On November 19, 2025, the European Commission released the Digital Omnibus package, aiming to modify the AI Act, GDPR, ePrivacy Directive, Data Act, and multiple cybersecurity frameworks in one move. The term “simplification” appeared 23 times in the press release.
A week earlier, 127 civil society organizations issued an open letter warning that the package could lead to the largest rollback of digital rights in EU history.
The word “simplification” was chosen carefully by the Commission. Simplification sounds appealing and uncontroversial.
In reality, the Omnibus proposes significant changes: delaying core AI Act obligations for high-risk systems by up to 16 months, introducing a new legitimate interest basis under GDPR for AI model training on personal data, narrowing the definition of personal data, and eliminating the requirement for AI providers and deployers to ensure staff AI literacy.
These are structural concessions, not mere edits.
The logic is that Europe must ease compliance burdens to compete with the US and China in AI.
Mario Draghi’s 2024 competitiveness report highlighted the EU’s missed digital revolution, growing US productivity gap, and the role of regulation. The Omnibus tries to address Draghi’s findings, but it’s misguided.
The Omnibus assumes regulation is the obstacle. Remove regulation, the theory suggests, and European AI companies will thrive. But evidence suggests otherwise.
Columbia Law Professor Anu Bradford, in a 2024 paper, argued that the tech gap between the EU and the US isn’t due to strict digital regulations.
The issue lies deeper: lack of a unified digital market, fragmented capital markets, restrictive bankruptcy laws, and a challenging immigration system.
Bradford’s argument challenges the Omnibus. Europe had minimal tech regulation before 2010, yet it didn’t produce tech giants.
Numbers confirm this. The State of European Tech 2025 report shows US startups attract significantly more funding than European ones.
Almost half of European deep tech spinout funding comes from outside Europe, mainly the US. Many European unicorns relocated abroad not because of GDPR, but for capital and large markets.
This structural issue can’t be solved by the Omnibus, which addresses symptoms, not causes.
The Omnibus risks dismantling the EU’s regulatory achievements like GDPR, Digital Services Act, Digital Markets Act, and AI Act, which set global standards.
GDPR became the “Brussels Effect,” influencing major US tech companies to adopt it as a global standard.
When the AI Act took effect, it positioned the EU as a leader in AI governance, with other regions watching its enforcement.
This regulatory credibility offered a competitive edge, influencing norms and offering a trust premium. Now, the Commission plans to weaken it before its impact can be assessed.
The Omnibus is driven by anxiety over US tech supremacy and deregulation. But deregulation favors capital-rich incumbents, not Europe lacking such assets.
Loosening rules won’t create US-like conditions but removes Europe’s unique approach.
Paradoxically, Draghi’s report doesn’t recommend dismantling regulation. It suggests closing overlaps, accelerating enforcement, and investment. Proposals include a European research agency, a large R&D budget, and a capital markets union—challenging but necessary reforms.
In contrast, the Omnibus costs nothing and faces no industry pushback. It’s an easy path framed as reform.
Some Omnibus provisions are reasonable. Extending compliance deadlines without published standards makes sense. The European Parliament acknowledges this complexity.
In March 2026, it supported delaying high-risk AI deadlines but set firm dates, shortened grace periods, banned AI “nudification,” and retained limited AI literacy obligations.
The Parliament aims for a balance between practical adjustments and retreat.
But the overall direction affects those who believe regulation can coexist with innovation and that Europe’s long-term competitiveness relies on proving this.
The Jacques Delors Centre warned that the Omnibus could increase legal uncertainty and create loopholes rather than reduce complexity, risking digital sovereignty.
The belief that deregulation benefits European startups assumes they, not American giants, will benefit. History indicates otherwise.
The Digital Fitness Check suggests more potential targets, like the Digital Services Act and Digital Markets Act, which regulate algorithmic amplification and monopolies.
Weakening them doesn’t aid European competitiveness but strengthens those Europe tried to control.
What the Commission is doing isn’t simplification but conceding to a narrative where fewer rules equal innovation. Europe spent decades creating a unique, enforceable framework for future technologies.
Despite its flaws, it was real and Europe’s own.
Dismantling it to copy a US approach dependent on factors Europe lacks isn’t strategic. It’s geopolitically akin to selling furniture to pay the heating bill—the house gets colder regardless.