The European Commission is moving forward with its Digital Omnibus initiative, a wide-ranging effort to simplify the EU’s increasingly dense patchwork of digital regulations.
The programme sits within the Commission’s broader Simpler and Faster Europe agenda and is intended to strip away unnecessary complexity while preserving high standards on data protection, cybersecurity and market integrity, said Moody’s.
At the heart of the initiative is a legislative proposal to streamline and harmonise a broad set of digital obligations. Rather than removing requirements, the Digital Omnibus aims to modernise and consolidate rules across several cornerstone frameworks, including the GDPR, the AI Act, the Data Act, the NIS2 Directive and the ePrivacy Directive. The package also touches on more recent instruments such as the Data Governance Act, the Cyber Resilience Act and the Cybersecurity Act. The Commission’s objective is to remove redundant provisions, clarify ambiguous sections, and build a more coherent regulatory architecture that reflects how technology and data-driven services now operate across borders.
Key proposals include combining the Data Governance Act and Open Data Directive into a single Data Act, aligning cybersecurity requirements across NIS2, DORA and the Cyber Resilience Act, and creating greater consistency between data protection and AI-related obligations. The Commission has flagged proportionality as a cornerstone, setting out an ambition to cut administrative and reporting burdens by 25% for all businesses—rising to 35% for SMEs—by 2030. Feedback closed in October 2025 with respondents broadly supporting the focus on clarity rather than deregulation.
Industry groups have been quick to respond, including the Data and Technology for Compliance (DT4C) Alliance, whose founding members include Moody’s. The alliance has argued that simplification should be seen as a way to strengthen digital enablement, allowing businesses to build more effective compliance tools without navigating fragmented rulebooks. Its recommendations stress the need to clarify the use of GDPR’s legitimate interest grounds for anti-money laundering and fraud checks, alongside promoting interoperable APIs and corporate digital identity frameworks that support “verify once, use many times” models. The alliance also warned that overlapping duties across AI, AML and cybersecurity could undermine compliance efficiency if not aligned.
A parallel stream of work is also under way at the European Banking Authority (EBA), which is pursuing its own initiatives to simplify prudential reporting and supervisory requirements. Through recent consultations and newly finalised Regulatory Technical Standards, the EBA aims to remove unnecessary data points, deliver proportionality for small and non-complex institutions, and digitalise the Single Rulebook. A centralised repository for supervisory data requests is also being developed to tackle duplication with the intention of improving transparency and predictability for banks.
While the EC’s Digital Omnibus focuses on horizontal alignment across the digital economy, the EBA’s work takes a sector-specific approach to refining oversight. Both share a common aim: reducing unnecessary duplication, improving consistency and supporting trust in regulatory systems. For financial institutions and technology providers, these reforms could pave the way for lower compliance costs, clearer expectations and a more competitive environment for innovation across Europe’s digital and financial sectors.
Copyright © 2025 FinTech Global
