To stimulate the competitiveness of the European Union the Commission is set on a bold course of simplification and consolidation of the digital rulebook.
What is the digital rulebook?
The Digital Rulebook, also known as the ‘digital acquis’, is the body of EU legislation governing emerging digital technologies, cybersecurity, online platforms and electronic communications. It is a set of rules that supports innovation, promotes fair competition, protects consumers, ensures data privacy, and addresses challenges arising from the digital transition.
This body of rules exists to safeguard our European values and standards. However, as it has grown to keep pace with the technological and innovation landscape, it has exposed our businesses to high compliance costs and, in some cases, legal uncertainty.
Why does the digital rulebook need to be revised?
The 2024 Draghi report attributes the competitiveness deficit of the EU in part to administrative burdens and regulatory inconsistencies. Specifically, the report points out that the regulatory environment places too many constraints on innovation, especially in the digital sector, and hampers European start-ups looking to scale up.
For the 2024-2029 mandate the Commission pledged to address the failures identified in the Draghi report and embarked on a simplification effort.
What is the Digital Omnibus?
The Digital Omnibus adopted by the Commission in November 2025 takes the shape of two distinct proposed regulations:
Digital Omnibus covering data, cybersecurity and privacy rules
Examples of proposed revisions of existing rules:
- A single-entry point for all cybersecurity incidents and data breaches reports
- Merging of the provisions of the Data Governance Act, the Open Data Directive and the Free Flow of Non-Personal Data Regulation, into a single, restructured, Data Act
- Repeal of the ‘P2B Regulation' (platform-to-business regulation), the provisions of which were partially made redundant by the Digital Services Act
Read all proposed regulatory revisions of the Digital Omnibus
Digital Omnibus on AI
The Digital Omnibus on AI puts forward a series of targeted amendments to the AI Act, including:
- Aligning the deadline for applying high-risk obligations, with the availability of related standards and support tools
- Extending certain simplifications granted to SMEs
- Rationalising the governance by granting the AI Office more oversight
Read all proposed amendments to the AI Act
The Digital Package
The November Digital Omnibus comes with two additional proposals aligned with the omnibus’ business-friendly agenda, all together they make the 'Digital Package':
- Data Union Strategy to improve access to first-rate data
- European Business Wallets to simplify paperwork and make it easier to do business across EU Member States
New measures to simplify compliance with EU cybersecurity rules
On 20 January 2026, the Commission has proposed a new cybersecurity package to further strengthen the EU’s cybersecurity resilience and capabilities in the face of these growing threats, including amendments to the NIS2 directive.
These measures aim to simplify compliance with EU cybersecurity rules and risk-management requirements for companies operating in the EU. The amendments will simplify jurisdictional rules, streamline the collection of data on ransomware attacks and facilitate the supervision of cross-border entities with ENISA’s reinforced coordinating role. This will ease compliance for 28,700 companies, including 6,200 micro and small-sized enterprises.
The revised Cybersecurity Act also aims to reduce risks in the EU’s ICT supply chain from third-country suppliers with cybersecurity concerns. It sets a trusted ICT supply chain security framework using a harmonised, proportionate and risk-based approach. Recent cybersecurity incidents have highlighted the major risks of vulnerabilities in the ICT supply chains, which are essential for critical services and infrastructure.
How is the Commission approaching the modernisation of the digital rulebook?
The Commission has been actively engaging with stakeholders ahead of the review exercise.
It issued an online call for evidence which received substantial feedback.
Executive Vice-President Virkkunen held two implementation dialogues with key stakeholders, one on data, one on cybersecurity, and an additional High-Level Political Dialogue on the future of AI Policies. Commissioner McGrath also held an implementation dialogue on GDPR. More implementation dialogues will take place in the coming months.
Furthermore, the Commission’s services conducted several ‘reality checks’ -- deep-dive focus groups with businesses and civil society representatives. And a dedicated SME panel was run via the Enterprise Europe Network.
These exercises have enabled the Commission services to prioritise amendments most impactful for business for this first Omnibus. An account of this preparatory work is available in the Staff Working Document accompanying the Omnibus.
What are the next stages of the plan for the simplification of the digital rulebook?
The November Digital Omnibus proposal is a first step, which will now be discussed by the co-legislators.
The Commission is already looking at further simplification efforts and is undertaking a ‘stress-test' of the Digital Rulebook, also known as the Digital Fitness Check. The Fitness Check will study the interplay between the different rules and their cumulative impact on businesses.
Stakeholders are invited to contribute their views before 11 March 2026.
An agile digital rulebook - All the latest
Related Content
Main pieces of legislation covered in the November Digital Omnibus
The AI Act is the first-ever legal framework on AI, which addresses the risks of AI and positions...
The NIS2 Directive establishes a unified legal framework to uphold cybersecurity in 18 critical...
The Data Act is a comprehensive initiative to address the challenges and unleash the opportunities...
The ePrivacy Directive and the General Data Protection Regulation help ensure digital privacy for EU...