Digital Omnibus

CUT THE RED TAPE.UNLEASH EUROPE'SDIGITAL EDGE.

Europe's complex digital rules undermine our competitiveness — forcing companies to hand over trade secrets, hesitate on AI, and drown in compliance. The Digital Omnibus is the most powerful tool to fix this, but EU decision-makers must slow down to get it right.

€235m
Data Act annual compliance cost on European manufacturers1
€60.2bn
NIS2 + CRA annual compliance cost8
Our Three Asks

Three fixes — one Omnibus

The Case in Full

Three asks, one Omnibus. Here is what each rule costs Europe today, and the fix that restores competitiveness without weakening protection.

01 / 03·Data Act

Make B2B data sharing voluntary by default.

The Problem

The Data Act replaces Europe's growing voluntary data-sharing arrangements with a mandatory regime, requiring manufacturers to hand proprietary operational data and trade secrets to third parties, including competitors outside Europe.

By the Numbers

€88M/yr

Recurring Data Act compliance — manufacturers

EC SWD(2022) 34
€410M one-off

One-off Data Act compliance — manufacturers

EC SWD(2022) 34

In Practice

Smart buildings

A building management system must share its operational data with third parties, some of them competitors, while the same data also sits under the GDPR. Separating the two streams is so costly that providers would sooner drop smart functions.

OutcomeThe energy, security and innovation gains go with them.

Connected trains

Every data point on a train must be classified and checked for trade secrets and scope, across thousands of trains. That is millions of repeat reviews.

OutcomeEngineering effort drained out of innovation and into compliance.
The Fix

Make B2B data sharing voluntary by default.

  • Replace mandatory horizontal data sharing with voluntary frameworks.
  • Empower the Commission to recognise industry codes of conduct.
  • Shift the burden of proof for trade-secret claims back to the requester.
02 / 03·Cyber

Fighting forms instead of attackers.

The Problem

A single cyber incident can trigger overlapping notifications under NIS2, the Cyber Resilience Act, the Cybersecurity Act and the GDPR, each with its own portal, timeline and threshold. The result is a reporting burden that multiplies cost without adding any protection, and it pulls security teams away from stopping the attack to fill in forms during the crisis.

By the Numbers

€60.2bn

NIS2 + CRA cost to EU industry

Frontier Economics
10 FTEs

On NIS2 alone at one EU health-tech firm (≈5% of cyber budget)

DIGITALEUROPE Executive Brief

In Practice

Dutch bank — five frameworks, one incident

A Dutch bank must satisfy five overlapping frameworks, each with different fields, thresholds and deadlines. With no standard interface, every report is filed by hand to national portals.

OutcomeSecurity budget spent on manual, error-prone paperwork instead of defence.
The Fix

A single EU cyber-incident reporting platform.

  • One incident, one report: create a unified EU platform covering NIS2, CRA, CSA, and GDPR.
  • Harmonise definitions, timelines, and reporting thresholds.
  • Free security teams to defend networks instead of duplicating paperwork.
03 / 03·GDPR

Europe's AI and research, stuck in legal limbo.

The Problem

Eight years on, GDPR uncertainty over AI training, pseudonymised data and legitimate interest is pushing investment, talent and innovation out of Europe, at higher cost and with no gain for privacy. Fragmented national research rules then block the private and commercial research that AI depends on, and leaves the European Health Data Space unworkable for industry without a clear definition of scientific research.

By the Numbers

−$1.6bn/yr

US→EU venture investment lost because of the GDPR

NBER WP 33909, 2025
−26%

Less data stored by EU firms vs comparable US firms after the GDPR

Draghi, 2024

In Practice

European bank — AI for fraud detection stalled

A European bank turns to AI for fraud detection and anti-money-laundering, but uncertainty over consent, automated-decision rules and training data stalls deployment, and it slips behind US and Asian rivals.

OutcomeA top-tier bank held back, and skilled hires lost to competitors.

Health platform — research stalls at the border

A health platform serving 80m+ patients needs pseudonymised records to improve diagnostics, but scientific-research derogations differ by Member State — centralised in France, consent-led in Germany.

OutcomeResearch and AI development stall at the border.
The Fix

Legal certainty for AI and research under the GDPR.

  • For AI: enshrine legitimate interest for training (Art. 88c), clarify pseudonymisation, allow sensitive data for bias correction (Art. 4a), and use DPIAs instead of FRIAs.
  • For research: codify a single definition of "scientific research" covering both public and private sectors.
The Coalition

European Associations Call on the Council: Take the Time, Get It Right

0Signatory organisations
0National associations
0EU-level associations

Europe's digital and industrial sectors are speaking with one voice: don't rush the Digital Omnibus, use the time to deliver real simplification. That means rules that boost data-driven innovation, resolve the uncertainty around AI training and data protection, and harmonise cybersecurity reporting.

Read the Full Letter (PDF)
Logos of signatory organisations including AAVIT, adigital, AFNUM, Agoria, Ametic, APPLiA, COCIR, Dansk Erhverv, DEIK, DIGITALEUROPE, Digital Poland, EFPIA, Confederation of Finnish Industries, Eurofinas, Gospodarska zbornica Slovenije, infobalt, ITAS, ITL, IVSZ, LightingEurope, MedTech Europe, NLdigital, PIIT, secimavi, Technology Ireland, TechSverige, techUK, Teknikföretagen, Teknologiateollisuus, and zvei

A coalition spanning the entire continent

Tap a country to see signatories