Concerns over the AI Omnibus, Europe’s lack of digital sovereignty, and online safety dominated discussions ahead of the EC’s proposal for a Cloud and AI Development Act 

The AI Omnibus took centre stage as policymakers looked ahead to the next round of trilogue negotiations

From 5-7 May 2026, in Brussels, POLITICO hosted its AI and Tech Week in Brussels. The first day saw panellists delve into key digital regulatory issues, with the EC’s Digital and AI Omnibus proposals clearly top of mind for most speakers. Although views on the packages varied, there was broad concern that the AI Omnibus would not be agreed upon in trilogue negotiations before some of the AI Act’s high-risk obligations were set to come into force on 2 August 2026 (the package was agreed on 7 May 2026). Aside from this, panellists were anything but refrained in their criticisms of the two simplification packages. Aura Salla (MEP, EPP) complained that the legislative processes were moving too slowly and that neither package was focused on the right elements of the GDPR or AI Act. Sergey Lagodinsky (MEP, Greens) was less critical of the proposals themselves, but more of the trilogue negotiations that had failed to reach an agreement at that point, citing a “meltdown” of the original EC proposals. Lagodinsky stressed that “whining” about EU regulation such as the GDPR or the AI Act is not productive, and that these rules cannot be taken seriously if they are reopened at every opportunity.

There was limited praise for the DSA amidst increasing concerns about online safety

Some panellists praised the EC’s enforcement actions under the Digital Services Act (DSA) so far, with Renate Nikolay (Deputy Director General, DG CNECT) highlighting its 17 ongoing enforcement investigations into platforms such as TikTok, Instagram and X. Nikolay also hinted that more action on children's online safety can be expected from the EC in the coming months. Mary Hugon (Lead Regulatory Counsel, TikTok) was relatively less complimentary about the DSA, and called on the EC to establish more guidance under the regulation, particularly in relation to its interplay with the GDPR. Hugon argued that the process for accessing the EC’s evidence of alleged DSA violations should be improved – Nikolay explained that the EC is working on this issue, but warned that firms often make claims about such procedural issues to avoid findings that they breached law. As the topic of potential social media bans for children unsurprisingly reared its head, Christel Schaldemose (MEP, Social Democrats) argued that no new guidelines are needed on the issue, asking “how hard can it be?” for platforms to ensure underage users are not able to access their services.

A highly-anticipated tech sovereignty package is due within the coming weeks

Day 2 of the event centred on the issue of digital sovereignty, described as representing the intersection of technology, regulation and geopolitics. Thomas Courbe (Director General for Enterprises, Ministry of the Economy and Finance, France) signposted the joint work the French and German Governments are doing to reach a common definition of sovereignty, outlining his hope that the EC takes it into account in the forthcoming Cloud and AI Development Act (CAIDA) proposal. Sourbe hinted that this definition would not necessarily reflect where a company comes from but would centre on the added value it generates for the EU and level of control the bloc has over its solutions. Thibaut Kleiner (Director for Future Networks, DG CNECT, EC) appeared to agree with this point of view, stating that CAIDA (as part a wider tech sovereignty package due from the EC on 27 May 2026) is not intended to be exclusionary, but about European developing and co-developing capabilities, rather than just “buying them in”. Arba Kokalari (MEP, EPP) sought to quantify that dependence, claiming that 80% of digital services and products used within the EC come from abroad. In her view, sovereignty means the ability of European firms to scale globally and export their services – something critical for the region to have any hope of winning the tech race.

Tensions rose as Cristina Caffarra (Founder and Chair, EuroStack) and Daniel Friedlaender (Senior Vice-President & Head of Office, CCIA Europe) clashed on both the nature of the challenges facing Europe and the potential solutions to them. Caffara stated that she was disturbed by the framing of the region’s problems as superficial, seeing them as “deeply existential”. Caffara claimed that unless Europe builds its own assets and infrastructure, it would not capture value or drive productivity growth, ultimately having no agency over its industrial future. With this point, she found an ally in Kleiner, who argued that it was time for EU policymakers to be assertive or risk becoming a “technological colony”. Friedlaender welcomed the work by those same policymakers on regulatory simplification, imploring them to push back against “protectionist urges” and to tackle the barriers to genuine domestic champions scaling in Europe and from Europe. With Caffara stating that it should not be a scandal to suggest that a share of taxpayer money goes into buying European solutions, Friedlaender stated that every example of “heavy-handed” buy local policies has failed even if well-intentioned. The two panellists then took aim at each other directly, with Caffara claiming (after making plain that it was her turn to speak) that Friedlaender was effectively advocating the protection of market share (of CCIA’s members) through “PR” and “nice arguments” and a scenario whereby Europe would be allowed to build to a limited extent on top of US infrastructure, rather than “grow the overall cake” in terms of its own tech industry. Of course, Friedlaender rejected the suggestion, stating that his desire was “a cake that does not crumble when you cut the first slice”. While this felt like it stretched the analogy somewhat, it nevertheless reflected the passion the topic of digital sovereignty is generating, especially at such typically cordial Brussels-based events.

Services provided in Europe by foreign providers cannot be considered sovereign

The subsequent panel debated the future of cloud services in Europe and the optimal mix of open source and proprietary software in the region’s so-called tech stack. Frank Karlitschek (CEO and Founder, Nextcloud) stated that a dependency on US firms enables the “blackmail” of European businesses and public institutions, arguing the need for rules that outline a preference for European open source solutions generally and a mandate for them in critical infrastructure – an approach he said is taken by other countries around the world. Ilias Chantzos (Head of Global Privacy & EMEA Government Affairs, Broadcom), stated that he was not convinced of the need for Europe to rely fully on open source but acknowledged that it would play a role – and that it should be enabled by public procurement mechanisms. Domitille Legrand (Projects Director, Cloud, HPC, Data centres, Quantum computing, Ministry of Economics and Finance, France) echoed Sourbe’s earlier comments, stating that France advocates a balanced approach – i.e. not excluding foreign investors so long as they contribute to the European ecosystem. However, she agreed with Karlitschek that CAIDA should introduce a European preference, with stricter rules in respect of the most sensitive data and sectors.

With Chantzos concerned by the scope for domestic cloud solutions to be the subject of “sovereignty washing”, Karlitschek stressed that services provided in Europe by tech firms such as Google could not be considered sovereign given the real risk of a “kill switch” that would allow the US Government to shut the them down. Karen Massin (Head Government Affairs and Public Policy - EU Institutions, Google) did not address this accusation head on, stating her view that “no one country can go it alone” from a technology perspective and suggesting that self-sufficiency in this context is actually something that comes about within a partnership.

The Chinese Government is concerned by the EC’s CSA2 proposals

With the impact of geopolitics a golden thread that weaved itself through the event, the conversation then turned to the matter of cybersecurity and if/how legislation should change to tackle evolving threats. Against this backdrop, Markéta Gregorová (MEP, Greens), Rapporteur on the revised Cybersecurity Act (or CSA2), underlined the shared importance of the proposals across the European Parliament, welcoming the EC’s choice of a regulation over a directive, stating that its use of the latter for NIS2 was a “mistake”. Noting that the Council may yet disagree, Gregorová stated that the Parliament does not currently foresee the development of a blacklist of countries that are of concern, and therefore which firms would be excluded as high-risk suppliers. She recognised that the current focus of the proposals may be on Chinese firms, but suggested that Europe’s list of chosen partners may change over time. As such, the CSA2 could impact US companies if they did not comply with its requirements, pointing to enforcement of the DSA as an example of the kind of regulatory action that Europe might take. Antonia Hmaidi (Senior Analyst, Mercator Institute for China) stated that the Chinese Government is taking the "unprecedented" CSA2 proposals seriously given the level of sales derived from the EU market, with its concerns reflected in an estimate from the China Chamber of Commerce to the EU that they would cost the bloc nearly €370bn (£320bn) over a five-year period.

After Australia, more age-based social media restrictions are coming

The day’s final session sought to tackle the hot topic of social media restrictions for children, with a straw poll of attendees suggesting that half were in favour of introducing some sort of ban. Martin Harris-Hess (Head of Protection of Minors Online, DG CNECT, EC) described bans as “emotionally-laden”, but recognised that age-related restrictions are possible and increasingly forthcoming even if (as Australia has shown) they face practical challenges to implement. Nevertheless, in his view, “where there is a will, there is a way”. Sonia Livingstone (Professor, London School of Economics and Political Science) argued that children should be part of this conversation, as they derive benefits from social media, including talking to friends and family, watching videos and consuming news. While seeing outright bans as too simplistic, she considered that regulation could have vital “cultural signalling” as even if social media was perfectly safe, society would not want children on it 24/7. Cieltje Van Achter (Minister for Brussels and Media, Government of Flanders) described her department’s action plan for safer social media, which is focused on two pillars: 1) stronger media literacy and support for parents; and 2) the end to harmful practices (e.g. TikTok’s addictive design features). Speakers sought to reach consensus on the appropriate age gate for social media, with Van Achter considering that 13 could be a relevant benchmark as it aligns with platforms’ current terms and conditions. For Livingstone, the right age is so difficult to pinpoint because of how prominent social media has become, adding that society wants young people to experience the benefits of online services as soon as possible, while being protected from unsafe spaces for as long as possible.