The European Commission has launched a public consultation to simplify its digital regulations concerning data, artificial intelligence, and cybersecurity. Announced on September 16, 2025, the initiative, known as the Digital Omnibus package, aims to reduce administrative burdens and lower compliance costs for companies operating within the European Union.
Key Takeaways
- The European Commission is seeking feedback for its "Digital Omnibus" package to streamline tech laws.
- The initiative targets five key areas: data legislation, online tracking, cybersecurity reporting, the AI Act, and digital identity.
- A primary goal is to reduce administrative costs for all companies, with a special focus on small and medium-sized enterprises (SMEs).
- Stakeholders can submit feedback until October 14, 2025, with new legislation expected by the end of the year.
A Plan to Reduce Digital Complexity
The European Commission is taking steps to untangle its complex web of digital rules. The new plan, referred to as the Digital Omnibus, is part of a broader effort to make regulations simpler and more efficient for businesses. This initiative follows extensive consultations on the EU's strategies for data, AI, and cybersecurity.
The central objective is to ease the regulatory load on companies, particularly smaller businesses that often struggle with complex compliance requirements. The Commission's action supports its wider goal of creating a more competitive and streamlined European market.
Ambitious Reduction Targets
This simplification effort aligns with the Commission's Competitiveness Compass, which aims to cut the administrative burden by at least 25% for all companies and 35% for small and medium-sized enterprises (SMEs).
Five Core Areas Targeted for Reform
The Digital Omnibus will propose targeted changes across five critical domains of the EU's digital framework. The goal is to create a more cohesive and predictable legal environment for technology companies.
1. Data Governance and Flow
Current rules on data are spread across several pieces of legislation, including the Data Governance Act and the Open Data Directive. Businesses, especially data-driven SMEs, often face challenges due to this fragmentation.
The proposed amendments aim to streamline and clarify these rules, making it easier for companies to use and share both personal and non-personal data legally and efficiently across the EU.
2. Cookies and Online Tracking
The Commission is looking to modernize provisions in the ePrivacy Directive related to cookies and other online tracking technologies. Many users experience "consent fatigue" from constant pop-up banners.
The reform seeks to find a balance that reduces this fatigue for users while ensuring businesses have lawful access to necessary data. This will be done in alignment with the EU's strict data protection laws, such as the GDPR.
3. Cybersecurity Incident Reporting
Currently, companies must report cybersecurity breaches and incidents under various regulations, leading to overlapping and sometimes confusing obligations. This creates a significant administrative task during a crisis.
The plan is to simplify and harmonize these reporting requirements across different sectors. This will reduce complexity for businesses while still ensuring that authorities receive timely and relevant information to maintain cybersecurity protections.
4. Artificial Intelligence Act Application
With the recent adoption of the AI Act, the focus now shifts to its practical implementation. The Commission wants to ensure the rules are predictable and manageable, particularly for smaller firms that may lack extensive legal resources.
The Digital Omnibus will address early challenges identified by businesses to improve the law's application and ensure it aligns with other related digital regulations.
The 'One In, One Out' Principle
The simplification effort is guided by the 'one in, one out' principle. This regulatory approach requires that before any new administrative cost is introduced, at least an equivalent existing cost must be removed. This ensures that the overall regulatory burden does not increase.
5. European Digital Identity Framework
The EU is developing a European Digital Identity Wallet, which will allow citizens to manage their identity and share personal documents digitally. The Digital Omnibus aims to enhance legal certainty for the service providers and organizations that will rely on this new framework.
This includes ensuring that the rules are clear and practical, promoting trust and widespread adoption of the new digital identity system across the member states.
Timeline and Future Steps
The Commission has invited all stakeholders, including businesses, public authorities, and civil society organizations, to provide their feedback. The deadline for submissions is October 14, 2025.
Following the consultation period, the Digital Omnibus legislative package is expected to be published by the end of 2025. This will be the first major step in the simplification process.
In the longer term, the Commission plans to conduct a comprehensive "Digital Fitness Check." This broader review will assess the coherence and cumulative impact of the entire body of EU digital law to identify further opportunities for simplification and improvement.
This ongoing process signals a commitment from the EU to adapt its regulatory landscape, ensuring it supports innovation and economic growth while upholding its high standards for privacy, security, and fairness in the digital age.