The EU AI Act Newsletter #101: Trilogue Breakdown

Talks on delaying the AI Act collapse over industrial AI, Merz diverges from his coalition partner, and Parliament invites Anthropic to a hearing on the Mythos model.

Welcome to the EU AI Act Newsletter, a brief biweekly newsletter by the Future of Life Institute providing you with up-to-date developments and analyses of the EU artificial intelligence law.

Legislative Process

EU legislators fail to clinch deal to delay AI law: Pieter Haeck from POLITICO describes how EU legislators failed to agree on a rollback of the bloc’s AI rules, with requirements for machinery and medical devices emerging as the main sticking point. After hours of talks, negotiators from the European Parliament and EU countries parted ways without a deal that would have delayed a key part of the AI Act until December 2027 and banned AI nudification apps, and no date has been set to resume discussions. Because new rules for high-risk AI applications are due to apply this August, the collapse tightens the timeline to avoid legal uncertainty. At the heart of the dispute, the centre-right in Parliament, backed by Germany, is pushing to let products such as machinery and medical devices comply with sectoral law rather than the AI Act, a move opposed by several member states and the centre-left.

Merz’s coalition partner opposed his push to cut EU’s AI rules: Maximilian Henning, reporting for Euractiv, reveals that German Chancellor Friedrich Merz was not aligned with his coalition partner, the Social Democrats, in his last-ditch push to cut the EU's rules for industrial AI. The debate gained prominence on the night after Parliament and Council failed to agree on a deal to "simplify" the AI Act, with Merz's EPP pressing for the cuts he had previously advocated for in Parliament, describing EU rules as a "corset" on industrial AI. Just a day before the supposedly final trilogy, Social Democrat group in Germany’s parliament sent a letter to its European lawmakers titled “VERY URGENT! Trilogue on AI Digital Omnibus”. They urged opposition to any weakening of the AI Act’s horizontal approach and warned that the proposed changes would bring significant risks, create inconsistent rules, lead to gaps in protections and be better for foreign companies than for European ones.

European Parliament invites Anthropic to hearing on Mythos model: Turning from the trilogue, Haeck reports for POLITICO that the European Parliament's internal market committee has invited Anthropic to a hearing on Wednesday on the superhacking Mythos model, which the company decided not to release over fears it could exploit software vulnerabilities. According to a draft agenda, the hearing will address the "safety and cybersecurity risks potentially posed by advanced AI systems" and their relation to EU regulation, with Anthropic's head of public policy Sarah Heck, EU tech chief Henna Virkkunen, AI Office boss Lucilla Sioli and a representative from ENISA all invited.

Anthropic briefed Commission on Mythos’ cyber risks: In a related POLITICO piece co-authored with Kathryn Carlson, Haeck adds that the Commission has received more information directly from Anthropic, with spokesperson Thomas Regnier stating that the company briefed the EU executive on “technical details around the cyber capabilities and risks” of the model, whilst both sides also addressed Project Glasswing, a coalition of trusted tech and cyber firms assembled by Anthropic to patch vulnerabilities. More broadly, Anthropic is in regular contact with the EU’s AI Office, as it has signed on to the EU’s set of best practices for the most complex and advanced models, under which it is expected to address and mitigate cybersecurity risks.

Analyses

How the EU and UK can learn from Anthropic’s Mythos: Jimmy Farrell, EU AI Policy Co-Lead for Pour Demain, argues in Tech Policy Press that Anthropic's Claude Mythos Preview marks a significant jump in the ability of AI to automate complex cyber-attacks, having uncovered thousands of vulnerabilities in critical internet infrastructure and becoming the first model to autonomously complete all 32 steps of the UK AI Security Institute's corporate network attack simulation. In response, UK AISI published comprehensive cyber-capability testing within six days, followed by a UK government letter to business leaders, although Farrell notes this approach still relies on the voluntary goodwill of providers. By contrast, the EU's AI Act already addresses systemic risks from offensive cyber capabilities along the entire model lifecycle, including pre-training, giving the AI Office a legal basis to seek some oversight over Mythos if it is planned for deployment in the EU market. Farrell therefore recommends combining UK-style technical expertise with EU regulatory power and strengthening institutional tools such as the Scientific Panel, Advisory Forum and third-party evaluations, whilst calling for stronger international standards given that OpenAI has announced a comparably capable model, GPT-5.4-Cyber, to be released less restrictively.

The EU AI Office must prioritise setting up the Advisory Forum: 35 organisations and researchers are calling on the EU AI Office to clarify the timeline and process for establishing the Advisory Forum, the only formal mechanism ensuring civil society voices are part of AI Act implementation. Although the call for expression of interest closed in September 2025, seven months later the Forum has still not been established and no clear timeline has been shared despite requests. In the meantime, the signatories warn that discussions on issues such as prohibited uses, high-risk classification and fundamental rights obligations take place largely between EU institutions and Brussels-based stakeholders, risking the exclusion of underrepresented perspectives. Furthermore, they believe the Forum’s absence has been a missed opportunity to rigorously test the AI Omnibus. This debate has so far been confined to “Reality Checks” involving a small, predominantly industry-focused group. Consequently, they urge the AI Office to prioritise establishing the Forum and fostering meaningful civil society participation beyond it.

AI Act could force universities to ‘change everything’: Seher Asaf, Europe reporter at Times Higher Education, writes that many European universities may have to change everything about how they use AI once the AI Act's provisions come into force, according to Thomas Jørgensen of the European University Association. In particular, Jørgensen singled out the growing practice of academics using tools such as ChatGPT to assess student work. He cautioned that such informal applications could potentially violate the legislation. The Act mandates a range of requirements for both users and providers when AI is used for assessment and large language models might not meet transparency and training data criteria. Moreover, he noted that these compliance challenges would extend to universities that have set up their own formal AI tools, although clarity remains limited until guidelines from the AI Office are published. Looking further ahead, he warned that widespread reliance on the same US-trained commercial models across Europe risked eroding intellectual diversity, pointing to European alternatives such as EuroLLM given that "the big US models don't really cut it for us".

Tools & Resources

A new AI Act Explorer (BETA): Built and maintained by the Future of Life Institute, the updated AI Act Explorer offers a navigable interface to the text of the AI Act, with features including the ability to compare provisions across languages, and now also covering implementation instruments such as the Scientific Panel and the Code of Practice. Readers can use it as a companion resource when following the implementation developments covered in this edition, whilst bearing in mind that this is a BETA product currently hosted at explorer.artificialintelligenceact.eu and that this is not the final URL of the web tool.