German and EU Civil Society Warn Against Weakened AI Surveillance and Safety Rules
Civil society groups in Germany, including Amnesty International and the Chaos Computer Club, urged the government to withdraw draft laws that would expand digital policing powers through biometric internet searches and automated analysis of large police datasets using systems such as Palantir. Critics said the proposals from the justice and interior ministries lack judicial oversight, transparency, documentation requirements, and clear limits on data scope and analytical methods, creating risks of mass surveillance, discriminatory profiling, and intrusive scrutiny of victims, witnesses, and uninvolved people. Germany’s independent data protection authorities also concluded that the measures, as drafted, are incompatible with constitutional requirements and could effectively sidestep the EU AI Act’s ban on mass facial-image processing into biometric databases.
At the EU level, a coalition led by BEUC and 31 other organizations warned that the proposed AI Omnibus could dilute safeguards by exempting sectors such as medical devices, radio equipment, toys, and machinery from the AI regulation’s direct scope. The groups argued that existing sector-specific product rules do not address AI-specific harms including discrimination, opacity, and the evolving behavior of AI systems, and said the change would create regulatory gaps, fragmentation, and legal uncertainty rather than simplification. They warned that weakening the framework would undermine consumer protection, fundamental rights, and trust in European AI governance as trilogue negotiations continue.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
German cabinet advances AI and biometric surveillance bills
Germany’s federal cabinet advanced a legislative package allowing law enforcement to use automated biometric image matching and AI tools to search publicly available internet data using a facial photo. The move pushed the proposals forward despite ongoing criticism from privacy advocates and some lawmakers over risks of mass surveillance and digital dragnets.
Germany publishes 2025 police crime statistics
Germany’s 2025 police crime statistics showed a 5.6 percent year-over-year decline in recorded crime, with violent crime also down and sexual offenses up. BKA President Holger Münch said crime was becoming more digital and international, while Interior Minister Alexander Dobrindt used the figures to argue for tougher measures including expanded police powers such as automated data analysis and biometric internet searches.
Coalition warns against weakening EU AI rules in trilogue
A coalition led by BEUC and 31 other organizations warned that proposed simplifications in the AI Omnibus negotiations could dilute protections for consumers and fundamental rights. The groups argued that exempting sectors such as medical devices, toys, machinery, and radio equipment would leave AI-specific risks insufficiently regulated.
Civil society urges Germany to withdraw AI surveillance plans
Amnesty International, the Chaos Computer Club, and other civil society groups warned that draft laws from the Justice and Interior ministries would violate fundamental rights and should be withdrawn entirely. They said the proposals would enable mass surveillance, discriminatory profiling, and insufficiently supervised biometric and AI-driven policing.
Germany's data protection authorities reject AI policing drafts
Germany’s independent data protection authorities concluded that proposed federal powers for biometric internet searches and AI analysis of police datasets were incompatible with constitutional requirements and seriously endangered the rights of uninvolved people.
EU member states and Parliament adopt AI Omnibus positions
EU member states and the European Parliament adopted their negotiating positions on the AI Omnibus in March, advancing trilogue talks on possible changes to the AI regulation. One discussed proposal would exempt several product sectors from the regulation’s direct scope.
European Commission presents the AI Omnibus proposal
The European Commission presented the AI Omnibus package, starting the legislative process for proposed simplifications to EU AI rules. Later criticism focused on concerns that the package could weaken protections and create regulatory gaps.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
German officials advance legislation that would expand law enforcement use of surveillance technology | The Record from Recorded Future News
therecord.media
Open sourcePolizeiliche Kriminalstatistik: Kriminalitätsrate sinkt um fast sechs Prozent
netzpolitik.org
Open sourceKI-Risiken: Breites Bündnis warnt vor verwässerten KI-Regeln
netzpolitik.org
Open source„Keine verfassungskonforme Ausgestaltung möglich“: Zivilgesellschaft warnt vor Plänen für KI-Fahndung
netzpolitik.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
European Commission Proposes Deregulatory Changes to GDPR and AI Regulations
The European Commission has introduced a legislative package, known as the Digital Omnibus, aimed at simplifying and consolidating digital regulations across the European Union. This proposal seeks to merge multiple pieces of legislation into a single framework, streamlining rules on artificial intelligence, cybersecurity, and data management. A key component of the package is the relaxation of certain General Data Protection Regulation (GDPR) provisions, including delaying the enforcement of regulations on high-risk AI systems and permitting companies to use personal data for AI training without prior user consent in most cases. The initiative also includes the launch of a European Business Wallet to facilitate digital operations for companies and public sector bodies, and a new Data Union Strategy to unlock high-quality data for AI development. EU officials argue that these changes will reduce administrative burdens and compliance costs for businesses, fostering innovation and competitiveness within the bloc. However, the proposal has drawn criticism from privacy and digital rights advocates, as well as some political parties, who warn that it could significantly weaken data privacy protections that have been a hallmark of the EU's regulatory landscape. The legislative package must still be approved by the European Parliament and the Council of the European Union, and its future remains uncertain amid ongoing debate over the balance between innovation and fundamental rights.
Mar 21, 2026
Civil Society and Industry Opposition to EU Digital Omnibus and Encryption Backdoor Proposals
A coalition of 127 civil society organizations and trade unions has voiced strong opposition to the European Union's proposed Digital Omnibus changes, warning that these reforms could significantly weaken existing data protection and privacy laws such as the GDPR. The proposed legislation is criticized for potentially reducing safeguards on personal data, including genetic and biometric information, and for making it easier to use such data in AI training and online tracking. The coalition also expressed concern over the lack of transparency and democratic oversight in the legislative process, urging the European Commission to maintain robust digital rights protections. In parallel, more than 60 digital commerce and trade groups have called on governments worldwide to reject any efforts to weaken or bypass encryption, emphasizing that strong encryption is essential for user privacy, secure data protection, and trust in digital interactions. These groups argue that introducing backdoors or technical mandates for lawful access would undermine security for all users, outweighing any potential benefits for law enforcement. The letter comes amid ongoing debates in Europe and elsewhere about mandating access to encrypted data for criminal and national security investigations.
Mar 21, 2026
EU AI Act Imposes Risk-Based Rules on High-Risk and Biometric AI
The European Union has adopted Regulation (EU) `2024/1689`, creating a harmonised legal framework for the development, marketing, deployment, and use of AI systems across the bloc. The law applies a risk-based model that bans certain uses deemed unacceptable, including social scoring, manipulative AI, untargeted facial-image scraping, and some emotion-recognition and biometric-categorisation practices, while imposing mandatory obligations on high-risk AI systems. It also extends in some cases to providers and deployers outside the EU when AI outputs are intended for use in the Union. The regulation sets detailed requirements for high-risk AI used in areas such as critical infrastructure, education, employment, essential services, law enforcement, migration and border control, justice, and elections. Providers, importers, distributors, authorised representatives, and deployers must meet obligations covering risk management, data governance, technical documentation, logging, transparency, human oversight, robustness, accuracy, cybersecurity, post-market monitoring, accessibility, and AI literacy. The Act also places strict limits on real-time remote biometric identification in publicly accessible spaces, with narrow exceptions, authorisation requirements, and oversight, while preserving the application of existing EU rules on data protection, consumer protection, product safety, liability, and related sectoral frameworks.
May 26, 2026