On September 16, 2025, the European Commission published a call for evidence on possible changes to European digital regulations. The main objective of this call for evidence is for the European institution (which, it should be noted, has sole competence to issue proposals for European legislation) to gather information, research, and best practices from the public and stakeholders on possible legislative initiatives. The aim here is to consider amending various pieces of digital legislation as part of the imminent initiative known as the “Digital Omnibus” (or “Digital Package on Simplification”).
What exactly are we talking about?
Overall objective of the proposed amendments
The overall objective of the Digital Omnibus initiative is to reduce the administrative compliance costs for businesses, administrations, and citizens in the European Union when applying several regulations in the digital acquis, while ensuring that the objectives of the underlying rules are not compromised.
The European Commission’s approach aims to create a more favorable (and therefore hopefully more innovative) business environment by reducing the administrative burden and costs for businesses. The Commission’s objective is to reduce the administrative burden by at least 25% for all businesses and by at least 35% for small and medium-sized enterprises (SMEs).
Regulations targeted by this call for evidence
The published call for evidence seeks to gather views from various stakeholders on possible simplifications in areas where complexity of implementation, fragmentation of enforcement at national level, and misalignment of enforcement approaches have emerged. The Digital Omnibus measures specifically target the following areas:
- Data legislation (including the Data Governance Regulation, the Regulation on the free flow of non-personal data, and the Open Data Directive) and cookies
The objective of data legislation is to reduce compliance costs for businesses regarding data access, use, and sharing by reducing fragmentation of rules and providing clarification.
Regarding cookies, the aim would be to reduce cookie consent fatigue, strengthen users’ online privacy rights, and provide pragmatic clarification on the rules relating to cookies and other tracking technologies (as set out in the ePrivacy Directive) to increase the availability of data for businesses.
- Cybersecurity
As expected, the future rules (if finalized) should minimize the costs for businesses and operators arising from cybersecurity incidents and data breach reporting obligations, which are regulated by various EU rules (GDPR, NIS2, AI Act). Here, the European Commission intends to streamline reporting processes while maintaining a high level of cybersecurity protection.
- Artificial Intelligence (AI Act)
Regarding the Artificial Intelligence Regulation (AI Act), possible future interventions would aim to ensure the optimal application of the recently adopted rules and provide legal predictability to companies that are about to apply the rules. They should seek to address already identified implementation issues, considering the needs of small businesses and facilitating smooth interaction with other legislation.
- Digital identity
Future measures should reduce compliance costs and also improve legal clarity for key players involved in the European Digital Identity Framework, including with a view to proposing a European electronic business wallet (the “EU Business Wallet”).
Conclusion
The call for evidence builds on three previous consultations and calls for evidence on the data union strategy, the revision of the Cybersecurity Act, and the Apply AI strategy.
Interested parties have until October 14, 2025, to submit their ideas and proposals via the website provided by the European Commission. Please note that the feedback received is published (there are currently nearly 300 available for consultation).
Data Protection Institute will, of course, inform you of the proposed changes as soon as they are available.