Make Europe’s digital rulebook work for competitiveness: Quality and the Single Market first
The European Commission’s Digital Fitness Check offers a timely opportunity to examine the EU’s growing digital rulebook as a whole. As digital and adjacent legislation accumulates across strategic sectors, it is essential to ensure that the framework works coherently in practice. In its response, Technology Industries of Finland outlines concrete ways to improve the consistency, quality and Single Market impact of the EU’s digital regulatory framework.
For European tech-intensive industry, the key challenge lies in how the digital rulebook functions in practice. When rules overlap, interact unpredictably, or are interpreted differently across Member States, companies face uncertainty, duplicative obligations, and compliance costs that make cross-border scaling more difficult than selling outside Europe .
If Europe wants competitive digital services, investment and cross-border growth, the digital rulebook must strengthen, not weaken, the Single Market.
Put quality and consistency first, and restore the link to the Single Market
The starting point should be straightforward: prioritise legal certainty over regulatory expansion. The Fitness Check should focus on fixing what already exists by aligning core definitions and concepts across the EU digital acquis. This alone would reduce uncertainty, overlapping obligations, and compliance costs for any company operating in more than one Member State.
That work should be paired with a clear policy discipline for the remainder of the European term. Where legislation has only recently entered into application, the priority should be adoption and stable implementation. New initiatives should be limited to measures that clearly build the Single Market, remove bottlenecks, and facilitate trusted data flows with third countries.
In practical terms, “quality and consistency” means designing rules for uniform implementation:
- Prefer regulations over directives in digital policy, to avoid fragmentation created by divergent national transposition.
- Make the risk-based approach real, so that requirements genuinely adjust to the risks posed to individuals and society, and do not create disproportionate burdens in low-risk contexts.
- Ensure predictable timelines. Where compliance depends on harmonised standards, application should, as a rule, begin no earlier than 12 months after the relevant standards are available.
- Protect proportionality through prospective application and non-retroactivity. New requirements should apply to products and services placed on the market after the date of application, not to existing deployments built under earlier rules.
- Require systematic, collaborative ex ante impact testing, including the preparation of standards and model contracts, to ensure new digital legislation is workable, innovation-friendly, and future-proof.
- Develop machine-readable regulation with open APIs to enable automated compliance and reporting, ensure digital reporting tools are in place before new obligations apply, and streamline existing reporting requirements through digitalisation and automation.
Harmonise enforcement so that scale is possible
Even excellent rules fail if enforcement fragments. The Fitness Check should address enforcement coherence as a Single Market issue: coordination, guidance and capable regulators determine whether companies can scale across borders.
Europe should learn from the GDPR experience and strengthen alignment of enforcement for AI and data laws. The EU’s AI Office should play a strong role in harmonising AI Act enforcement, and the European Data Innovation Board should ensure uniform enforcement of the Data Act while evolving toward a credible counterpart to the European Data Protection Board. Formal cooperation channels between data, competition, consumer and AI authorities should become standard practice, supported by joint training and thematic coordination.
Use digital to complete the Single Market: RegTech and real-time economy building blocks
Regulatory technology can turn complexity into predictable processes. The Commission should promote RegTech tools that simplify compliance and reduce reporting burdens, especially for SMEs, and ensure these solutions are accessible through practical delivery channels.
In parallel, Europe should invest in the enabling “soft infrastructure” of the real-time economy: interoperable building blocks that make cross-border business processes and reporting easier and more automated. This includes digital identity for companies via a European Business Wallet, common standards for reporting formats and input data, and interoperable data exchange infrastructure that prevents fragmentation and lock-in.
Cybersecurity: focus public action where it adds value
Cybersecurity is primarily implemented by the organisations that own and operate systems and manage their risks. Public authorities should set clear requirements, support situational awareness and effective supervision, and avoid approaches that shift the focus toward compliance theatre.
EU action should strengthen the Single Market for cybersecurity capabilities by sharpening ENISA’s operational mandate and improving European situational awareness. Supply-chain security should be addressed through mechanisms that identify and manage non-technical risks, while support measures should prioritise helping data owners adopt risk-management solutions.
Back to factory settings: a regulatory orientation built for the Single Market
The Digital Fitness Check can become more than a stocktake. It can be a reset of how Europe builds digital regulation.
The objective should be simple: a coherent rulebook that enables scale across borders, supports investment, and protects fundamental rights through predictable and proportionate rules. That requires fewer rushed additions and more disciplined engineering of what already exists: aligned definitions, uniform implementation, genuinely risk-based obligations, enforceable timelines, and tools that make compliance scalable.
Europe does not need a larger digital rulebook to be strong. It needs a better one, designed to complete the Single Market in practice. The Fitness Check is the moment to return EU lawmaking to its factory settings: necessity, consistency, quality, and a clear link to market-building outcomes.
Lisätietoja
