The European Commission’s Omnibus VII simplification package marks a strategic reset of the European Union’s digital governance, targeting overlapping rules in Artificial Intelligence, data, cybersecurity and privacy that have driven up compliance costs and complexity. Backed by the wider Digital Omnibus and Data Union Strategy referenced in press release IP/25/2718, the reforms are framed around making regulation more predictable, less administratively burdensome and more supportive of innovation, particularly for organisations without large compliance teams.
Obligations under the Artificial Intelligence Act are made more practical and business friendly by linking the start of high risk rules to the availability of support tools and standards, giving businesses up to 16 months of breathing room instead of having to work to a fixed date. Simplified technical documentation requirements are extended beyond small and medium sized enterprises to small mid cap companies, which is intended to cut recurring administrative costs. New regulatory sandboxes, including an EU wide sandbox in 2028, are designed to make it easier to test Artificial Intelligence systems without legal risk, while a strengthened Artificial Intelligence Office is expected to reduce inconsistent national interpretations and deliver more consistent oversight.
Cybersecurity incident reporting, currently fragmented across GDPR, NIS2, DORA and sector specific regimes, is consolidated into a single reporting channel to replace the existing multi law patchwork. This is expected to reduce duplication, follow ups and conflicting deadlines so that compliance teams can focus more on risk mitigation and less on coordination overhead. Data governance is also streamlined, with Data Act rules consolidated into one clearer framework and exemptions to cloud switching obligations for SMEs and SMCs expected to save around €1.5 billion in one off costs. Ready to use contractual templates and tools such as a new Data Act Legal Helpdesk are intended to cut bespoke drafting needs and reduce compliance guesswork, while easier access to high quality datasets is positioned to support Artificial Intelligence development.
Privacy and cookie rules are modernised through clearer GDPR guidance and moves to tackle cookie fatigue via browser level settings and simplified consent flows, aiming to deliver fewer banners and a better user experience without lowering protection standards. A new European business wallet is highlighted as a potentially transformative change, providing a single digital identity for companies across all 27 Member States and enabling them to digitally sign, seal and timestamp documents, exchange verified records securely, and interact with public authorities without in person steps, with potential savings of up to €150 billion per year through reduced administrative burden. Across these measures, projected administrative cost reductions are described as substantial, with reduced administrative costs up to €5 billion in savings projected by 2029. Omnibus VII is characterised as the most transformative simplification package so far, consolidating overlapping data laws, streamlining Artificial Intelligence Act obligations, harmonising cybersecurity reporting and simplifying GDPR breach notification, while creating a unified compliance architecture across digital, Artificial Intelligence and cybersecurity domains.
