Early in its mandate, the second von der Leyen Commission has demonstrably prioritised regulatory simplification. Following the announcement of the first Sustainability Omnibus in February 2025, the Commission has since proposed similar initiatives across various sectors, including investments, agricultural policy, small and mid-sized enterprises (SMEs), defence readiness, and chemicals. This sustained drive now extends to digital regulation, a commitment underscored by Executive Vice-President Henna Virkkunen[VG1] .
After months of deliberation on streamlining the EU's digital rulebook, the Commission has now announced a comprehensive "Digital Package on Simplification". This package comprises two key components: (i) a Digital Omnibus, designed to streamline legislation in areas such as data, cybersecurity, and AI, and (ii) a Digital Fitness Check, aimed at assessing and reducing administrative burdens within the EU’s digital regulatory framework.
Digital Omnibus
On 16 September 2025, the Commission launched a call for evidence for a "Digital Omnibus." This forthcoming Omnibus aims to introduce targeted adjustments to existing legislation to achieve the same regulatory objectives at a lower administrative cost. It is expected to include proposals for both a Directive and a Regulation, with publication anticipated on 18 November 2025. This tight timeline, allowing minimal time to evaluate feedback from the call for evidence (closing on 14 October 2025), coincides with the Franco-German initiated European Summit on Digital Sovereignty in Berlin.
The rapid turnaround for the Digital Omnibus's publication is facilitated by its reliance on insights gathered from three prior calls for evidence and public consultations concerning the Data Union Strategy, the review of the Cybersecurity Act, and the Apply AI Strategy.
The scope of the Digital Omnibus, as detailed in the call for evidence, is set to amend several key legislative instruments:
- Data Acquis: Specifically targeting the Data Governance Act, the Free Flow of Non-Personal Data Regulation, and the Open Data Directive to streamline rules on data access, use, and sharing.
- ePrivacy Directive: Modernising rules for cookies and other tracking technologies to address "consent fatigue" and enhance alignment with the GDPR. Latest sources indicate that a default opt-in is not likely to be pursued by the Commission.
- Cybersecurity Legislation: Including the NIS2 Directive and the Cyber Resilience Act, to simplify incident and data breach reporting obligations.
- AI Act: Ensuring its smooth application. Following remarks by Mario Draghi advocating for a "pause" on high-risk AI provisions, a potential delay or "stop the clock" proposal has been discussed in Brussels. The Commission is actively addressing industry concerns to facilitate compliance and is closely monitoring standardisation body efforts to ensure timely readiness. It is not yet clear whether any pause in the implementation of the AI Act will take place.
- European Digital Identity Framework: In connection with the forthcoming EU Business Wallet and with a focus on the "one in, one out" principle.
Digital Fitness check
The second component of the Digital Package on Simplification is a Digital Fitness Check, which should be clearly distinguished from the Digital Fairness Fitness Check, whose results were published last year and are likely to lead to further regulation in the area of consumer protection in the form of a “Digital Fairness Act”. The Digital Fitness Check, however, is a broader initiative that will assess the coherence and cumulative impact of the entire EU digital acquis, alongside identifying areas for potential simplification within digital regulation.
An additional public consultation will be organised at a later stage. While the specific legislation to be addressed is not yet fully determined, this is an ongoing process. Multiple fitness checks could be conducted throughout the current Commission's mandate, potentially covering issues such as GDPR simplification and further refinements to the Digital Services Act (DSA).
Conclusion
EU policymakers clearly recognise the complexity, potential for legal uncertainty, and cumulative impact of the expanding digital legislative framework. The "Digital Fitness Check" and targeted Omnibus approach are designed to mitigate these concerns and ensure coherent interaction between laws.
Crucially, despite these simplification efforts, there is an unwavering commitment not to lower regulatory standards, particularly regarding data protection (GDPR) and the AI Act. The focus remains on reducing administrative burdens and enhancing clarity, without diminishing existing protections.
Next steps
The call for evidence, closing on 14 October 2025, marks the beginning of a fast-moving legislative process. Drawing lessons from the first Sustainability Omnibus, swift progression through the European Parliament and the Council is anticipated. Concurrently, the Digital Fitness Check provides a forum for a more thorough discussion and potential review of a broader range of digital legislation.
See below Freshfields thought leadership on ‘Streamlining the EU Digital Rulebook’:
- See Freshfields report on ‘Streamlining the EU Digital Rulebook’ here
- See DOT Europe press release here
