The European Union has decided to delay enforcement of high-risk artificial intelligence rules until the end of 2027, pulling back Europe’s digital sovereignty strategy by a step.

Cryptopolitan reported on May 7 that the adjustment was pushed to reduce the competitive burden on AI companies in Europe, but has also drawn criticism that it could increase the influence of U.S. big tech.

The biggest change is the regulatory timeline for high-risk AI systems used in biometric identification, critical infrastructure and law enforcement. The rules were originally set to start this year, but the enforcement date has been pushed back to the end of 2027. Some industries, including machine manufacturers, will receive exemptions even after the law takes effect. The EU decided to exclude equipment already managed under existing industrial regulations from the scope of the AI law. The European Commission reflected the adjustment after companies raised concerns about overlapping regulation and added administrative burdens.

European companies have argued that new regulation slows the pace of innovation. The agreement was designed to give European companies time to face U.S. rivals. Still, concerns have been raised that the policymaking process has tilted too far toward big tech companies. The agreement is not yet final and remains a provisional deal reached after prolonged negotiations between national representatives and European Parliament members, with formal approval procedures still pending.

Not all regulation was eased. The EU decided to ban AI tools that generate sexually explicit images of a specific person without consent. From December this year, content made by AI must carry a visible watermark or label. Dutch European Parliament member Kim van Sparrentak (킴 판 스파렌탁) said the ban on pornographic deepfakes is mainly intended to protect women and children from harmful uses of generative AI.

The regulatory adjustment comes at a sensitive time for Europe’s AI industry. DeepL, a translation AI company headquartered in Cologne, Germany, recently decided to work with Amazon Web Services. Some in the industry voiced concern that Europe may be handing over competitiveness in machine translation to U.S. cloud companies.

DeepL is known as a company that has consistently outperformed Google Translate in accuracy evaluations. Governments and courts, and half of U.S. Fortune 500 companies, use its service. Revenue last year was $185.2 million. Last month it also introduced real-time speech-to-speech translation. But it notified paying customers that it will no longer process data only on its own servers going forward. DeepL said it needs AWS for international expansion.

The decision has revived concerns about data control. Joerg Weisshaupt (외르크 바이스하우프트), who runs the Malozika Group, a software company in Madeira, Portugal, decided to stop using DeepL after the AWS announcement. "I can no longer safely upload contracts or internal strategy documents," he said. "This is confidential documentation, and I ultimately want to know where it goes."

DeepL countered that Amazon cannot view or use customer data. The company said customer information is encrypted and is not used to train AI models. Weisshaupt, however, cited the U.S. Patriot Act enacted in 2001 and the Cloud Act of 2018, saying the U.S. government can require cloud providers to hand over information.

In July last year, a Microsoft legal executive said at a French hearing that it could not guarantee protection of EU customer data if the Trump administration demanded access to information on Microsoft servers. DeepL offers a data residency option that promises data remains in Europe, but some in the market question whether such promises are sufficient.

Ultimately, the EU’s regulatory adjustment and DeepL’s infrastructure choice lead to the same question. Europe is delaying regulation and increasing flexibility to strengthen competitiveness in its domestic AI industry, but in core infrastructure and data control it still has not broken free of dependence on U.S. technology companies. The formal approval process and companies’ actual responses will remain variables that determine the direction of Europe’s AI policy.