Long viewed as a regulatory leader in areas like artificial intelligence regulation and data privacy, the European Union seems to be rethinking its approach. The European Commission recently proposed a digital package of policy changes that could reportedly scale back some of the EU’s most renowned regulations on AI, data and cybersecurity, including the AI Act and the General Data Protection Regulation (GDPR).
What Is the European Union’s Digital Package?
The digital package is a set of proposed policy changes that would impact key pieces of legislation in the European Union, including the AI Act, General Data Protection Regulation and ePrivacy Regulation. The package’s overall goal is to create a regulatory environment that’s easier for businesses to navigate, thanks to simplified AI and data privacy requirements.
On the other hand, the package could give European businesses the boost they need to accelerate technological innovation throughout the continent and close the gap with their American counterparts, offering a reprieve from the EU’s notoriously strict laws.
“There’s been a lot of scrutiny and complaints from businesses that this is making us sort of uncompetitive and unable to compete with large global tech firms,” Jasmine Agyekum, an associate at international law firm Clifford Chance, told Built In. “So I think the digital package is almost a response saying, ‘We’ve heard you. We’ve heard the call to promote innovation, rather than regulation.’”
While a potential win for European companies, the package could throw into question the EU’s commitment to people’s digital rights as well. Its official adoption could then deal a major blow to proponents of AI guardrails, possibly paving the way for deregulation efforts as prominent tech players impose their will on any opponents who stand in their way.
It’s worth noting, however, that much remains unclear, as the package is still under review and formal negotiations aren’t expected to start until mid-2026. Here’s what we know so far.
What’s Included in the EU’s Digital Package?
The EU’s digital package encompasses a digital omnibus, data union strategy, digital wallet system and digital fitness check. Here’s a closer look at each component.
Digital Omnibus
The digital omnibus proposes changes that could affect several pieces of EU legislation. Starting with the AI Act, the omnibus reduces the amount of technical documentation required for small and medium businesses and small mid-cap companies; allows for more real-world testing of AI models; and further centralizes the governance of all AI systems under the EU’s AI Office. Perhaps most significantly, the omnibus would delay the addition of “high-risk rules” to the AI Act until 2027, giving businesses more time to adjust their operations.
Pivoting to data security, the omnibus would establish a single framework for companies to report cybersecurity incidents in compliance with several EU data laws, including the GDPR. It would also introduce other amendments to simplify the EU’s data regulations, including:
- Offering saved cookie preferences in browsers, so users only have to engage with cookie banner pop-ups once.
- Exempting certain small and medium businesses and mid-cap companies from being subjected to cloud-switching rules under the Data Act.
- Granting European AI companies greater access to high-quality data sets.
- Bringing the ePrivacy Regulation under the GDPR to create a single data protection framework for companies to follow.
These are just a few provisions under the omnibus, with the overall goal of minimizing the red tape tech companies must navigate to stay in compliance with the EU’s AI, data protection and cybersecurity best practices.
Data Union Strategy
The data union strategy serves as a detailed plan for connecting European AI companies to larger amounts of high-quality data to train their AI models. To create cheaper and less restricted access, the strategy calls for data labs that use “both private and public resources” and more “data spaces” across various sectors, with the long-term goal of cultivating a “Single Market” for finding training data.
This amendment promotes access to more public data under the Open Data Directive as well, allowing AI companies to reuse “30 million digitized cultural objects” for training purposes. Investment in other avenues, such as synthetic data, is also encouraged to give AI researchers and European businesses more data options.
European Business Wallets
European business wallets would act as a “unique digital identity” tool that enables users to quickly confirm their credentials and those of other parties involved in transactions. Within this system, users could create documents marked with a distinct digital signature, making it easier to conduct secure transactions with governments across the EU. As a result, this digitized approach is expected to help businesses cut down on paperwork, travel time, workflow bottlenecks and operational costs.
Digital Fitness Check
In light of these initial amendments, the digital package pushes for the review of all the EU’s digital laws. While legislators debate the digital omnibus, businesses, researchers, the general public and other stakeholders are encouraged to share suggestions on other actions they believe should be taken before a deadline of March 11, 2026. This process constitutes what’s known as the “Digital Fitness Check,” ensuring all EU digital regulations are properly scrutinized to determine if more changes are necessary.
Why Is the EU Adjusting Its Stance on Tech Regulation?
Voices both within and outside of the European Union have put pressure on the bloc to loosen its digital regulations, with technological advancement in mind.
Internal Fears That Europe Is Falling Behind
A leading critic of the EU’s current regulatory approach has been Mario Draghi, perhaps best known for his eight years as president of the European Central Bank.
In 2023, Draghi was tasked with creating a report on the EU’s competitiveness known as the Draghi report. Released in September 2024, the report claims that “Europe is lagging in the breakthrough digital technologies that will drive growth in the future.” It goes on to cite how the U.S. has produced 70 percent of foundational AI models since 2017 and accounts for more than 65 percent of the global and European cloud markets. Notably, the report highlights “regulatory barriers” as a reason why Europe has fallen behind the U.S. in the tech sector.
Draghi has stood by these findings, more recently warning that the EU will continue to fall further behind in areas like AI because of its strict regulations. According to Draghi, “If we do not close the gap compared to other countries and do not adopt these technologies on a large scale, Europe risks a future of stagnation.”
External Pressure From President Trump and the US Tech Industry
While Draghi has urged the EU to reconsider its own rules, demands for change have been even louder from the Trump administration and American tech companies. It’s not surprising that U.S. Big Tech has been critical of the EU, considering that giants like Meta, Apple and Google have found the bloc’s laws to be at odds with their business interests. But Trump’s increasing involvement has taken the issue to a new level.
Having spent years attacking the GDPR, the president has expanded his criticisms to include other EU regulations like the Digital Services Act. He’s even gone so far as to threaten tariffs against EU countries that continue to enforce these laws, arguing that the rules “are all designed to harm, or discriminate against, American technology.”
Whether these claims are valid or not, the EU has taken them seriously. In May, Henna Virkkunen — the EU’s Executive Vice-President for Tech Sovereignty, Security and Democracy — actually met with major tech CEOs in San Francisco and Washington, D.C. to assure them that “policies to improve the business environment in the EU” were in the works. It seems the digital package is the culmination of this policy shift, signaling that Europe might be falling in line with the deregulatory vision of Trump and American tech leaders.
What Could This Mean for Digital Rights?
Although the European Commission has branded the digital package as a “simplification” of EU regulations, other groups see it as a direct attempt at deregulation that could spell trouble for people’s digital rights.
For instance, the Center for Democracy and Technology argues that expanding data access for AI training is essentially “striking at the heart of the right to data protection as recognised in foundational EU treaties.” Meanwhile, European Digital Rights claims that the package weakens the AI Act, GDPR and ePrivacy Regulation, enabling government officials and companies to “process personal information with limited oversight and reduced transparency.”
But given the recommendations shared by Draghi, the EU’s regulatory branches could very well benefit from some pruning. In fact, Agyekum believes that the digital package can simplify some of the EU’s regulations without sacrificing individual rights.
“A lot of the same rights exist under applicable laws, that there is no change,” Agyekum said. “Because what’s happened is there’s just been a flood and flurry of regulations, so much so that subjects aren’t always aware of the rights they have. It’s not a walkback, it’s more — as the EU would frame it — a clarification.”
In the end, it remains to be seen how exactly this digital package will reshape Europe’s regulatory landscape and impact citizens in EU countries when using the internet, AI products, cloud services and more. The one certainty, though, is that this package will shake up the bloc’s digital rulebook — and it could trigger a broader wave of reforms if passed.
Could This Spur an Anti-Regulation Surge?
Proponents of strong regulation may view the passage of the digital package as a loss, but it could always be worse.
According to a press release, the Computer and Communications Industry Association (CCIA) Europe’s head of policy and deputy head of office, Alexandre Roure, doesn’t think the package goes far enough, pushing for wider changes to the EU’s regulatory framework. Meanwhile, Trump is likely to press for further concessions to open up Europe to U.S. businesses as he rallies Americans behind winning the global AI race. Adopting the package may then encourage anti-regulation supporters to ramp up pressure on European officials.
Even then, the EU might not need much convincing as it witnesses the success of other countries. For example, French AI startup Mistral recently released a new set of AI models to keep pace with Google, OpenAI and Anthropic. Yet it doesn’t even come close to challenging American AI dominance compared to China’s DeepSeek and the United Arab Emirates’ K2-Think, reflecting a crowded international industry that European companies have yet to leave a significant mark on.
The bloc may be “simplifying” its laws for now, but more aggressively rolling back its rules may become a necessary sacrifice to accelerate AI development and restore its global relevance in the eyes of European legislators. With the digital package still up for debate, the EU might be at a crossroads where it finally decides to pursue tech dominance and shed its reputation as a protector of personal rights.
“You’ve got businesses, on the one hand, saying, ‘You need to reduce the compliance burden of all of these various regulations,’” Agyekum said. “Versus, on the other hand, being seen as the global standard regulator — the world policeman — for global tech regulation. It’s become increasingly clear that they can’t be both.”
Frequently Asked Questions
What is the digital omnibus, and how will it change the AI Act?
The digital omnibus is a set of policy proposals for reworking EU regulations, most notably the AI Act, General Data Protection Regulation and ePrivacy Regulation. Changes to the AI Act would include reducing the amount of technical documentation required for certain businesses, delaying the addition of ‘high-risk’ rules until 2027 and granting AI companies broader access to personal data for training models.
Why does the EU want to scale back its tech regulations?
The European Union has received criticism from Mario Draghi, former president of the European Central Bank, who conducted a report on the EU’s competitiveness that blamed “regulatory barriers” as a reason why Europe has fallen behind the U.S. and other countries in the tech sector. In addition, the EU has faced strong pushback from Trump, who has threatened to impose tariffs in response to regulations he believes “are all designed to harm, or discriminate against, American technology.”
How could the EU’s digital package affect people’s digital rights?
Groups like European Digital Rights (EDRi) and the Center for Democracy and Technology (CDT) have slammed the European Commission’s digital package for granting wider access to data for AI training purposes by limiting the definition of personal data. Coupled with reduced technical requirements for businesses to follow, this measure could make it easier for AI companies to compile personal data at the expense of individuals’ privacy.
When will the EU’s digital omnibus package go into effect?
The package was proposed in December 2025 and is currently in the legislative review phase. Formal negotiations between the commission, parliament and the council likely won’t begin until spring 2026. If it is passed, the package will likely go into effect in mid-2027, though it could be sooner if parliament fast-tracks it.
