EU’s Digital Omnibus initiative aims to simplify rules on data, cyber-security and AI

The question

How will the European Commission’s Digital Omnibus initiative simplify legislation on data, cybersecurity, and artificial intelligence for businesses?

The key takeaway

The Digital Omnibus aims to streamline and clarify the EU’s digital rules. This will reduce compliance costs and administrative burdens for businesses, especially Small and Medium-sized Enterprises (SMEs).

The background

Against the backdrop of multiple sector-specific rules leading to increasing complexity for businesses, the European Commission seeks to stress-test and modernise the EU digital rulebook. Announced on 16 September 2025, the Digital Omnibus is the first deliverable of the Commission’s wider “simplification agenda”. It builds on previous consultations and responds to concerns about fragmented and complex digital rules across the EU, aiming to minimise the impact of regulatory hurdles over the next four years.

The development

The Digital Omnibus aims to make adjustments that lower administrative costs for businesses and institutions with the feedback being used to develop proposals for a new directive and regulation.

The new laws seek to address the increasing fragmentation and complexity of rules which have led to inconsistent application and enforcement, particularly at national level. It seeks to bring up to date the rules on data, cookies and incident reporting, which have been seen as burdensome and unclear, especially for SMEs. The simplification measures proposed include:

• streamlining the Data Governance Act, Free Flow of Non-Personal Data Regulation and Open Data Directive to reduce fragmentation and clarify requirements for access, use and sharing of data
• modernising rules under the ePrivacy Directive to address consent fatigue and provide clearer, centralised cookie management for users
• simplifying incident and data breach reporting obligations by harmonising requirements and reporting tools across Member States and regulatory instruments
• supporting the smooth application of the AI Act, clarifying obligations and addressing implementation challenges, and
• ensuring consistency with the upcoming EU Business Wallet proposal.

The Commission will analyse feedback and develop legislative proposals for the Digital Omnibus.

Why is this important?

By reducing paperwork, regulatory overlap and complexity, the initiative aims to enable businesses (especially SMEs) to focus on growth and innovation rather than navigating fragmented compliance regimes. SMEs in particular will benefit from obligations which may be disproportionately onerous to comply with when considering the scale of their activities.

Any practical tips?

Businesses should participate in consultations and stay informed on upcoming legislative proposals. To ensure that more sector-specific concerns are heard by the Commission, they should consider providing feedback in light of industry experience with dealing with the current framework.

They should still maintain robust data and cyber compliance programmes. While simplification is the goal, high standards for data protection, cybersecurity and AI compliance remain in place with regulators continuing to enforce the current rules.

Autumn 2025