The vibe in Paris around the AI Action Summit feels strikingly different from Brussels. It’s not even the call to pivot away from over-regulation (you can hear that in Brussels). The difference is that, refreshingly, the call seems earnest (in Brussels it very much isn’t). And there are signs—from the GDPR world—that France is trying to charter a new French Way of AI policy. However, there are also signs that France finds old habits hard to abandon, so it’s unclear whether this pivot will take off. And even if France executes the pivot, I worry it will be sabotaged by EU officials. Maybe a French-Polish pro-growth coalition could be a solution?

In brief, here are the signs from Paris worth noting beyond the headline news:

• The French GDPR enforcer, CNIL, published new guidelines on how it will apply the privacy law to AI. My review: this is a serious attempt to enable AI development and use - the best I’ve seen in the EU.* However, even under the CNIL guidelines the bigger players will be significantly advantaged due to compliance costs.

• Reportedly, France intends to join Germany and the Netherlands in a call to extend the EU’s Digital Markets Act to cover AI, apparently arguing against reason and evidence that there is insufficient competition in the AI space and the EU DMA will improve it. This is clearly a bearish signal for the French pivot from overregulation.

The French Way on GDPR interpretation may end up sabotaged

As I wrote in Should the GDPR Prohibit AI? and in my text on the importance of cautious optimism, some activists and enforcers believe in an interpretation of the GDPR that would amount to a practical ban on AI as we know it. In The EDPB’s AI Opinion Shows the Need for GDPR Enforcement Reform, I noted that it was not politically possible for the EU data protection authorities to declare AI illegal under the GDPR, but 

They kept as much enforcement flexibility for themselves as possible, opening the doors for any EU national enforcers to impose billions-worth fines. Of course, the other side of that coin is that those who want to use AI in the EU have no idea if all their GDPR compliance efforts will be judged as not good enough in a year or two. If you have a choice, why wouldn’t you simply avoid the EU for an AI startup idea given this?

CNIL, the French data protection authority appears to try to go in a slightly different direction. For example, they were unafraid to label specific actions that AI developers and deployers can take “most likely” to comply with the GDPR. This may sound like faint praise, but that just shows how imbalanced and disproportionate GDPR enforcement is overall.

The issue is that CNIL’s guidance indicates only how the French authority will act. Any business providing or using AI in France and in other EU countries faces significant uncertainty. In such cross-border cases, the CNIL may end up being outvoted in the European Data Protection Board by more fundamentalist authorities as the Irish Data Protection Commission has already learned. 

In other words, for the French Way to work even for French businesses but with ambitions beyond France, it cannot be adopted just by France.

Is the pivot for real?

The reports that the French government supports extending the EU DMA to AI undermine the public statements about pivoting from over-regulation. 

One way to understand this potential move is through the lens of protectionism: the French government may think that it will be good for French businesses if the (American) “gatekeepers” are restricted. If that is the motivation then it also betrays lack of ambition, because it implies they don’t believe that French (or European) businesses like Mistral can achieve the level of market adoption that will then come with DMA restrictions.

Moreover, the experiences with DMA so far show that instead of benefiting consumers it is a form of legally-forced “enshittification” of services (e.g., the pointless removal of Google Maps links from Google search results). And instead of benefitting small and medium-sized businesses (e.g. hotels) it diminished their position compared to intermediaries. Is this what we want in AI?

A hope for a Polish-French pro-growth alliance

Setting this aside, let’s assume that the French Way, the pivot from over-regulation, is real. As my GDPR example showed, France cannot hope to succeed with it without a broader coalition within the EU. In fact, fixing the problems with GDPR enforcement requires procedural reform, i.e. a legal change that will likely face significant opposition in Brussels, despite the pro-growth slogans we’ve been hearing there recently.

Perhaps Poland is the ally that France needs. Donald Tusk, the Polish prime minister posted last week on X:

The revolt against regulation is inevitable! Whether someone in the EU likes it or not. The time is now!

Several days later, Tusk announced a new pro-growth strategy for Poland, calling for significant deregulation and deputizing a leading entrepreneur, Rafał Brzoska, with preparing reform plans. Unlike France, Poland does not yet have energy infrastructure to host large-scale AI computation, but like France, it has many talented engineers. Perhaps most importantly, Poland is hungry for growth. If the French government means what we heard at the AI Summit, then it seems like a natural alliance.

* With the exception of the famous Hamburg paper (which I discussed here), but that paper only covered the question whether AI models process personal data, whereas CNIL guidelines are much broader in scope.