AI News: Startup News and Steps to Prepare for Simplified GDPR Changes Impacting AI in 2026

The European Commission has unveiled a proposal to simplify GDPR regulations, focusing on reducing hurdles for AI development and making cookie consent less intrusive. As an entrepreneur navigating ever-tightening regulations, I find this a significant step towards balancing data protection and innovation in a growing market. Let's break down what these changes mean for startups, businesses, and individuals.

What the Proposed Changes Aim to Tackle

The General Data Protection Regulation (GDPR) has been a landmark law, holding businesses accountable for how they handle user data. But for many entrepreneurs, especially those in the tech and AI sectors, it has also been a maze of legal complexity and unpredictable compliance costs. The EU seems to have taken note. This proposal revisits two of the most commonly debated areas: the rules around AI data training and those ever-flashing cookie consent banners.

Here’s why this matters. For those of us building or deploying AI systems, the use of data, especially personal data, is a grey area. GDPR, in its current state, limits access to data needed for AI training unless explicit user consent is obtained. And as for cookies, most users simply click “accept all” to avoid the hassle of customization, rendering the banners a cumbersome legal checkbox for businesses and an irritant for users.

Four Key Highlights from the Proposal

The updated framework focuses on making GDPR easier to implement while reducing compliance burdens. Let’s go through the essentials.

1. Access to Training Datasets for AI
   The EU plans to loosen the legal grip on how user data can be used for training AI models. Companies will now be allowed to use certain datasets without explicit upfront consent, provided they pseudonymize or anonymize the data adequately. This adjustment could level the playing field for startups that have struggled to compete with larger firms holding proprietary datasets.

2. Clarifying ‘Non-Personal’ Data
   Data classification will be revised to include clearer distinctions on what constitutes pseudonymized or anonymized information. Once datasets cross into “non-personal” territory, they may be shared and reused more freely. This clarity benefits sectors like health tech and e-commerce, where massive data volumes are essential for AI-driven personalization.

3. Reduced Cookie Banner Intrusions
   The EU wants to address the fatigue caused by countless cookie pop-ups. Websites may soon display banners less frequently, particularly where low-risk cookies (e.g., website performance trackers) are involved. Users may also set privacy preferences directly at the browser level rather than toggling settings across multiple websites.

4. Simplifying Oversight for AI Systems
   The heavier reporting burden currently placed on businesses implementing “high-risk AI systems” is set to be delayed until late 2027. Oversight for many AI systems would shift from scattered local bodies to a centralized EU AI Office. Centralized monitoring reduces administrative complexity for cross-border companies.

How This Affects Your Business

For entrepreneurs and freelancers working with AI, these changes present exciting opportunities to innovate while lowering operational risk. If you’re developing AI systems, here’s what you’ll gain:

• Unhindered data flows: Training your AI on real user behaviors becomes viable without jumping through consent loopholes every time.
• Fewer compliance uncertainties: Clearer rules around pseudonymization keep you safer from legal disputes.
• Time savings: Automatic cookie signals at browsers mean fewer resources wasted designing GDPR-compliant interfaces.

But there’s another side to this. Privacy-focused startups may need to adapt their services to changing consumer expectations, as fewer users actively engage with cookie opt-ins or data management tools.

A Step-By-Step Guide: Preparing for the Changes

1. Audit Your AI Datasets
   Review which datasets in your current system qualify as pseudonymized or anonymized. Begin adjusting data storage and processing frameworks to align with the proposed classifications.

2. Streamline Compliance Tools
   If privacy signals move to browser-level settings, anticipate the need to modify your website’s cookie collection processes. Consult your web development or legal teams for necessary updates.

3. Engage in Sandbox Experiments
   EU regulatory sandboxes, a type of virtual test environment for applications like AI, are expected to expand. Check whether you qualify to join these for pre-market tests, especially if you’re developing innovative AI models.

4. Educate Your Team
   GDPR simplifications won’t take full effect until they pass through legislative voting. Meanwhile, explain the possible changes to your team so they can adjust compliance workflows and technical development processes ahead of time.

Common Mistakes That Entrepreneurs Should Avoid

• Underestimating Transition Periods: These changes won’t bypass existing GDPR complexities overnight. Fully simplified rules may not take effect until 2026–2027.
• Over-reliance on Anonymization: Anonymizing data doesn’t eliminate all privacy concerns. Testing for compliance remains crucial before scaling.
• Neglecting Browser-Based Trends: With cookie control shifting into browsers, businesses that fail to adapt their ecosystems may find themselves excluded from potential users' preferences.

A Balanced Perspective on Privacy vs. Innovation

As someone who’s spent the better part of two decades creating and leading startups, I’ve often felt torn between ensuring user privacy and scaling data-dependent services. While the GDPR was necessary to curb negligent data practices, it’s clear that Europe might fall behind in AI advancements when competing with global giants like the U.S. and China.

These proposed adjustments could create a healthier balance. That said, transparency remains essential. Businesses must strive to explain how improvements in AI, spurred by broader access to data, directly benefit the end user.

Wrapping Up

The European Commission’s move toward simplifying GDPR is timely and shows its willingness to adapt to emerging business realities. If you’re running an AI-driven business or simply trying to keep up with privacy trends, now’s the time to start preparing. Being proactive rather than reactive could save you countless headaches when the laws eventually shift.

For the full proposal, visit the European Commission’s Digital Omnibus overview. And keep an eye on the discussions as this proposal gets debated further by the EU Parliament in 2026.

FAQ on EU's Plan to Simplify GDPR

1. What are the key changes in the GDPR under the Digital Omnibus proposal?
The proposal aims to relax requirements in GDPR by clarifying when data becomes "non-personal," expanding cookie exemptions for non-risk trackers, and streamlining AI compliance procedures. Learn more about the EU's GDPR proposal

2. How will the changes affect AI training data?
Companies will be allowed to use personal data for AI training without explicit user consent, provided the data is pseudonymized or anonymized. This change simplifies AI training processes. Explore European Commission reforms

3. What does the proposal mean for cookie consent regulations?
The proposal reduces banner fatigue by limiting pop-ups for low-risk cookies and enforcing browser-based privacy signals to manage preferences across multiple websites. Discover the proposed cookie changes

4. What does the change in "personal" vs. "non-personal" data mean for businesses?
New definitions will simplify the classification of pseudonymized and anonymized data, allowing easier sharing and reuse for AI and other applications. See how data classification is evolving

5. What are the impacts on high-risk AI systems compliance?
The deadlines for implementing stricter rules on high-risk AI systems have been delayed from August 2026 to December 2027, reducing immediate compliance burdens on businesses. Learn about AI compliance changes

6. How will the changes impact startups and small businesses?
Startups will benefit from clearer compliance rules, centralized oversight by the EU AI Office, and reduced barriers to accessing training datasets. Read about benefits for entrepreneurs

7. What are the browser-based privacy signal requirements?
Websites may need to respect browser-level privacy settings, reducing the need for individual consent banners across websites. This marks a significant user-friendly shift in managing privacy controls. Learn more about browser-based signals

8. What are the privacy concerns about these changes?
Critics argue that the changes may undermine user protections by making GDPR subjective, particularly with the looser requirements for AI training on user data. Understand privacy concerns about the proposal

9. When will these proposed changes take effect?
The changes are currently at the proposal stage. Approval from the EU Parliament is expected by 2026, with full implementation likely by late 2026 or 2027.

10. How can businesses prepare for the proposed changes?
Businesses should audit their datasets to ensure compliance with pseudonymization and anonymization rules, simplify cookie collection processes, and monitor updates on the legislative process. Joining the EU sandbox program to test AI solutions can also help businesses adapt. Explore how to prepare for GDPR changes

About the Author

Violetta Bonenkamp, also known as MeanCEO, is an experienced startup founder with an impressive educational background including an MBA and four other higher education degrees. She has over 20 years of work experience across multiple countries, including 5 years as a solopreneur and serial entrepreneur. Throughout her startup experience she has applied for multiple startup grants at the EU level, in the Netherlands and Malta, and her startups received quite a few of those. She’s been living, studying and working in many countries around the globe and her extensive multicultural experience has influenced her immensely.

Violetta Bonenkamp's expertise in CAD sector, IP protection and blockchain

Violetta Bonenkamp is recognized as a multidisciplinary expert with significant achievements in the CAD sector, intellectual property (IP) protection, and blockchain technology.

CAD Sector:

• Violetta is the CEO and co-founder of CADChain, a deep tech startup focused on developing IP management software specifically for CAD (Computer-Aided Design) data. CADChain addresses the lack of industry standards for CAD data protection and sharing, using innovative technology to secure and manage design data.
• She has led the company since its inception in 2018, overseeing R&D, PR, and business development, and driving the creation of products for platforms such as Autodesk Inventor, Blender, and SolidWorks.
• Her leadership has been instrumental in scaling CADChain from a small team to a significant player in the deeptech space, with a diverse, international team.

IP Protection:

• Violetta has built deep expertise in intellectual property, combining academic training with practical startup experience. She has taken specialized courses in IP from institutions like WIPO and the EU IPO.
• She is known for sharing actionable strategies for startup IP protection, leveraging both legal and technological approaches, and has published guides and content on this topic for the entrepreneurial community.
• Her work at CADChain directly addresses the need for robust IP protection in the engineering and design industries, integrating cybersecurity and compliance measures to safeguard digital assets.

Blockchain:

• Violetta’s entry into the blockchain sector began with the founding of CADChain, which uses blockchain as a core technology for securing and managing CAD data.
• She holds several certifications in blockchain and has participated in major hackathons and policy forums, such as the OECD Global Blockchain Policy Forum.
• Her expertise extends to applying blockchain for IP management, ensuring data integrity, traceability, and secure sharing in the CAD industry.

Violetta is a true multiple specialist who has built expertise in Linguistics, Education, Business Management, Blockchain, Entrepreneurship, Intellectual Property, Game Design, AI, SEO, Digital Marketing, cyber security and zero code automations. Her extensive educational journey includes a Master of Arts in Linguistics and Education, an Advanced Master in Linguistics from Belgium (2006-2007), an MBA from Blekinge Institute of Technology in Sweden (2006-2008), and an Erasmus Mundus joint program European Master of Higher Education from universities in Norway, Finland, and Portugal (2009).

She is the founder of Fe/male Switch, a startup game that encourages women to enter STEM fields, and also leads CADChain, and multiple other projects like the Directory of 1,000 Startup Cities with a proprietary MeanCEO Index that ranks cities for female entrepreneurs. Violetta created the "gamepreneurship" methodology, which forms the scientific basis of her startup game. She also builds a lot of SEO tools for startups. Her achievements include being named one of the top 100 women in Europe by EU Startups in 2022 and being nominated for Impact Person of the year at the Dutch Blockchain Week. She is an author with Sifted and a speaker at different Universities. Recently she published a book on Startup Idea Validation the right way: from zero to first customers and beyond, launched a Directory of 1,500+ websites for startups to list themselves in order to gain traction and build backlinks and is building MELA AI to help local restaurants in Malta get more visibility online.

For the past several years Violetta has been living between the Netherlands and Malta, while also regularly traveling to different destinations around the globe, usually due to her entrepreneurial activities. This has led her to start writing about different locations and amenities from the POV of an entrepreneur. Here’s her recent article about the best hotels in Italy to work from.