EU Digital Omnibus: Why simplifying digital rules matters for Finnish industry
The European Commission published a major Digital Package on 19 November. Its proposals — together with the recently released Apply AI Strategy — will shape the EU’s digital agenda for years to come.
The regulatory part of the package comes through two “Digital Omnibus” initiatives designed to simplify existing EU digital legislation: one focuses on the AI Act, and the other on wider data and cybersecurity rules, including proposed changes to the GDPR. What do the regulatory proposals look like from the perspective of Finland’s technology industry? Deputy Director of EU Affairs Jussi Mäkinen answers questions.
Why has the European Commission introduced the Digital Omnibus package now? What are its main aims?
– The aim of the package is to accelerate digital development in Europe, especially in artificial intelligence. It also fixes clear inconsistencies in the EU regulatory acquis. It suggests the Commission recognises that rushing the regulation before the market has not provided European companies with competitive advantage. This was also one of the main messages in Mario Draghi’s competitiveness agenda.
How well does it achieve these aims?
– The proposal is definitely a step in the right direction, though not yet a decisive one. The proposed GDPR reforms are the most ambitious ones and quite straightforward, seeking to pave the way for creating a clear ground for AI model development. However, they have already created a significant backlash from some groups in Parliament. The real impact can only be assessed after the legislative process in the European Parliament and Council is complete.
Which concrete compliance burdens does the Package reduce for companies, especially in the Finnish technology industry?
– One concrete improvement is the move to make the AI Act’s implementation more workable by aligning timelines and linking key duties to the availability of standards. This reflects a key lesson from the GDPR: implementation must be standardised and interoperable.
Where should the Package have gone further? What obvious needs remain unaddressed?
– The package does not sufficiently address manufacturers’ concerns over access to and use of data. As a result, unnecessary restrictions in supply chains may remain.
Is Europe shifting from being a “global digital standard-setter” to “competitiveness first” or trying to do both? What does this mean for trust, investment and digital sovereignty?
– The rationale for the EU being the global standard-setter was to grant a competitive edge to European companies. That advantage has not materialised, while Europe’s digital uptake has lagged. The Commission is now trying to spark investment in digital technologies. The key requirement is the quality and predictability of the regulatory acquis. The best way to achieve sovereignty is through fair competition, increasing investments, and generating demand for solutions that incorporate the European values.
Civil-society groups argue that core rights safeguards are being rolled back. Do any protections weaken in practice?
– There is a wide gap between regulations and their practical implementation. Strong European values are best protected by rules that are clear, predictable and efficiently enforced — and by a digital market where trustworthy new services can thrive.
Some critics claim that the Digital Package is a political gesture towards a US Big-Tech-led push for deregulation. Is the EU rewriting its digital rulebook because of American pressure?
– No. The Commission is rewriting the rules because Europe’s digital progress has been sluggish. The Commission’s Digital Decade report shows low levels of data and AI uptake among European companies. According to an estimate by the Confederation of Finnish Industries, compliance with the EU acquis costs Finnish companies around EUR 6 billion per year, with the largest share linked to GDPR obligations. Together these signals echo Draghi’s message: Europe is falling behind in digital development, and one key reason is an overly complex and inconsistent regulatory environment.
Is the Package future-proof — or will we be revisiting these rules again in two years?
– A remarkable proportion of the Digital Omnibus is to correct errors made in the legislative process – in other words, rushing with the regulation before there is a market. The important lesson to be learned is that it is not wise for the legislator to try to micromanage the way to success. The only way for future-proof regulation is to understand the market and technology and create steady principles that strike the right balance between risk and profit, market power, and access to data.
Additional information
