Brussels Sets Out Digital Reforms to Ease Compliance for EU Businesses

Key Takeaways

• Digital Package Savings: The Commission estimates up to €5 billion in administrative cost reductions by 2029 through simplified digital rules.
• European Business Wallets: New digital identity and document tools for companies could unlock up to €150 billion in annual savings.
• AI Act Timeline: High-risk AI rules would apply only once required technical standards and support tools are available, giving companies up to 16 months to comply.
• Cybersecurity Reporting: A single-entry point is proposed to consolidate multiple incident-reporting obligations across the NIS2 Directive, GDPR, and DORA.
• Data Union Strategy: The Commission aims to expand access to high-quality data for AI while reinforcing protections for sensitive non-personal data.

Deep Dive

The European Commission has presented a package of digital measures intended to reduce administrative burdens and support business growth across the EU. The initiative is designed to help companies focus more on innovation while maintaining the bloc’s standards for fundamental rights, data protection, safety, and fairness.

According to Commission estimates, the digital measures could save businesses up to €5 billion by 2029. The European Business Wallets, which will allow companies to manage verified documents and communications digitally across Member States, could generate a further €150 billion in savings each year.

Digital Omnibus Targets AI, Cybersecurity, and Data Requirements

A central part of the package is a digital omnibus that consolidates and simplifies rules covering artificial intelligence, cybersecurity, and data.

For AI, the proposal adjusts the timeline for applying high-risk requirements. Companies would only need to comply once the necessary technical standards and support tools are available, with a maximum window of 16 months. Targeted amendments to the AI Act include extended simplifications for SMEs and small mid-caps, expanded access to regulatory sandboxes, and strengthened central oversight through the AI Office.

In cybersecurity, the Commission proposes a single-entry reporting interface to replace the current system in which companies must notify incidents under multiple frameworks. The unified reporting point will undergo extensive testing and include security safeguards.

Targeted amendments to the General Data Protection Regulation (GDPR) are also included. These changes are meant to clarify and harmonize certain rules without altering the regulation’s core protections. Updated cookie provisions aim to reduce repeated pop-ups by allowing users to store preferences through browsers or operating-system settings.

Data Rules Consolidated Through the Data Act

The package introduces further measures to simplify data access and use. The Commission plans to consolidate four existing legal instruments under the Data Act to improve clarity. Some cloud-switching obligations for SMEs and SMCs would be temporarily exempted, generating an estimated €1.5 billion in one-off savings.

Model contractual terms and standard clauses will be issued to support compliance with data-sharing provisions. The Commission also plans to improve access to high-quality datasets to support AI development across the EU.

Data Strategy and Digital Tools to Reduce Administrative Burdens

The package also includes a Data Union Strategy, which introduces additional measures to expand access to high-quality data for AI development. These actions range from creating data labs to establishing a Data Act Legal Helpdesk to support organizations with compliance. The strategy also sets out safeguards for sensitive non-personal data and offers guidance for assessing how EU data is treated in non-EU jurisdictions, reinforcing the bloc’s approach to data governance.

Alongside this, the European Business Wallets are designed to make routine administrative tasks for companies easier to manage across all Member States. The wallets will allow businesses to sign, timestamp, seal, store, and exchange verified documents electronically, reducing the need for in-person procedures and simplifying interactions with public authorities and other businesses.

The proposals now move to the European Parliament and the Council for further consideration. In parallel, the Commission has launched a Digital Fitness Check, open until March 11, 2026, to evaluate how the EU’s digital rulebook supports competitiveness and to assess the cumulative impact of existing digital legislation. These initiatives form part of the Commission’s broader simplification effort, which aims to reduce administrative burdens by at least 25% overall and 35% for SMEs by 2029.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.