• The National Security "Blanket Exemption": Grounded in Article 4(2) of the Treaty on European Union (TEU), the Council secured a total carve-out for AI systems used solely for military, defense, or national security purposes. This exemption also extends to private defense contractors
  • Confidential Database Partitions: While the Parliament wanted transparency, the Council successfully lobbied for a confidential, non-public partition of the EU database for sensitive police and border surveillance tools
  • RBI Friction: The Council fought for law enforcement's right to use Remote Biometric Identification (RBI) in real-time to prevent terrorist threats or track suspects of serious crimes

The Institutional Battlegrounds of the EU AI Act

The journey of the AI Act was not merely a technical drafting exercise but a highly
contested geopolitical and institutional struggle. The final text reflects a fragile
balance between three competing visions: market safety, fundamental rights, and
national sovereignty.

The European Commission: The Product Safety & Vision

The Commission’s original philosophy was built upon the New Legislative Framework
(NLF), traditionally used for European product safety legislation (like rules for lifts or machinery).

  • Regulatory Philosophy: The Commission proposed a proportionate, risk-based classification to avoid "choking" Europe's nascent AI ecosystem
  • Enforcement Architecture: Beyond just the AI Office, the Commission proposed a decentralized enforcement model where Member States designate "notifying authorities" (to accredit third-party testers) and "market surveillance authorities" (for post-market checks)
  • The AI Board: Originally envisioned as a body to ensure harmonized implementation across all 27 Member States

The European Parliament: Rights, Transparency, and "Deployer" Duties

Parliament sought to significantly expand the scope of the Act to protect citizens from state and commercial surveillance.

Fundamental Rights Impact Assessments (FRIAs): Lawmakers successfully insisted that deployers (public bodies, banks, or hospitals) - not just the developers - must evaluate how high-risk AI impacts local populations before nasazení (deployment).

The Public Database: Parliament demanded that public authorities must register their use of high-risk systems in an EU-wide public database, making state algorithmic use transparent to civil society.

Algorithmic Accountability: They pushed for stricter transparency for "Very Large Online Platforms" (VLOPS) to disclose how their recommender systems demote or promote content.

 

The Council: Policing Power and "Article 4(2)"

Representing national governments, the Council focused on preserving "sovereign domains".

The National Security "Blanket Exemption": Grounded in Article 4(2) of the Treaty on European Union (TEU), the Council secured a total carve-out for AI systems used solely for military, defense, or national security purposes. This exemption also extends to private defense contractors

Confidential Database Partitions: While the Parliament wanted transparency, the Council successfully lobbied for a confidential, non-public partition of the EU database for sensitive police and border surveillance tools

RBI Friction: The Council fought for law enforcement's right to use Remote Biometric Identification (RBI) in real-time to prevent terrorist threats or track suspects of serious crimes

The Geopolitical "Sovereign Lobby" (Key Member States)

The negotiations reached a dramatic deadlock in late 2023 due to the intervention of the EU's three largest economies, often called the "Sovereign Lobby".

France (Mistral AI & Cédric O): The French government’s position was heavily shaped by a domestic lobbying campaign led by Mistral AI co-founder Cédric O. They argued that strict rules for foundation models were an "existential threat" to European tech. President Macron famously warned against "overregulation" that would handicap domestic champions

Germany (The Merz Turn & Industrial AI): Initially, the German "traffic light" coalition was split. However, the position hardened under Chancellor Friedrich Merz, who pushed for an "Industrial AI Carve-out". This led to the 2026 compromise where AI-enabled industrial machinery is regulated under the Machinery Regulation instead of the AI Act to avoid double compliance

Italy (Criminal Sanctions & Minors): Italy’s Law 132/2025 went further by criminalizing unauthorized data scraping (Article 171) and introducing 1–5 years of imprisonment for harmful deepfakes. They also set a strict age of consent: children under 14 cannot use AI systems without parental consent

The Technical Compromise: The "FLOPs" Threshold

To resolve the dispute over General-Purpose AI (GPAI), the institutions agreed on an objective technical threshold.

Compute-Based Regulation: All GPAI models must follow basic transparency and copyright rules

Systemic Risk: Any model trained with a total compute exceeding 10²⁵ FLOPs (floating-point operations) is presumed to have "high-impact capabilities" and must follow much stricter safety mandates, including adversarial testing and incident reporting

  • Fundamental Rights Impact Assessments (FRIAs): Lawmakers successfully insisted that deployers (public bodies, banks, or hospitals) - not just the developers - must evaluate how high-risk AI impacts local populations before nasazení (deployment)
  • The Public Database: Parliament demanded that public authorities must register their use of high-risk systems in an EU-wide public database, making state algorithmic use transparent to civil society
  • Algorithmic Accountability: They pushed for stricter transparency for "Very Large Online Platforms" (VLOPS) to disclose how their recommender systems demote or promote content

Create Your Own Website With Webador