. Her prior experience as a lobbyist for Facebook and WhatsApp reignited concerns that the regulator is too close to Big Tech. In response to the complaint, Commission spokesperson Guillaume Mercier said that “it is for the member states to appoint members to their respective data protection authorities.” The Commission “is not involved in this process and is not empowered to take action with respect to those appointments,” Mercier told a daily press briefing Tuesday. He emphasized that countries do need to respect requirements set out in EU law — that the appointment process must be “transparent,” and that those appointed should “have the qualifications, the experience, the skills, in particular in the protection of personal data, required to perform their duties and to exercise their powers.” The complaint asked the Commission to look into the appointment as part of its duties to oversee the application of EU law, claiming these responsibilities had not been met by Ireland. Sweeney was appointed by the Irish government on the advice of the Public Appointments Service, the authority that provides recruitment services for public jobs, which has previously expressed its full confidence in the process.

The Dutch data protection watchdog has warned voters not to ask artificial intelligence chatbots for voting advice ahead of the country’s general election next week. “AI chatbots give a highly distorted and polarized image of the Dutch political landscape in a test,” the data protection watchdog warned in a study published on Tuesday. “We warn not to use AI chatbots for voting advice, because their operations are not transparent and verifiable,” Monique Verdier, vice-chair of the authority, said in a statement. She called upon the chatbot developers to “prevent that their systems are being used for voting advice.” Dutch voters elect a new parliament next Wednesday. The Dutch data protection authority ran an experiment on how parties were portrayed in voting advice across four different chatbots, including OpenAI’s ChatGPT, Google’s Gemini, Elon Musk’s Grok and French Mistral AI’s Le Chat. The authority set up profiles that matched different political parties (based on vetted Dutch voting-aid tools), after which it asked the chatbots to give voting advice for these profiles. Voter profiles on the left and progressive side of the spectrum “were mostly directed to the GreenLeft-Labor” party led by former European Commission Executive Vice President Frans Timmermans, while voters on the right and conservative side “were mostly directed to the PVV,” the far-right party led by Geert Wilders that is currently leading in the polls. Centrist parties were hardly represented in the voting advice, even though these parties were represented equally in the voter profiles fed to the chatbots. OpenAI, Google and Mistral have all signed up to the EU’s code of practice for the most complex and advanced AI models, while Grok’s parent company xAI has signed up to parts of it. Under the code, these companies commit to address risks stemming from their models, including risks to fundamental rights and society. The Dutch authority argued that chatbots giving voting advice could be classified as a high-risk system under the EU’s AI Act, for which a separate set of rules will start to apply from mid-next year.

TIRANA — Albania has become the first country in the world to have an AI minister — not a minister for AI, but a virtual minister made of pixels and code and powered by artificial intelligence. Her name is Diella, meaning sunshine in Albanian, and she will be responsible for all public procurement, Prime Minister Edi Rama said Thursday. During the summer, Rama mused that one day the country could have a digital minister and even an AI prime minister, but few thought that day would come around so quickly.  At the Socialist Party assembly in Tirana on Thursday, where Rama announced which ministers would get the chop and which would stay on for another mandate, he also introduced Diella, the only non-human member of the government. “Diella is the first member not physically present, but virtually created by artificial intelligence,” he told party members. Rama stated that decisions on tenders would be taken “out of the ministries” and placed in the hands of Diella, who is “the servant of public procurement.” He said the process will be “step-by-step,” but Albania will be a country where public tenders are “100 percent incorruptible and where every public fund that goes through the tender procedure is 100 percent legible.” “This is not science fiction, but the duty of Diella,” he said. Diella has already been introduced to Albanian citizens as she powers the country’s e-Albania platform, which allows citizens to access almost all government services digitally. She even has an avatar, appearing as a young woman dressed in traditional Albanian clothing. Diella will evaluate tenders and have the right to “hire talents here from all over the world,” while breaking down “the fear of prejudice and rigidity of the administration.” Albania has long battled with corruption, particularly in public administration and in the area of public procurement. The matter has been repeatedly highlighted by the European Union in its annual rule of law reports. Rama swept to a historic fourth mandate in May 2025, on a ticket of joining the bloc by 2030.

BRUSSELS — Two of Europe’s tech powerhouses tied the knot on Tuesday in a landmark deal that bolsters a push by politicians to reduce reliance on the United States for critical technology. Dutch microchips champion ASML confirmed it was investing €1.3 billion in French AI frontrunner Mistral, one of the few European companies that is able to go head-to-head with U.S. leaders like OpenAI and Anthropic on artificial intelligence technology.  It’s a business deal soaked in politics. Officials from Brussels to Paris, Berlin and beyond have called for Europe to reduce its heavy reliance on U.S. technology — from the cloud to social media and, most recently, artificial intelligence — under the banner of “tech sovereignty.”  “European tech sovereignty is being built thanks to you,” was how France’s Junior Minister for Digital Affairs and AI Clara Chappaz cheered the deal on X. Europe has struggled to stand out in the global race to build generative AI ever since U.S.-based OpenAI burst onto the scene in 2022 with its popular ChatGPT chatbot. Legacy tech giants like Google quickly caught up, while China proved its mettle early this January when DeepSeek burst onto the scene. European politicians can showcase the ASML-Mistral deal as proof that European consumers and companies still can rely on homegrown tools. That need has never been more urgent amid strained EU-U.S. ties under Donald Trump’s repeated attacks against EU tech regulation. But the deal also illustrates that while Europe can excel in niche areas, like industrial AI applications, winning the global consumer AI chatbot race is out of reach. EUROPE KEEPS CONTROL Tuesday’s deal brings together two European companies that are most closely watched by those in power. ASML, a 40-year-old Dutch crown jewel, has grown into one of the bloc’s most politically sensitive assets in recent years. The U.S. government has repeatedly tried to block some of the company’s sales of its advanced microchips printing machines to China in an effort to slow down Chinese firms.  Mistral is only two years old but has been politically plugged in from the start, with former French Digital Minister Cédric O among its co-founders.      When the company faced the need to raise new funding this summer, several non-European players were floated as potential backers, including the Abu Dhabi-based MGX state fund. There were even rumors Mistral could be acquired by Apple. Apple’s acquisition of Mistral would have been “quite negative” for Europe’s tech sovereignty aspirations, said Leevi Saari, EU policy fellow at the U.S.-based AI Now Institute, which studies the social implications of AI. “The French state has no appetite [for] letting this happen,” he added.  Getting financing from an Abu Dhabi-based fund, conversely, would have reinforced the perception that Europe can provide the millions in venture capital funding needed to start a company, but not the billions needed to scale it.  With this week’s €1.7 billion funding round led by ASML, Europe’s tech sovereignty proponents can breath a sigh of relief. “European champions creating more European champions is the way to go forward and it needs further backing from the EU,” said Dutch liberal European Parliament lawmaker Bart Groothuis in a statement. The deal is also what officials, experts and the industry want to see more of: one where startups are backed by an established European corporation rather than a venture capitalist. “A European corporation finally investing massively in a European scale-up from its industry, even [if] it [is] not directly tied to its core business,” said Agata Hidalgo, public affairs lead at French startup group France Digitale, on Linkedin. A French government adviser, granted anonymity to speak freely on private deals, said they felt “hyped” by the news after months of uncertainty due to Mistral’s refusal to publicly deny talks with Apple. The deal is also expected to avoid any close scrutiny from Europe’s powerful antitrust regulators, which in the past have intervened in mergers and deals to keep the market competitive. Tuesday’s deal is not a full takeover and does not need merger clearance. Nicolas Petit, a competition law professor at the European University Institute, said there was “nothing to see here unless the EU wants to shoot itself in the foot with a bazooka.” “It’s a non-controlling investment, and neither ASML [nor] Mistral AI compete in any product or service market,” he added. REALITY CHECK While the incoming Dutch investment goes a long way toward keeping Mistral in European hands, it also determines the path forward for the French artificial intelligence challenger.  Mistral had already been struggling “to keep up with the race for market share” with other large language models, Saari claimed in a blogpost published last week, in which he cited numbers suggesting that Mistral’s market share is “around 2 percent.”  “Mistral was known to face challenges both technically and in finding a business model,” said Italian economist Cristina Caffarra, who has been leading the charge for European tech sovereignty through the Eurostack movement. “It’s great they found a European champion anchor investor” that will, in part, “protect them from the [venture capital] model.” Tuesday’s deal could mean that Mistral will get more support to work on industrial applications instead of a consumer-facing chatbot that venture capitalists like to propagate.  “With Mistral AI we have found a strategic partner who can not only deliver the scientific AI models that will help us develop even better tools and solutions for our customers, but also help us to improve our own operations over time,” ASML CEO Christophe Fouquet wrote in a post on Linkedin.  ASML’s main customers are the world’s biggest microchips manufacturers, including Taiwan’s TSMC and America’s Intel. The company also has a wide network of industrial suppliers, which could be leveraged as well. For Mistral, catering to European industrial applications could strengthen its business. But it could also be seen as a tacit admission that in the global AI race, Europe has to pick its battles.  Francesca Micheletti and Océane Herrerro contributed reporting.

Ireland’s Data Protection Commission (DPC) has launched a fresh inquiry into TikTok’s transfers of personal data to Chinese servers, it said Thursday, following on from its investigation that led to a €530 million fine against the company in April. The Irish regulator in April was informed by TikTok of an issue that meant a limited amount of EU user data had been stored on servers in China, an issue it said it discovered in February. The discovery contradicted the firm’s long-held position that personal data of EU users was only accessed remotely by the platform’s staff in China. But it came only just before the investigation concluded. Because of this, the DPC did not investigate it fully. The regulator in April fined TikTok for not sufficiently protecting EU personal data from Chinese state surveillance. The DPC earlier this year expressed “deep concern” that TikTok submitted “inaccurate information to the inquiry.” In a statement on Thursday, it said it had decided to open a new inquiry into the personal data transfers to servers in China after consulting with other data protection authorities in Europe. The Irish regulator said the inquiry will focus on whether TikTok has complied with its obligations under the EU’s General Data Protection Regulation, including articles relating to accountability, transparency, cooperation with supervisory authorities and compliance with rules around data transfers outside of the EU. TikTok was notified earlier this week about the Irish DPC’s decision to launch a fresh inquiry. The company has been contacted for comment.

A group of 46 leaders of Europe’s largest companies are calling on Brussels to pause the implementation of the Artificial Intelligence Act, in an open letter on Thursday. “We urge the Commission to propose a two-year ‘clock-stop’ on the AI Act before key obligations enter into force,” the group of C-suite leaders wrote. The letter was signed by companies including Airbus, TotalEnergies, Lufthansa, ASML, Mistral and other giants across a wide range of industries. The landmark tech regulation has come under scrutiny in Brussels as part of an effort by European Union officials to cut red tape to boost its economy. The AI Act in particular has faced intense lobbying pressure from American tech giants in past months. European Commission tech chief Henna Virkkunen told POLITICO this week she would make a call on whether to pause the implementation by end August if standards and guidelines to implement the law are not ready in time. The chief officials lamented that “unclear, overlapping and increasingly complex EU regulations” is disrupting their abilities to do business in Europe. A pause would signal that the EU is serious about simplification and competitiveness to innovators and investors, they added. The pause should apply both to provisions on general-purpose AI that take affect on August 2, as well as systems classified as high-risk, that have to apply the rules in August 2026, the letter said.

WhatsApp plans to roll out a new advertising model in the coming months, but the company has told Ireland’s privacy regulator that it won’t affect the EU until next year. WhatsApp owner Meta announced the launch of new features in WhatsApp’s “Updates” tab on Monday, including targeted advertisements and a subscription model. It said the features would start to appear for users “over the next several months.” The announcement immediately raised concern among privacy organizations, in particular the fact that Meta will also use “ad preferences and info” from across people’s Facebook and Instagram accounts, where they are linked to WhatsApp. Speaking to reporters on Thursday, the Irish Data Protection Commission, responsible for enforcing the EU’s General Data Protection Regulation against Meta, said that it has been informed by WhatsApp that its advertising model won’t roll out in the EU until 2026. “That new product won’t be launching [in] the EU market until 2026. We have been informed by WhatsApp and we will be meeting with them to discuss any issues further,” said Commissioner Des Hogan. He added that the advertising model will be discussed with other data protection authorities “so that we can reflect back any concerns which we have as European regulators.” A spokesperson for WhatsApp confirmed that the advertising model is a “global update, and it is being rolled out gradually around the world.” Meta said in the announcement that the new features are built “in the most privacy-oriented way possible,” and has emphasized that sharing of data between WhatsApp, Instagram and Facebook will only happen when users have opted in to having their accounts linked. The U.S. social media giant previously paused the rollout of flagship artificial intelligence technology in the EU over privacy concerns from the Irish regulator. Commissioner Dale Sunderland said that regarding WhatsApp’s advertising model, they “haven’t had that sort of conversation” with the company. “We’re still early days, we’ll engage as we do with every other new feature, new issue that they bring to us … and at this stage, it’s too early to say what, if any, will be any red line issues,” he said.

BRUSSELS — The European Union’s most iconic tech law was long thought to be untouchable. Those days are over. The EU executive on Wednesday will present its plan to amend the General Data Protection Regulation, GDPR for short, to ease reporting requirements for small and cash-strapped businesses. That same evening, EU officials are negotiating the final details of a separate law that’s meant to fix some of what’s seen as the GDPR’s original design flaws. It’s the latest law to fall victim to the European Commission’s drive to slash red tape and “simplify” EU legislation for the benefit of businesses and growth. The EU’s landmark economic report by former Italian Prime Minister Mario Draghi warned in September that Europe’s complex laws were preventing its economy from keeping up with the United States and China. Draghi singled out the GDPR in particular as hampering innovation. Digital rights groups and EU insiders often praise the GDPR for setting the global standard for the protection of privacy. For many businesses, though, it is seen as a symbol of costly, burdensome EU rules. But changing the GDPR threatens to topple a delicate balance between privacy activists and business lobbies in Brussels. Mario Draghi singled out the GDPR in particular as one of the laws hampering innovation. | Teresa Suarez/EFE via EPA Negotiations on the GDPR from 2012 to 2016 triggered one of the biggest lobbying efforts Brussels has ever seen. Since it took effect in 2018, the EU has steered clear of amending it, fearing it would reignite the vicious lobbying war. The Commission has preempted some of those worries, saying its simplification proposals will be limited to easing reporting requirements and won’t touch the underlying principles of the GDPR.   A review of the law last summer showed “the need for greater support [for] businesses, especially SMEs, in their compliance efforts,” Justice Commissioner Michael McGrath said.   Emails seen by POLITICO earlier this month showed the proposal is expected to extend reporting exemptions currently reserved for SMEs (with fewer than 250 employees) to mid-cap companies (with fewer than 500 employees). It would also create more exemptions for these smaller businesses, freeing them from keeping records or preparing privacy impact assessments. On Wednesday evening, negotiators will head into final crunch talks to agree on extra rules to speed up GDPR investigation procedures. The new rules aim to spur sluggish cross-border data protection probes, which can drag on for years and often involve Big Tech companies. The goal is to set clearer ground rules for how national data protection regulators work together, clarify the rights of complainants and those being investigated during the process, and, crucially, set concrete deadlines for investigations.  According to four people familiar with the negotiations, most of the text has already been agreed, and the main things left to be hammered out on Wednesday evening are the length of deadlines and judicial remedies.   The EU is unlikely to stop there in its efforts to trim its famed privacy law. When consulting companies and experts about Wednesday’s proposal, the Commission said there could be “possible future reflection on the application of the GDPR.” In a separate consultation about an upcoming Data Union Strategy, it also name-checked the GDPR as one law on the table for possible “consolidation.”  And countries have asked the EU executive to clarify how the new Artificial Intelligence Act interacts with the GDPR, according to a document obtained by POLITICO. Pieter Haeck contributed reporting.

The United States should see the United Nations as something it can benefit from, rather than charity, the body’s tech envoy said Tuesday. The U.S. withdrew from several U.N. bodies, including its Human Rights Council. Asked about the United Nations’ reaction, the U.N. Secretary General’s Envoy on Technology Amandeep Singh Gill said the U.N. is critical for peace and security, upholding human rights and advancing sustainable development. “These efforts are not charity,” he told POLITICO’s AI & Tech Summit. The U.N.’s programs and initiatives “benefit all of us … They might even benefit partners in the global north more than those in the global south,” he said, in part because global technology initiatives drive cross-border trade and investment. Gill echoed U.N. Secretary General António Guterres’s promise this week to cut costs and streamline the body’s operations — an apparent response to the U.S. administration cutting contributions and participation. Gill said the U.N. will strive “to achieve more efficiency and effectiveness in delivering value for member states.”

EU privacy regulators have for the first time taken aim at Beijing’s sweeping surveillance laws in a ruling that threatens to cut off data pipelines with China to protect Europeans.  Ireland’s powerful privacy regulator slapped TikTok with a €530 million fine on Friday, ruling it illegally sent data to China and couldn’t guarantee this was safe from government snooping. The decision is a watershed moment for Europe’s relationship with Beijing when it comes to the bloc’s flagship data privacy rules and has significant implications for any company transferring personal data from the EU to China. Friday’s ruling means the “screw is turning” on data flows to China, said Joe Jones, research director at the International Association of Privacy Professionals, which represents people working in the world of privacy globally. “We’ve had over a decade of EU-U.K., EU-U.S. fights and sagas on [data flows]. This is the first time we’ve seen anything significant on any other country outside of that transatlantic triangle — and it’s China,” said Jones. Most high-level enforcement of the EU’s General Data Protection Regulation (GDPR) has so far targeted American tech giants, as Europe and the United States have bickered over legal protections for personal data sent across the Atlantic.  Chinese surveillance and data privacy breaches remained out of the EU’s crosshairs but the growth in popularity and EU presence of big Chinese players has now cast a spotlight on Beijing’s techno-authoritarian tendencies.  Earlier this year, six Chinese companies (AliExpress, SHEIN, Temu, WeChat and Xiaomi as well as TikTok) were the target of complaints filed with European data protection authorities by Austrian privacy group Noyb, founded by privacy activist Max Schrems.  The third-largest fine ever for a breach of the EU’s data protection rulebook, Friday’s decision by Ireland’s Data Protection Commission highlights that China’s laws are fundamentally at odds with European data protection principles. The fact that the Irish decision was backed by all European data protection authorities with no objections is “pretty significant,” Jones said. “I expect the question of where data can flow, and how, will quickly become part of the conversation on competitiveness.” TikTok, in its response, said the ruling “risks setting a precedent with far-reaching consequences for companies and entire industries across Europe that operate on a global scale,” and “delivers a blow to the European Union’s competitiveness.” The decision is a watershed moment for Europe’s relationship with Beijing when it comes to the bloc’s flagship data privacy rules and has significant implications for any company transferring personal data from the EU to China. | Erik S. Lesser/EFE via EPA The ruling, and especially the fact that TikTok had been storing a limited amount of European user data on Chinese servers, is also likely to prick the ears of U.S. authorities which are trying to force a sale of TikTok from Chinese parent ByteDance to a U.S. owner. The U.S. has similar concerns over how Chinese authorities can access Americans’ data. TikTok has repeatedly insisted it does not store U.S. data in China. THE €530 MILLION QUESTION TikTok has been working for years to stave off a heavy fine. Companies sending EU data to China don’t have an overarching legal framework for this as they would for territories such as the U.S. — instead they rely on individual contracts, through which China-based companies receiving EU data pledge to follow EU protections.  Two years after the Irish investigation was launched, TikTok also unveiled a €12 billion plan called Project Clover to assuage EU concerns over Chinese surveillance through the app. This centered around keeping European users’ data on servers in Europe and allowing a European security company far-reaching access to audit cybersecurity and data protection controls. Just this week, TikTok confirmed a €1 billion investment in a new data center in Finland.  The question now being asked by TikTok and other European businesses sending data to China is: If specific contracts and locating data servers in the EU is not enough to please regulators, then what is?   TikTok said on Friday it was “disappointed to have been singled out” despite it relying on the “same legal mechanism employed by thousands of other companies providing services in Europe.” “If the extensive measures implemented under Project Clover … as well as independent, third-party monitoring are deemed insufficient, it’s reasonable to ask: what would be considered sufficient?” said Christine Grahn, TikTok’s head of public policy and government relations for Europe. TikTok now has six months to find a way to make its data transfers to China compliant with the GDPR or shut off the flow of EU data to China entirely.   The company has said it plans to challenge the decision, which will delay the six-month ultimatum. But any business taking a similar legal approach to TikTok will now be in the dark about how it can legally send data to China. ‘GREY ZONE’ Chinese laws like the Anti-Terrorism Law, the Counter-Espionage Law, the Cybersecurity Law and the National Intelligence Law give the government sweeping powers to order Chinese companies to hand over data. Tim Rühlig, senior analyst for Asia and Global China at the European Union Institute for Security Studies said that there is currently a legal “gray zone” in terms of how those surveillance laws apply to data stored outside of China. “It’s a one-size-fits-all clause that says organizations [and] natural persons of China have to comply with security services when asked something. I have a hard time seeing a Chinese company saying, ‘Sorry that that piece of data that you’re asking for lies on a European server,’” he said. Rogier Creemers, lecturer in Modern Chinese Studies at Leiden University, said it was “notoriously difficult to monitor” how often Chinese authorities actually use these powers, but the risk that EU citizen data will be snooped on is “not zero.”  Although the Irish regulator’s decision is specifically related to TikTok’s data handling practices, Creemers said that other companies sending data to China will “definitely reassess their own compliance strategies with the GDPR, and whether those compliance strategies will need to be revised.”