Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.
The European Commission's communication on the Data Union Strategy published 19 Nov., but the news got buried under numerous posts about the eagerly awaited Digital Omnibus Regulation Proposal. Both developments, together with the European Business Wallets proposal, form the Digital Package — a set of initiatives aiming to simplify the EU's digital rulebook and boost innovation, and, consequently, improve Europe's competitiveness.
The Data Union Strategy is not a legislative proposal but an important initiative outlining the Commission's action plan on making more high-quality data available for artificial intelligence and completing the EU's single market for data. The efforts to establish the data single market started in 2020 with the European strategy for data, which led to the adoption of the Data Act, the Data Governance Act and the introduction of the common European data spaces.
However, access to data in Europe is still limited by a fragmented legislative environment, data shortage and lacking infrastructure, and global competition over data as a strategic asset. To address these challenges, the Data Union Strategy proposes actions across three pillars.
The first focuses on enhancing access to large amounts of high-quality, domain-specific and up-to-date data and establishing sufficient computing infrastructure for its use in AI-related projects across Europe. This will be done through enhancing already existing tools, such as the European Health Data Space and other data spaces, and connecting them with new initiatives, such as the data labs project and the Cloud and AI Development Act, into a unified and coherent system.
The second pillar aims to streamline fragmented EU data rules. For that, the Commission presented the Digital Omnibus package composed of two legislative proposals. These proposals introduce targeted amendments to the EU's data and cybersecurity rules as well as the EU AI Act. In addition, the Commission intends to support businesses' compliance efforts, including through the Data Act legal helpdesk still planned to launch this year, guidance on reasonable compensation and establishment of automated compliance through the one-click compliance.
The third pillar sets out actions to safeguard the EU's data sovereignty and consolidate its position on international data flows. The Commission is planning several initiatives to secure data not only within the EU but also once it leaves its borders, as well as to establish a safe and fair international data sharing environment.
This includes embedding fair data sharing rules in digital trade agreements and developing tools in Q2 2026 to determine the treatment of EU entities abroad and address any unjust practices. In the second half of next year, the Commission is planning a package of targeted measures to improve EU sensitive nonpersonal data protection.
The Commission will also work on connecting the EU's data sharing ecosystem with its trusted partners, including by promoting the European Trusted Data Framework in its international affairs and potentially developing a trust label to evaluate the maturity of data spaces.
Finally, it is planned to promote the European data governance model internationally, such as in the G7, G20, the Organization for Economic Co-operation and Development and U.N. environments, as well as with candidate countries and neighbors. The Commission will also aim to enhance the EU's digital partnerships, including through shared projects on high-value public data flows and agreements on sensitive data and government access.
The Data Union Strategy also clarifies the governance of the EU's data framework, which will be led by the European Data Innovation Board, initially established under the DGA. For stakeholders, the main sectoral feedback platform will be the Apply AI Alliance launched as part of the Apply AI Strategy.
A lot of specific actions are planned by the Commission in its Data Union Strategy, but there may be even more changes coming. The Commission has just launched the digital fitness check to further assess the EU's digital rules simplification needs, as they were apparent from the Digital Omnibus consultation submissions. The digital fitness check is open for consultation until 11 March 2026 and is planned to be revealed in the first quarter of 2027.
Laura Pliauškaitė is European operations coordinator for the IAPP.
This article originally appeared in the Europe Data Protection Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.
