Regulators and platforms are moving in opposite directions: the EU is signaling more flexibility on training data (with caveats), while Nvidia is consolidating synthetic data tooling via Gretel—pushing teams to re-check governance, vendor lock-in, and privacy risk.
EU proposes AI Act delay and green-lights anonymized data for training
The European Commission proposed postponing enforcement of high-risk AI system rules under the AI Act until 2027, while also allowing the use of anonymized personal data for AI training. The shift is framed as a way to reduce friction for AI development, but it puts more pressure on companies to prove that “anonymized” datasets are genuinely resistant to re-identification. Privacy advocates have warned the change could weaken protections if anonymization claims are treated as a checkbox.
- Data access may expand for EU-based model training, but only if teams can document anonymization methods and residual re-ID risk.
- Governance gets more technical: expect more scrutiny of de-identification approaches, linkage attacks, and whether “anonymous” remains anonymous after model training.
- Procurement impact: vendors selling “anonymized” datasets will face harder due diligence and contractual requirements around testing and auditability.
Nvidia buys Gretel for $320M+ to deepen synthetic data infrastructure
Nvidia acquired synthetic data startup Gretel for over $320 million, positioning synthetic data generation closer to the core AI training stack. Gretel is known as a platform for generating and evaluating synthetic datasets, which can reduce reliance on sensitive raw data while still supporting model development and testing. The deal signals that synthetic data is becoming a default capability bundled into major AI ecosystems rather than a niche add-on.
- Platform gravity: teams already standardized on Nvidia tooling may find synthetic data workflows “one click away,” accelerating adoption.
- Lock-in risk: deeper integration can make it harder to swap generators, evaluation methods, or governance controls later.
- Controls still required: synthetic data doesn’t eliminate privacy work—utility, leakage testing, and policy enforcement still sit with the buyer.
KPMG’s synthetic data center signals services-led standardization
KPMG announced a Synthetic Data Center of Excellence and acquired YData Labs’ technology and IP to support it. For large enterprises, this points to synthetic data moving from pilot projects into repeatable delivery models backed by consultancies that can wrap tooling with governance, documentation, and change management. It also suggests buyers want “implementation plus assurance,” not just a generator.
- Buying pattern shift: synthetic data may increasingly be procured as a governed program (methods, controls, reporting), not a standalone product.
- Internal alignment: compliance, security, and data engineering can use a COE model to standardize approvals and evaluation criteria.
- Competitive pressure: startups may need stronger audit artifacts and enterprise workflows to compete with services-backed offerings.