EU Unveils Sweeping Digital Rules Overhaul to Boost Business Growth

The European Commission announced a significant "digital omnibus" package on November 19, 2025, designed to drastically reduce administrative burdens and compliance costs for businesses operating within the European Union's digital sector. This initiative aims to streamline existing regulations concerning artificial intelligence, cybersecurity, and data access, as reported by ec.europa.eu.

This comprehensive package is projected to save European businesses up to €5 billion in administrative costs by 2029, according to the European Commission. Additionally, new European Business Wallets, offering companies a single digital identity, could unlock another €150 billion in annual savings, as detailed by Computer Weekly.

The move comes as part of the Commission's broader strategy to enhance the EU's competitiveness and foster innovation, particularly for small and medium-sized enterprises (SMEs). Executive Vice-President for Tech Sovereignty, Security and Democracy, Henna Virkkunen, emphasized that the goal is to support startups and SMEs in scaling their businesses within the EU, as reported by The Guardian.

Key amendments include adjustments to the EU AI Act, aiming for more innovation-friendly implementation by linking the application of high-risk AI system rules to the availability of necessary support tools and standards, according to CMS LawNow. This could delay compliance timelines by up to 16 months, as noted by CIO Dive.

Furthermore, the package introduces a single-entry point for cybersecurity incident reporting, consolidating obligations currently spread across multiple laws like the NIS2 Directive, GDPR, and DORA, techrepublic reported. This simplification is expected to significantly lower administrative overhead for companies operating across member states.

Data rules are also set for simplification, with targeted amendments to the General Data Protection Regulation (GDPR) aimed at harmonizing and clarifying certain provisions, while maintaining high data protection standards, according to eunews. Modernized cookie rules will also improve user experience with one-click consent options, as highlighted by TechRepublic.

While welcomed by many in the business community, the proposals have drawn criticism from civil society organizations. CDT Europe, for instance, stated on November 19, 2025, that the package "unacceptably weakens" the EU's digital framework by diluting key provisions intended to protect individual rights and data.

• Background and Context: The European Commission's "digital omnibus" package is the latest in a series of simplification efforts, marking the seventh such proposal aimed at making the EU economy more competitive and prosperous. This initiative aligns with the Commission's target to achieve at least a 25% reduction in administrative burdens overall, and a 35% reduction specifically for SMEs by the end of 2029, as detailed by ec.europa.eu. The need for simplification has been a recurring theme, with businesses often citing the complexity and fragmentation of digital regulations as barriers to growth and innovation.
• AI Act Adjustments: The amendments to the EU AI Act are particularly significant, addressing concerns about the heavy compliance burden, especially for small and medium-sized businesses. The Commission proposes extending simplifications for SMEs, including streamlined technical documentation requirements, which could save at least €225 million annually, according to siliconangle. The delay in applying rules for high-risk AI systems until support tools and standards are confirmed aims to provide companies with more realistic timelines for compliance, as reported by Computer Weekly.
• Cybersecurity Reporting Streamlining: The introduction of a single-entry point for cybersecurity incident reporting is a practical measure to reduce duplication of effort. Currently, companies must report incidents under various laws, including the NIS2 Directive, GDPR, and the Digital Operational Resilience Act (DORA), as noted by TechRepublic. This unified interface, once developed with robust security safeguards, will route information to appropriate authorities, significantly lowering administrative costs for businesses, particularly those operating across multiple EU countries.
• Data Act and GDPR Amendments: The package consolidates EU data rules through the Data Act, merging four pieces of legislation into one for enhanced legal clarity, according to ec.europa.eu. Targeted exemptions to cloud-switching rules for SMEs and small mid-cap companies are expected to result in around €1.5 billion in one-off savings. Furthermore, amendments to the GDPR aim to harmonize and clarify rules, and modernize cookie consent, allowing users to indicate preferences with one-click, as reported by techrepublic.
• Stakeholder Reactions and Concerns: While business associations like the Computer & Communications Industry Association (CCIA Europe) welcomed the package as a step towards simplifying the EU's complex regulatory landscape, they also urged for bolder action and a more ambitious review of the entire digital rulebook, as stated on November 19, 2025. Conversely, civil society groups, including CDT Europe, expressed strong warnings, arguing that the proposals "significantly water down" key provisions intended to protect individual rights, transparency, and accountability, particularly regarding the definition of personal data and protections against automated decision-making.
• Future Developments and Next Steps: The legislative proposals of the "digital omnibus" will now proceed to the European Parliament and the Council for adoption, as confirmed by ec.europa.eu. In parallel, the Commission has launched a "Digital Fitness Check," a wide consultation open until March 11, 2026, to "stress test" how the digital rulebook delivers on its competitiveness objectives and to examine the coherence and cumulative impact of existing rules. This indicates a continued commitment to refining the EU's digital regulatory framework.