Technological Innovation: Regulatory Advances in the EU?

On 13 February 2026, Professor Iris Eisenberger, Professor of Innovation and Public Law at the University of Vienna, delivered a seminar at NUS Law examining the European Union’s evolving digital regulatory framework, with a focus on the EU AI Act.

She situated the AI Act within an emerging EU “digital constitution” comprising numerous instruments governing data, platforms, cybersecurity, and artificial intelligence, including the GDPR, Digital Services Act, Digital Markets Act, and related measures. A proposed “Omnibus” package seeks to streamline these overlapping regimes.

The AI Act is primarily a product law instrument grounded in EU market harmonisation powers. Unlike the GDPR’s rights-based approach, it regulates system behaviour by translating fundamental rights and rule-of-law principles into technical standards. It adopts a risk-based framework categorising AI systems as unacceptable, high, limited, or minimal risk.

High-risk systems — such as those used in biometrics, critical infrastructure, employment, law enforcement, and the administration of justice — are subject to extensive obligations, including risk management, data governance, documentation, human oversight, and cybersecurity safeguards. General-purpose AI models presenting “systemic risks” face heightened compliance duties. Enforcement is shared between national authorities and the EU AI Office, with significant financial penalties for non-compliance.

Professor Eisenberger highlighted the Act’s horizontal scope and its integration of fundamental rights into product regulation, while noting challenges such as complex standard-setting processes, uneven enforcement capacity, and ongoing political recalibration. She concluded by questioning whether the EU’s comprehensive and technical model can effectively balance innovation, market integration, and rights protection, and reflected on comparative approaches, including Singapore’s incremental, sandbox-based framework.