Brussels, BELGIUM – The European Commission’s long-awaited Digital Omnibus simplification package, unveiled today, is a welcome step towards simplifying the EU’s complex regulatory landscape for digital and tech. Yet its narrow focus – mainly limited to AI, cybersecurity, data rules, and privacy – means further and bolder action is still needed.
While commending the Commission’s intent to reduce regulatory burden and overlap, the Computer & Communications Industry Association (CCIA Europe) stresses that this package must only be the starting point for deeper reform of the EU’s digital rulebook. Major challenges previously identified by CCIA Europe remain unresolved, including continued friction across the digital ecosystem from the Digital Services Act and Digital Markets Act.
Today’s key measures include clarified rules on the interaction between artificial intelligence and data protection under the General Data Protection Regulation (GDPR), and a delay of “up to” 16 months for certain AI Act obligations due to late guidance and standards that are still missing. However, if the Commission deems the technical specifications available earlier than expected, companies may be left with only six to 12 months to achieve compliance.
The adjustments to the AI Act provide companies with more realistic timelines. Unfortunately, the Omnibus misses critical opportunities to raise the outdated compute threshold for identifying AI models which pose a ‘systemic risk’, and fails to fix problematic wording on the extraterritoriality of copyright provisions, which conflicts with EU and international principles.
CCIA Europe also welcomes efforts to clarify the interplay between data protection, AI, and cybersecurity. But it warns that innovation depends on principle-based legislation, not GDPR changes introducing overly prescriptive rules on consent or objection. A more balanced approach is needed to safeguard users and enable innovators to develop new technologies.
The proposal for a single portal for cyber-incident reporting is a modest improvement, but falls short of delivering the unified cybersecurity framework the EU really needs. The Commission should go further to eliminate duplication in order to strengthen Europe’s resilience. Without aligned definitions, reporting thresholds, and security obligations across cyber legislation, a single portal will only centralise fragmentation – instead of fixing it.
The following can be attributed to CCIA Europe’s Head of Policy and Deputy Head of Office, Alexandre Roure:
“Today’s Digital Omnibus is a promising first step towards simplifying EU tech rules. But its narrow scope leaves much of the EU’s patchwork untouched. Unprecedented regulatory complexity and legal uncertainty act as a direct tax on Europe’s competitiveness and innovation. Efforts to simplify digital and tech rules cannot stop here.”
“CCIA Europe looks forward to the Commission moving into a higher gear with a more ambitious, all-encompassing review of the EU’s entire digital rulebook, and urges Member States and the European Parliament to back even bolder simplification measures.”
“While the Commission has made progress on AI and should be commended for acknowledging the damage of regulatory overreach, significant gaps in the AI Act remain. Across Europe, AI developers and deployers need clarity, and they need it fast. We therefore urge co-legislators to support the Commission by speeding up the legislative process.”
