Share This Article
The Digital Package on Simplification, proposed by the European Commission, updates key EU laws — including the GDPR, the AI Act, the Data Act, the NIS2 Directive, and the ePrivacy Directive — to modernize and simplify the entire European digital regulatory framework.
Also known as the Digital Omnibus, this proposal aims to streamline compliance, remove overlapping obligations, and reduce administrative burdens, while preserving the EU’s high standards for data protection and digital trust.
By consolidating outdated rules and harmonizing legal obligations, the Digital Package on Simplification seeks to create a more efficient, innovation-friendly digital environment that benefits both businesses and regulators.
A Political Push for a “Simpler and Faster Europe”
The Digital Package on Simplification is part of the European Commission’s broader political agenda titled “A Simpler and Faster Europe.”
This initiative follows the Draghi and Letta reports on European competitiveness, which stressed that excessive regulatory layering undermines innovation and growth.
Responding to repeated Council conclusions in 2025, the Commission pledged to rationalize the EU’s digital acquis by merging or repealing redundant texts and clarifying the interaction among existing digital regulations. The Digital Omnibus is the first concrete result of this simplification drive.
What the Digital Package on Simplification Proposes
According to an unofficial version of the document leaked from the EU Commission, the proposal introduces a single omnibus regulation that consolidates several major instruments.
It amends:
- GDPR (Regulation 2016/679)
- AI Act (Regulation 2024/1689)
- Data Act (Regulation 2023/2854)
- NIS2 Directive (Directive 2022/2555)
- ePrivacy Directive (Directive 2002/58/EC)
It repeals:
- Platform-to-Business (P2B) Regulation
- Data Governance Act (DGA)
- Free Flow of Non-Personal Data Regulation
- Open Data Directive
- By merging these acts into a unified structure, the Digital Package on Simplification eliminates inconsistencies, simplifies reporting requirements, and harmonizes definitions across the digital legislative corpus.
The Three Pillars of Simplification
- The Digital Package on Simplification is built around three strategic pillars:
- Data framework consolidation
- Unified incident reporting
- Alignment of AI and data protection rules
1. Streamlining the Data Framework
The proposal merges the Data Governance Act, the Open Data Directive, and the Free Flow of Non-Personal Data Regulation into the Data Act, establishing a single point of reference for data sharing and reuse.
Key innovations include:
- Turning the registration system for data intermediaries into a voluntary trust framework within the Data Act.
- Consolidating rules for data altruism and public-sector data reuse.
- Clarifying cloud-switching and interoperability provisions.
This simplification is expected to cut administrative costs and improve legal predictability for companies working with data across borders.
2. One-Stop System for Incident and Breach Reporting
One of the most tangible improvements in the Digital Package on Simplification is the creation of a single EU-wide platform for incident and data-breach notifications, to be managed by ENISA.
This “report once, share with all” mechanism enables companies to fulfil obligations under the GDPR, NIS2, DORA, and Digital Identity Regulation simultaneously.
It will drastically reduce duplicate reporting, ease coordination between authorities, and increase efficiency — all while maintaining existing legal competences.
3. Aligning AI Compliance with Data Protection
To reconcile the AI Act and GDPR, the proposal introduces clarifications on:
- The concepts of personal data and pseudonymization;
- The lawful use of personal data for AI training, under legitimate safeguards;
- Streamlined obligations for low-risk data processing.
These clarifications respond to long-standing industry concerns about legal uncertainty around AI training datasets and ensure a balance between innovation and privacy.
The End of the Platform-to-Business Regulation
The Platform-to-Business Regulation will be repealed, as its objectives are now fully achieved by the Digital Markets Act (DMA) and the Digital Services Act (DSA). This repeal reduces duplication and brings all platform governance rules under the same digital policy framework, improving consistency and enforcement.
Economic Impact: Reducing Red Tape
The Digital Package on Simplification is also an economic reform.
According to the Commission, it will generate:
- €1 billion in annual savings;
- €1 billion in one-off savings;
- €4 billion total savings by 2029.
Small and medium-sized enterprises (SMEs) and small mid-caps will benefit most from reduced compliance obligations and simplified reporting mechanisms, strengthening Europe’s digital competitiveness.
Legal Basis and Fundamental Rights
Grounded in Articles 114 and 16 of the TFEU, the Digital Package on Simplification safeguards both market integration and privacy protection.
The Commission stresses that the initiative does not weaken the GDPR or the EU Charter of Fundamental Rights, but instead ensures a clearer and more coherent application of existing standards across all digital regulations.
A New Chapter: Toward a Digital Acquis 2.0
The Digital Package on Simplification marks a fundamental shift from regulatory expansion to consolidation.
It sets the foundations for a Digital Acquis 2.0 — a unified, transparent, and innovation-oriented legal framework that strengthens Europe’s position as a global leader in digital governance.
If adopted, the Digital Package on Simplification could become a model for how the EU modernizes complex legislation without compromising its core values of privacy, security, and accountability.
On the topic, you can read the following article that goes in details on one of the most relevant changes that the Omnibus Package shall introduce “EU Commission to codify legitimate interest as legal basis for AI training: a turning point for GDPR and innovation“.