The European Union’s AI Act has not proven to be another example of the “Brussels effect,” in which an EU regulation becomes the global standard, so global tech companies must tailor their artificial intelligence compliance plans by country and region, eBay’s chief privacy officer said today.
The European Union’s AI Act has not proven to be another example of the “Brussels effect,” in which an EU regulation becomes the global standard, so global tech companies must tailor their artificial intelligence compliance plans by country and region, eBay’s chief privacy officer said today. Speaking at a panel during a two-day privacy conference* in Washington, DC, Anna Zeiter of eBay said her team began implementing the EU AI Act two years ago, treating it as a “global gold standard.” The EU AI Act passed in 2024 and is still in the process of rolling out.
But she believes that Europe’s General Data Protection Regulation had more of a standardizing effect than the EU AI Act — “we see a very fragmented situation around the world when it comes to AI laws, AI regulations.”
Even as recently as a few months ago, Zeiter said, her team was thinking in terms of global best practices for AI. But now the company is focusing on bespoke plans for its four main jurisdictions — the US, the UK, the EU and Australia. “When you’re in Rio, you need to dance the samba,” she said.
Fellow panelist Jonathan Lin, head of legal at TikTok, broke global regions into two categories: highly-regulated on AI, and not. “We’re starting to see potentially this bifurcation of regions into the highly-regulated and the lightly-regulated. Maybe EU versus US, although in the US, there’s an asterisk for the state laws.”
One option for companies is to have one policy for each region, he said. “And to move your product from the lightly-regulated to the highly-regulated, there’s going to be a gate,” he added. “And there may be some additional retrofitting, maybe even retraining of AI models that needs to be done to move from lightly-regulated to highly-regulated.”
Marc Placzek, PayPal’s chief privacy officer until March of this year, said navigating all of this will require balance. Companies should start with one global framework, but understand that it won’t work everywhere. He offered an “80/20 rule,” where a company is 80 percent compliant and 20 percent accepting risk.
Toward the end of the panel, Placzek adjusted his target to 70/30 or even 60/40 in the AI space. “It will be a fragmented approach first. Because what will fly in China for sure won’t fly in Germany. It is what it is.”
*IAPP Global Privacy Summit 2025, Washington, DC, April 22-24, 2025.
Please e-mail editors@mlex.com to contact the editorial staff regarding this story, or to submit the names of lawyers and advisers.