The European Parliament has reportedly moved to keep built-in AI tools off lawmakers’ work devices, citing risks tied to confidential data, cloud processing and the uncertain flow of information to AI companies.
The reported restriction reflects a broader concern now facing public institutions: AI assistants can be useful, but the data entered into them may travel beyond the immediate control of the person using the tool.
Why the European Parliament acted
According to an email seen by Politico, the parliament’s IT department said it could not guarantee the security of data uploaded to the servers of AI companies. The department also said the full extent of what information is shared with AI companies is “still being assessed.”
That uncertainty appears to be the core of the decision. If lawmakers use built-in AI features on work devices, confidential correspondence could be uploaded to the cloud. Once that happens, the institution may not be able to fully verify where the information goes, how it is processed or who may later gain access to it.
“It is considered safer to keep such features disabled.”
The reported email does not present the issue as a rejection of AI in general. It frames the restriction as a security and privacy measure while the risks around data handling remain unresolved.
The risk is in the upload
AI chatbots such as Anthropic’s Claude, Microsoft’s Copilot and OpenAI’s ChatGPT depend on user inputs to produce responses. In ordinary use, that means a person may type or upload material into a system operated by an outside company.
For lawmakers, the material at stake can include confidential correspondence. The concern is not simply that a tool generates text. It is that private or sensitive information may leave the device and be processed on company servers.
The source article identifies two related risks:
- Legal exposure: U.S. authorities can demand that companies running AI chatbots turn over information about their users.
- Model improvement practices: AI chatbots typically rely on information that users provide or upload to improve their models, which can increase the chance that sensitive information uploaded by one person may later be shared and seen by other users.
Those risks matter more when the users are lawmakers and the devices are issued for official work. A personal prompt may be low stakes. A message involving government business or confidential correspondence is different.
A European data debate around U.S. tech
Europe has some of the strongest data protection rules in the world. Even so, the European Commission last year floated new legislative proposals aimed at relaxing data protection rules to make it easier for tech giants to train AI models on Europeans’ data.
That proposal drew criticism from people who argued that the move caves in to U.S. technology giants. The European Parliament restriction arrives against that backdrop: European institutions are trying to understand how AI tools handle data while also debating how much room tech companies should have to use European data for AI training.
The issue is not limited to AI chatbots. The source article notes that several EU member countries are reevaluating their relationships with U.S. tech giants. Those companies remain subject to U.S. law and to the demands of the Trump administration.
For European officials, that creates a practical dilemma. Work devices may rely on products from major technology providers, but those providers can face legal demands outside Europe. When sensitive public-sector information is involved, that legal exposure becomes part of the security calculation.
Why U.S. subpoenas sharpen the concern
The source article also points to recent actions by the U.S. Department of Homeland Security. In recent weeks, the department sent hundreds of subpoenas demanding that U.S. tech and social media giants turn over information about people, including Americans, who had publicly criticized the Trump administration’s policies.
Google, Meta and Reddit complied in several cases, even though the subpoenas had not been issued by a judge and were not enforced by a court.
For European lawmakers, that context helps explain why an IT department would take a cautious position. If information uploaded to an AI tool is held by a company subject to U.S. demands, the question is no longer only technical. It is also about jurisdiction, institutional control and the limits of privacy guarantees.
What the restriction signals
The reported block sends a simple message: convenience is not enough when confidential government work is involved. Built-in AI features can feel like part of the device, but they may still connect to outside systems and outside companies.
The European Parliament’s reported position is cautious rather than expansive. It does not claim that every AI use is unsafe. It says the parliament cannot yet guarantee the security of uploaded data and is still assessing what information is shared with AI companies.
That makes the restriction a temporary-looking response to an unresolved problem. Until officials can clearly account for where data goes, how it is used and what legal demands may apply, disabling built-in AI features is the safer path described in the reported email.