A Misleading Narrative

With the “Digital Omnibus,” the Commission claims to reduce burdens and simplify regulation for businesses. However, this premise rests on a misleading assumption: that Europe’s innovation is being held back by excessive regulation.

In reality, Europe’s digital challenges stem from structural shortcomings such as insufficient strategic investment, ineffective public procurement, widening digital skills gaps, and a lack of long-term political vision. Blaming regulation for these failures may be politically convenient, but it is factually wrong.

In an increasingly digital society, well-crafted regulation is not an obstacle. It is the foundation for security, innovation, and trust. Without clear rules and accountability, both citizens and businesses lose confidence in the digital systems they depend on.

Data Protection is Digital Self-Determination

Particularly concerning are ongoing attempts to question the principles of the General Data Protection Regulation (GDPR). The GDPR was Europe’s response to the loss of control over personal data: a reaction to mass surveillance and data misuse, from Edward Snowden’s revelations about the NSA to the Cambridge Analytica scandal. It sent a clear message: our privacy is not a commodity.

It represents Europe’s effort to assert digital self-determination. Weakening this framework would not only roll back fundamental rights but also undermine Europe’s geopolitical resilience. It would deepen dependence on foreign technology providers and strip “technological sovereignty” of its meaning.

Instead of watering down data protection, the EU should reaffirm and strengthen it as a foundation for open, trustworthy, and European alternatives – especially through free and open-source software and independent infrastructure.

Simplification Must Not Weaken Digital Safeguards

What is presented as “simplification” can quickly become erosion. The Commission’s current approach risks loosening key safeguards of European digital policy under this seemingly harmless label.

Particularly dangerous would be the “simplification” of cybersecurity incident reporting obligations. In truth, that would mean fewer reports, less insight, and ultimately less protection. As ENISA rightly emphasizes, only by knowing about incidents can we understand threats, identify systemic vulnerabilities, and learn from them. Anyone who truly wants to reduce complexity must streamline processes, not dismantle safeguards.

The same holds true for other frameworks. The recently adopted laws, such as the AI Act or eIDAS 2.0, are not examples of overregulation - they are not even fully implemented yet. Before declaring “too much regulation,” the Commission should ensure that existing rules can actually take effect. Otherwise, what we face is not overregulation, but under-enforcement.

The same logic applies to the sensitive issue of the European Digital Identity Wallet. This is about more than technical standards, it’s about trust. A system that encompasses everything from daily purchases to health and financial data can only succeed if people perceive it as secure. Each new reform or hasty intervention would only create more uncertainty and risk derailing the entire project.

Less oversight does not mean less work – it means more uncertainty. Weakening key safeguards would leave Europe’s digital governance vulnerable at a time when resilience and accountability are most needed.

Europe Needs Stability, Not Deregulation

Europe’s digital regulation of recent years was not an exercise in overregulation. It was a necessary response to growing risks, dependencies, and violations of fundamental rights in the digital space.

Instead of hollowing out these frameworks under the pretext of “simplification,” the Commission should focus on effective implementation, enforcement, and coordination.

Europe’s digital future depends not on fewer rules, but on better ones and on the political will to uphold them.