A view from Brussels: Concept of the week — simplification

It took one leak to fire up the community this week. Several news outlets shared the unofficial plans from the European Commission to simplify the EU digital rule book. 

The package contains two draft regulations from the European Commission. The first focuses on the digital "acquis." It lays down technical changes to the existing rulebook across many of its laws: the EU General Data Protection Regulation, the Data Act — which became fully applicable in September 2025, the Artificial Intelligence Act — which is not yet fully applicable, the ePrivacy Directive, and the cybersecurity-focused NIS2 Directive. 

The same draft also proposes the partial repeal of the Data Governance Act, which was adopted in 2022, the regulation on the free flow of nonpersonal data — arguably unused since its adoption in 2018, the platform-to-business regulation, and the Directive on the re-use of public sector information. 

All that to streamline and simplify the implementation of rules. 

The second leak is a draft regulation on the implementation of AI rules — in this case with a big focus on the AI Act, with recognition that many other laws are relevant. The text underlines key implementation challenges of the AI Act: many member states have been too slow at designating — and arguably upskilling — the competent authorities; many aspects of the AI Act still require guidance from the Commission and regulators; and, perhaps more critically, the development and adoption of harmonized standards to support high-risk AI requirements has been a very slow process coming up against application deadline. 

These leaks prefigure the official publication of the Digital Omnibus expected Wednesday, 19 Nov. They are subject to change, and indeed both documents include several notes that the Commission's internal services need to finalize and/or validate some aspects.

The leaks have triggered strongly opinionated initial reactions from civil society, industry, law firms and consumer associations. Some debates are reminiscent of GDPR negotiations over a decade ago, almost existential in nature. Some are questioning whether these proposals would be the end of the EU value-based model that resonates globally. Others were left underwhelmed by changes they see as missing the mark of meaningful simplification. 

There will be plenty of commentary on what the official omnibus proposals will and won't be. It is safe to say that the leaked drafts will not be the final proposals, as leaks are bound to change, even slightly. 

The final proposals will not even be the final products. The texts will go through negotiations with the European Parliament and Council, leaving ample space for stakeholders to weigh in — again. 

The result of the upcoming, thorny and probably lengthy negotiations will also live in the shadow of courts' jurisprudence and regulators' interpretation in practice. For years, both have carved and altered the shape of all these instruments the omnibus is now looking to streamline and simplify. 

One thing is certain: this is the first time, in seven decades of European Commission existence, that it recognizes so fully that the legislation train has gone too far and that streamlining and simplifying is needed to respond to prosperity challenges. 

Isabelle Roccia, CIPP/E, is the managing director, Europe, for the IAPP.