European Parliament blocks AI on lawmakers’ devices, citing security risks

The European Parliament has reportedly barred lawmakers from using built-in AI features on their official work devices, citing cybersecurity and privacy concerns about sending confidential material to cloud-based systems.

According to an email viewed by Politico, the Parliament's IT department said it cannot guarantee the security of information uploaded to AI providers' servers. The message added that the full scope of what data may be shared with AI companies is "still being assessed."

Because of those uncertainties, the email said, "It is considered safer to keep such features disabled."

The concern is that using AI chatbots — such as Anthropic's Claude, Microsoft's Copilot, or OpenAI's ChatGPT — can involve transmitting user content to systems operated by companies that are subject to U.S. jurisdiction. In practice, that means U.S. authorities can compel firms running these services to hand over user-related information.

There's also the risk posed by the number of AI systems being trained and improved. Chatbots commonly rely on user-provided inputs and uploads to refine their models, which can raise the possibility that sensitive details shared by one person could be retained, surfaced, or inadvertently exposed in ways that are difficult for users to understand or control fully.

Europe is known for having some of the world's strongest data protection rules. But the European Commission — the EU's executive branch — last year floated legislative proposals to loosen parts of those protections, making it easier for large tech companies to train AI models on Europeans' data. That effort drew criticism from opponents who argued it would effectively concede ground to U.S. technology giants.

The Parliament's decision to limit access to AI tools on official devices comes as several EU member states are reassessing their dependence on U.S. tech firms, which remain subject to U.S. law and what some describe as increasingly unpredictable political pressure from the Trump administration.

In recent weeks, the U.S. Department of Homeland Security has sent hundreds of subpoenas to U.S. technology and social media companies seeking information on individuals — including Americans — who have publicly criticised Trump administration policies. Google, Meta, and Reddit complied in multiple instances, even though no judge issued the subpoenas, and a court did not enforce them.