Image: Adobe Stock
The plan is to drastically cut administrative burdens, simplify compliance, and accelerate technological innovation across the European Union.
The European Commission has unveiled a sweeping new digital package that includes fintech, AI, data, and cybersecurity changes.
The initiative, described by officials as a cornerstone of Europe’s digital competitiveness strategy, is projected to save businesses billions of euros while reshaping how companies operate across borders in the single market. The EC says it’s designed to drastically cut administrative burdens, simplify compliance, and accelerate technological innovation across the European Union.
The package, announced today (November 19), includes a far-reaching digital omnibus that streamlines existing legislation on AI, data, and cybersecurity; a new Data Union Strategy intended to boost access to high-quality datasets; and a proposal for European Business Wallets, a unified digital identity system for companies.
The reforms form part of the Commission’s broader objective of slashing administrative burdens by at least 25% — and 35% for SMEs — by 2029.
The centrepiece of the package is the digital omnibus, a major legislative proposal that reorganises and simplifies the EU’s existing digital rules.
The Commission plans to align the timing of high-risk AI obligations with the availability of practical tools, standards, and guidance. Under the proposal, the strictest requirements of the AI Act would not apply until these support mechanisms are confirmed to be in place. This approach is intended to prevent companies — particularly smaller firms — from being penalised before they have the resources to comply.
The timeline for enforcing high-risk rules will be capped at a maximum of 16 months. According to the Commission, this ensures legal certainty while giving developers time to adjust.
The proposal also introduces targeted amendments to the AI Act, including:
• Extending simplified compliance requirements for SMEs and small mid-cap companies, a move expected to save at least €225 million annually.
• Expanding access to regulatory sandboxes — including a new EU-level sandbox from 2028 — to encourage safe testing of AI in areas like automotive manufacturing.
• Strengthening the EU’s AI Office to centralise oversight of general-purpose AI systems and reduce fragmented governance across Member States.
These changes reflect longstanding concerns from industry that the AI Act, while groundbreaking in its protections for fundamental rights, could impose heavy compliance burdens without adequate support.
One of the most practical changes for companies is a new unified interface for reporting cybersecurity incidents. Today, firms must report under multiple pieces of legislation — including NIS2, GDPR, and DORA — often duplicating efforts. The new tool will allow companies to submit reports once through a secure portal, which will route information to the appropriate authorities.
By reducing duplication, the Commission aims to significantly lower administrative costs, particularly for companies operating in multiple EU countries.
Targeted amendments to the GDPR seek to harmonise divergent national interpretations, clarify ambiguities, and reduce compliance complexity without altering the GDPR’s foundational principles. The goal is to encourage innovation and ease common pain points for businesses, while preserving Europe’s high data-protection standards.
One of the most visible changes for everyday internet users will be the modernisation of cookie consent rules. The proposal aims to dramatically cut back on pop-up fatigue by allowing users to set preferences centrally within browsers or operating systems.
Access to high-quality data remains a critical issue for European AI developers. The omnibus proposes:
• Consolidating several data laws into the Data Act for greater legal clarity.
• Allowing exemptions for SMEs from certain cloud-switching obligations, amounting to €1.5 billion in one-off savings.
• Introducing model contractual terms and standard clauses to simplify data-sharing agreements and cloud contracts.
By making more data usable and easier to access, the Commission aims to strengthen Europe’s position in the global AI race.
The new Data Union Strategy outlines measures to expand access to high-quality datasets through instruments such as data labs and a new Data Act Legal Helpdesk. These tools are expected to help businesses navigate complex data-sharing rules and support compliance.
The strategy also emphasises Europe’s desire to guard against misuse of EU-generated data abroad. Proposed mechanisms include an anti-leakage toolbox and guidelines for evaluating how EU data is handled in third countries.
The emphasis on sovereignty reflects growing geopolitical concerns about control over critical technological infrastructure and datasets — particularly in fields like AI training, cloud computing, and advanced industrial analytics.
One of the most transformative proposals is the European Business Wallet, a secure digital credential system intended to standardise how companies identify themselves and exchange documents across the EU.
Through the wallet, companies will be able to sign documents, verify their identity, store certificates, and communicate securely with public administrations in any Member State. Processes that currently require physical presence or paper documentation — such as tax filings, registrations, and cross-border expansion — will become faster and cheaper.
If widely adopted, the Commission estimates the wallet could unlock up to €150 billion in savings each year by eliminating duplicated procedures and simplifying regulatory interactions.
The implications extend beyond cost savings: the wallet could create a seamless business environment that mirrors the benefits individuals enjoy under the EU Digital Identity Wallet, helping firms scale across borders with fewer administrative barriers.
The omnibus proposals will now be considered by the European Parliament and the Council. The Commission also launched a public consultation for the Digital Fitness Check, open until March 11, 2026. This initiative will evaluate how well existing digital rules meet competitiveness goals and whether further legislative streamlining is needed.
The effort reflects the Commission’s acknowledgment that Europe’s current digital framework — despite protecting fundamental rights — has become too complex and sometimes hinders innovation. The Fitness Check is designed to identify overlapping obligations, outdated requirements, and areas where compliance demands outweigh societal benefits.
The EC has also revealed the initiation of three market investigations concerning cloud computing services under the landmark Digital Markets Act.
