European Union — AI Copyright Law

The Regulatory Landscape: The EU AI Act

The European Union has taken a fundamentally different approach to AI regulation than the United States. Instead of relying primarily on post-hoc litigation, the EU has enacted comprehensive, proactive legislation: the EU AI Act.

While the AI Act is primarily a product safety and fundamental rights framework, it explicitly addresses copyright issues, particularly for providers of General-Purpose AI (GPAI) models.

Transparency and Copyright Compliance under the AI Act

Under the AI Act, providers of GPAI models (like the creators of GPT-4, Claude, or Mistral) face strict copyright-related obligations:

1. Respect for EU Copyright Law: GPAI providers must establish policies to comply with EU copyright law, specifically regarding the identification of and adherence to creator opt-outs.
2. Detailed Summaries of Training Data: Providers must draw up and make publicly available a sufficiently detailed summary of the content used for training the GPAI model. This aims to give rights holders the necessary information to determine if their works were used.

Failure to comply can result in severe fines, emphasizing that in the EU, copyright compliance is an ex-ante regulatory requirement, not just an ex-post litigation risk. For a deep dive into the AI Act's phased implementation, see our AI Act Timeline Breakdown.

Training AI: The Text and Data Mining (TDM) Exception

In the EU, the legality of ingesting copyrighted works to train AI models revolves around the Directive on Copyright in the Digital Single Market (DSM Directive), specifically Articles 3 and 4 regarding Text and Data Mining (TDM).

TDM is defined as "any automated analytical technique aimed at analyzing text and data in digital form in order to generate information." The EU treats AI training as a form of TDM.

Article 3: Non-Commercial Research

Article 3 provides a mandatory exception allowing research organizations and cultural heritage institutions to conduct TDM on works to which they have lawful access, strictly for the purposes of non-commercial scientific research. Rights holders cannot override this exception via contract.

Article 4: Commercial TDM and the Opt-Out Right

Article 4 is the critical provision for commercial AI developers. It permits TDM for any purpose (including commercial AI training) provided the developer has lawful access to the data.

The Crucial Catch: The Opt-Out Mechanism. Article 4 contains an explicit reservation of rights mechanism. The exception applies unless the rights holder has expressly reserved their rights (an "opt-out") in an appropriate manner, such as machine-readable means for content made publicly available online.

Status of Content	Can AI Companies Use It?
Lawful access, no opt-out declared	Yes (Allowed under Art 4 TDM Exception)
Lawful access, explicit machine-readable opt-out (e.g., robots.txt)	No (Requires explicit licensing agreement)
Unlawful access (e.g., pirated datasets, bypassed paywalls)	No (TDM exception requires lawful access)

This creates a structured system: AI companies can scrape the open web by default, but creators have a defined legal mechanism to stop them. This contrasts sharply with the US, where "opt-outs" (like robots.txt) are often treated as mere requests rather than legally binding reservations of copyright under fair use arguments.

Authorship of AI-Generated Works

Unlike the US, where the Supreme Court has definitively ruled out AI authorship, or the UK, which has specific legislation for computer-generated works, the EU currently lacks a fully harmonized rule on the copyrightability of AI-generated works.

The "Author's Own Intellectual Creation" Standard

Under the EU's Infopaq standard, copyright applies only to works that are the "author's own intellectual creation." The Court of Justice of the European Union (CJEU) has historically interpreted this to require human intervention that reflects the author's personality and free, creative choices.

Therefore, fully autonomous AI outputs are generally considered uncopyrightable across member states. However, the degree of human input required for "AI-assisted" works to qualify for protection remains a subject of debate and is largely left to the national courts of individual member states to interpret.

The Intersection: GDPR and AI Training

In the EU, copyright is not the only hurdle for AI training; data privacy is equally critical. The General Data Protection Regulation (GDPR) restricts the processing of personal data.

Because generative AI models are trained on massive scrapes of the internet, they inevitably ingest personal data (names, addresses, photos). Authorities in several EU countries (notably Italy) have temporarily banned or investigated major AI models for lacking a lawful basis under GDPR to process this data for training purposes.

This intersection creates complex compliance requirements: an AI developer must ensure they have both copyright clearance (or rely on the TDM exception without opt-outs) AND a lawful basis under GDPR to process any personal data contained within that copyrighted material.

Practical Implications for Businesses and Creators

• For EU Creators: Utilize machine-readable opt-outs (like the `` tags or configured `robots.txt`) aggressively on your websites. The EU legal framework gives these technical signals teeth. Read our Guide on Implementing Machine-Readable Opt-Outs.
• For Global AI Companies: If you offer your model in the EU market, you must comply with the AI Act's transparency requirements and respect Article 4 opt-outs, regardless of where your company is headquartered. You cannot simply rely on US fair use arguments when operating in Europe.
• For Enterprises: When adopting AI tools, demand transparency from vendors regarding their compliance with EU TDM opt-outs and GDPR to mitigate downstream liability.