Business

EU’s Digital Omnibus aims to cut regulatory complexity but faces implementation hurdles

Monday, 24 November 2025 7:24AM UTC

The European Commission’s comprehensive Digital Omnibus package seeks to streamline and harmonise EU digital regulations, but challenges in implementation and overlapping laws raise questions about its future effectiveness in fostering innovation and competitiveness.

On November 19, 2025, the European Commission unveiled the Digital Omnibus package, a comprehensive effort designed to simplify and harmonise EU regulations spanning cybersecurity, data management, artificial intelligence (AI), and digital business facilitation. This initiative aims to alleviate administrative burdens that weigh on businesses while fostering competitive opportunities within the European digital economy. The package encompasses several components, including new rules on cybersecurity incident reporting, amendments to data protection frameworks, adjustments to AI regulations, a proposal for a European Business Wallet, and a Data Union Strategy. These proposals are currently under deliberation by the European Parliament and the Council, with hopes for adoption in the near future.

At the core of the package is the ambition to streamline regulatory complexities that have previously hindered innovation and operational efficiency. The Commission has also launched a consultation, the Digital Fitness Check, open until March 11, 2026, to evaluate how current digital regulations interact and impact business competitiveness. This assessment is anticipated to pave the way for further simplification measures by early 2027, reinforcing a regulatory environment more conducive to growth and technological advancement.

A significant pillar of the Digital Omnibus involves reforming cybersecurity incident reporting. The proposal stipulates that notifications under multiple legal frameworks, such as NIS2, GDPR, DORA, and CER, be submitted via a single EU-wide platform maintained by the European Union Agency for Cybersecurity (ENISA). This platform intends to serve as a centralised entry point to streamline communications with national authorities. However, the European Commission's projection of eight full-time employees (FTEs) to manage this platform at ENISA is widely regarded as insufficient, given the extensive scope covering 27 member states, 24 official languages, numerous sectors, and varied incident types. Consequently, ENISA's role may be primarily limited to platform maintenance and providing access support, while national bodies take responsibility for incident handling. The success of this single-entry system hinges on close cooperation among stakeholders to define notification standards, ensure high availability, and maintain confidentiality.

Regarding data regulation, the package proposes consolidating most rules into two principal legal instruments: the Data Act and the General Data Protection Regulation (GDPR). It recommends repealing several laws, including the Free Flow of Non-personal Data Regulation, the Platform-to-Business Regulation, the Data Governance Act, and the Public Sector Information Directive. The proposal also aims to ease cookie consent fatigue through simplified requirements and whitelist of benign purposes, and to permit more flexibility in processing data for AI training under GDPR’s legitimate interest clause. Yet, it notably stops short of repealing the ePrivacy Directive, which continues to impose overlapping and often fragmented rules on telecom providers alongside the GDPR. Industry commentators and experts argue that fully repealing ePrivacy and integrating its essential provisions into broader laws would better serve the objective of regulatory clarity and effectiveness.

The Digital Omnibus introduces targeted amendments to the AI Act to address identified implementation challenges. Most prominently, it delays the application of high-risk AI system regulations, previously scheduled for August 2026, by up to 16 months, moving the enforcement deadline to December 2027. This delay responds to pressure from major technology firms and reflects the Commission’s recognition that critical AI standards and guidelines are still under development. Other changes include an extended transitional period for transparency obligations related to synthetic content, enhanced powers for the AI Office overseeing large AI systems, expanded regulatory sandboxes, and eased compliance for small and mid-sized companies. The package also permits, under strictly controlled conditions, the use of sensitive personal data in AI system bias detection and correction, amending GDPR accordingly. While these adjustments are welcomed as steps toward a more workable AI regulatory framework, concerns remain about persistent overlaps with other directives and the unresolved complications arising from the ePrivacy Directive's continued application.

The package represents the Commission’s most ambitious digital regulatory simplification attempt to date, issuing over 1,200 pages of regulations and guidance across more than nine web platforms within a single week. Industry leaders, such as VDA President Hildegard Müller, have lauded the initiative as a move towards a more innovation-friendly and streamlined regulatory environment, while urging swift legislative negotiations to ensure timely business benefits. Yet significant hurdles remain, including the challenge of securing European Parliament and Council approval by August 2026 and ensuring the practical implementation of simplification measures.

Ultimately, the Digital Omnibus package signals a crucial step towards addressing the EU’s digital regulatory complexity. However, observers stress that true simplification requires bolder action, particularly in resolving the outdated and overlapping provisions of the ePrivacy Directive and integrating national legislations coherently with EU-level directives. Achieving genuine regulatory clarity and reducing administrative duplication will be vital to fostering innovation, enhancing competitiveness, and enabling sustainable growth in Europe’s digital landscape.

📌 Reference Map:

^[1] (Telefonica) - Paragraphs 1, 3, 4, 5, 6, 7, 8
^[2] (Telefonica) - Paragraph 1
^[3] (Council of the European Union) - Paragraph 7
^[4] (Reuters) - Paragraph 5
^[5] (Reuters) - Paragraph 5
^[6] (Digital Policy Alert) - Paragraph 1
^[7] (VDA) - Paragraph 7

Source: Noah Wire Services

More on this

https://www.telefonica.com/en/communication-room/blog/regulatory-simplification-digital-omnibus-package-step/ - Please view link - unable to able to access data
https://www.telefonica.com/en/communication-room/blog/regulatory-simplification-digital-omnibus-package-step/ - On November 19, 2025, the European Commission introduced the Digital Omnibus package, aiming to simplify EU regulations on cybersecurity, data, and artificial intelligence (AI). This initiative seeks to reduce administrative burdens and foster opportunities for European companies. The package includes proposals for a new European Business Wallet and a Data Union Strategy, and is currently under discussion by the European Parliament and the Council. Additionally, the Commission has launched a consultation on the Digital Fitness Check, open until March 11, 2026, to examine the interplay between different rules and their impact on EU competitiveness.
https://www.consilium.europa.eu/en/press/press-releases/2025/09/24/simplification-council-agrees-positions-on-digitalisation-and-common-specifications-as-well-as-on-small-mid-caps-to-boost-eu-competitiveness/ - On September 24, 2025, the Council of the European Union approved positions on several Commission proposals forming part of the 'Omnibus IV' legislative package. This package includes directives and regulations on digitalisation, common specifications, and support measures for small mid-cap enterprises, aiming to enhance EU competitiveness. The proposals amend existing legislation, including the General Data Protection Regulation (GDPR), to simplify requirements and support business growth. ([consilium.europa.eu](https://www.consilium.europa.eu/en/press/press-releases/2025/09/24/simplification-council-agrees-positions-on-digitalisation-and-common-specifications-as-well-as-on-small-mid-caps-to-boost-eu-competitiveness/?utm_source=openai))
https://www.reuters.com/sustainability/boards-policy-regulation/eu-delay-high-risk-ai-rules-until-2027-after-big-tech-pushback-2025-11-19/ - On November 19, 2025, the European Commission announced a delay in implementing certain high-risk provisions of its AI Act until December 2027, a shift from the previously scheduled August 2026. This decision responds to pressure from major technology firms and aims to reduce regulatory burdens while maintaining robust oversight. The delay applies to AI applications in sensitive areas such as biometric identification, health services, credit evaluations, law enforcement, job applications, and road safety. ([reuters.com](https://www.reuters.com/sustainability/boards-policy-regulation/eu-delay-high-risk-ai-rules-until-2027-after-big-tech-pushback-2025-11-19/?utm_source=openai))
https://www.reuters.com/sustainability/boards-policy-regulation/how-eu-plans-ease-rules-big-tech-2025-11-19/ - On November 19, 2025, the European Commission unveiled the 'Digital Omnibus' package, proposing revisions to EU digital regulations to ease compliance for big tech companies and foster AI development. Key measures include delaying the enforcement of high-risk AI rules from August 2026 to December 2027, granting firms more leeway in using large datasets, including health and biometric information, for AI training without explicit consent. The package also aims to simplify cookie consent requirements and reduce documentation burdens for small and medium enterprises (SMEs). ([reuters.com](https://www.reuters.com/sustainability/boards-policy-regulation/how-eu-plans-ease-rules-big-tech-2025-11-19/?utm_source=openai))
https://digitalpolicyalert.org/change/17204-digital-fitness-check-testing-the-cumulative-impact-of-the-eus-digital-rules - The European Commission has initiated a consultation as part of the Digital Fitness Check inquiry, open until March 11, 2026. This initiative aims to evaluate the complementarity, efficiency, and effectiveness of the EU's digital regulatory framework. The consultation seeks input on the cumulative impact of digital rules on people, businesses, and authorities, focusing on simplifying the legal framework, especially concerning small and medium-sized enterprises (SMEs). ([digitalpolicyalert.org](https://digitalpolicyalert.org/change/17204-digital-fitness-check-testing-the-cumulative-impact-of-the-eus-digital-rules?utm_source=openai))
https://www.vda.de/en/press/press-releases/2025/251119_VDA_Statement_Digital_Package - On November 18, 2025, VDA President Hildegard Müller welcomed the European Commission's Digital Omnibus package, viewing it as a step towards a more modern and innovation-friendly digital legal framework in Europe. She emphasized the importance of swift negotiations between the European Parliament and the Council to ensure that the intended facilitations reach businesses promptly. Müller also highlighted the need for a leaner digital regulatory landscape to strengthen Europe's competitiveness. ([vda.de](https://www.vda.de/en/press/press-releases/2025/251119_VDA_Statement_Digital_Package?utm_source=openai))

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 10

Notes: ✅ The narrative is based on a press release from Telefónica, dated November 24, 2025, discussing the European Commission's Digital Omnibus package unveiled on November 19, 2025. This indicates high freshness, as the content is current and directly related to recent developments.

Quotes check

Score: 10

Notes: ✅ No direct quotes are present in the provided text, suggesting originality or exclusivity. The absence of reused or previously published quotes supports the content's freshness and originality.

Source reliability

Score: 8

Notes: ⚠️ The narrative originates from Telefónica, a reputable telecommunications company. While Telefónica is a credible source, the content is a company blog post, which may present a corporate perspective. This context should be considered when evaluating the information.

Plausability check

Score: 9

Notes: ✅ The narrative aligns with recent developments regarding the European Commission's Digital Omnibus package, as reported by multiple reputable outlets. ([commission.europa.eu](https://commission.europa.eu/news-and-media/news/simpler-digital-rules-help-eu-businesses-grow-2025-11-19_en?utm_source=openai)) The content is plausible and consistent with current events.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): HIGH

Summary: ✅ The narrative is fresh, original, and plausible, with no significant issues identified. While originating from a corporate blog, the content accurately reflects recent developments and is consistent with information from reputable sources.

European Union
Digital regulation
Cybersecurity
AI legislation