First of all, it looks like good news: The EU Commission gave up on the ePrivacy Regulation and the AI Liability Act (see Annex IV: Withdrawals). This means less regulation in the digital space which is quite welcomed in a time of new digital laws growing like mushrooms.
Lets have a bit of a closer look:
(i) ePrivacy Reg: The reasoning by the Commission for withdrawing from this project: “No foreseeable agreement – no agreement is expected from the co-legislators. Furthermore, the proposal is outdated in view of some recent legislation in both the technological and the legislative landscape.”
→ This is true. However, the existing rule (Art. 5 (3) ePrivacy Directive) is even more outdated. Authorities are now starting to stretch the wording beyond its borders. Organizations are struggling with this and can't plan. If the Commission pulls back, authorities should accept the narrow wording of Art. 5 (3) ePrivacy Directive and stop at “beyond the scope interpretations”.
(ii) AI Liability Directive: The reasoning by the Commission for withdrawing from this project: “No foreseeable agreement - the Commission will assess whether another proposal should be tabled or another type of approach should be chosen.”
→ This is true. Less criticism here. In our view, the standard liability regimes under civil law and also the updated Product Liability Directive, that now also shall cover software, should suffice.
In the end: Good news and bad news. There is at least clarity about the plans. If you have time, go through the 2025 Working Programme. It helps to understand where the policy of the Commission is heading.