Europe’s AI Rulebook Leaves the Mind Exposed
The EU has built a powerful framework for data, platforms and AI, but cognitive manipulation and neurotechnology expose gaps it was not designed to close. A commentary by Vincenzo Colarocco
The European Union has built the most ambitious digital governance architecture in the world — the GDPR, the Digital Services Act, the Digital Markets Act, the AI Act. Taken together, these instruments represent an extraordinary normative effort.
Yet their combined perimeter leaves structurally uncovered a category of harm that is arguably the most consequential of the AI age: the technological penetration of the human cognitive space.
Artificial intelligence does not create this exposure so much as render it acute: by multiplying both the incentives to accumulate behavioural data and the capacity to extract exploitable profiles from it, it turns a once-latent gap into a pressing one.
A systematic analysis reveals a residual gap that cuts across multiple instruments. Three fault lines are particularly significant.
Material scope. The AI Act (Article 5) prohibits subliminal manipulation conducted through AI systems. But cognitive manipulation techniques — psychometric profiling, hypernudging, persuasive design optimised on behavioural addiction patterns — do not necessarily require AI systems in the technical-legal sense defined by Article 3(1).
A traditional statistical model applied to behavioural traces can produce comparable manipulative effects. An infinite-scroll feed tuned through ordinary A/B testing, with no machine-learning system involved, engineers compulsive engagement while staying clear of Article 5. The prohibition targets the vector, not the harm, leaving an entire class of cognitive threats lawful by default.
Data categorisation. The distinction is qualitative, not merely quantitative: where conventional digital data describe behaviours or preferences, neural and neuro-inferred data reveal emotions, intentions, and pre-decisional cognitive processes.
The GDPR reserves its strongest protections (Article 9) for special categories of data, including biometric data directly collected. But the most sophisticated cognitive profiling today operates on inferred psychometric data: personality models and cognitive susceptibility scores reconstructed algorithmically from digital behavioural traces.
Reconstructing an personality profile from social-media activity — as the Cambridge Analytica technique — maps psychological vulnerability without touching a single datum the law treats as special.
These profiles are not biometric data in the regulatory sense, yet they enable a degree of individual manipulability that is functionally equivalent to what direct neural access would allow. The mind, in short, has become a new space of legal vulnerability that existing data categories do not recognise.
Neurosecurity. Brain-computer interfaces (BCIs) and implantable neurostimulators are entering the consumer market. The Cyber Resilience Act applies to products with digital elements, and a neural implant technically falls within its scope.
But applying the same cybersecurity framework to a BCI and to a connected thermostat produces a dangerous illusion of adequacy. When the product is inside the body, a security breach is not a data incident — it is a violation of bodily and cognitive integrity.
Are these instruments at least sufficiently flexible to adapt? The answer requires a distinction that the policy debate tends to overlook.
Some interpretive margins exist — Article 9 GDPR could be read expansively, and Article 112 AI Act allows delegated updating of prohibited practices. In practice, these margins are not being activated — and even if they were, they would remain structurally insufficient. For three reasons.
First, the AI Act defines its scope by technological means, not by cognitive harm: a manipulation technique that achieves the same result without an AI system within the meaning of Article 3(1) falls outside the regulatory perimeter by definition, and no delegated act can alter this architecture without reopening the legislative text.
Second, the Cyber Resilience Act does not distinguish between an external attack surface and an internal one: it has no category for the difference between a compromised Internet of Things (IoT) device and a compromised neural implant.
Third — and most fundamentally — no existing instrument recognises cognitive sovereignty as an autonomous legal good. Without that recognition, every protection is derivative: data protection, product safety, unfair practice prohibition. Each derivative protection is structurally under-specified relative to the good it should protect, because none of them were designed with the inner life as its object.
The political implication is clear. Regulatory flexibility is a resource suited to managing the foreseeable evolution of a consolidated paradigm. It does not serve to govern a paradigm shift. The transition from regulating external technological objects to protecting the cognitive integrity of the subject is not an incremental evolution: it is a change of referent.
For that, an elastic extension of the existing framework is not enough. A new normative layer is required.
Three policy directions follow.
First, the regulatory perimeter must shift from technology-based to harm-based classification.
Cognitive manipulation should be prohibited on the basis of the effect it produces — the subversion of autonomous decision-making — regardless of the technological vector employed. This is the single change that would close the most significant gap without requiring a new legislative instrument.
Second, inferred psychometric data must be brought within the protective scope of Article 9 GDPR.
The distinction between directly collected and algorithmically inferred data is technically meaningful but normatively unsustainable: where the manipulative potential is equivalent, the protection must be equivalent.
Third, the neurotechnological frontier requires a layered normative architecture addressing cognitive integrity at every level: constitutional recognition of cognitive sovereignty as a fundamental right; sector-specific regulation of neurotechnological products; and dedicated criminal provisions protecting the inviolability of the mental space.
The Chilean precedent (2021), which elevated neurorights to constitutional rank and whose implementing follow-through has since proved uneven - demonstrates that this is not a theoretical exercise but an operational legislative programme.
Cognitive sovereignty — the legally recognised capacity to maintain ultimate control over one’s own mental processes, free from undisclosed technological interference — is the foundational freedom of the AI age. Those who arrive late will have surrendered their citizens’ cognitive architecture to the market.
Europe united its peoples around a currency. Its next historic test is to unite them around something deeper than money: the defence of the human mind and its free development.
IEP@BU does not express opinions of its own. The opinions expressed in this publication are those of the authors. Any errors or omissions are the responsibility of the authors.
