On November 19, the European Commission published a package of regulations aimed at significantly simplifying existing rules on AI, data, and cybersecurity.
The package includes the following elements: 1) Digital Omnibus 2) Data Union Strategy (or “Data Union Strategy”) 3) European Business Wallet
Digital Omnibus package
The first part of the Omnibus package aims to introduce amendments and simplifications to many key legal acts (including GDPR, NIS 2, Data Act, and e-Privacy) and to repeal some older acts (Free Flow of Non-Personal Data, P2B, Data Governance Act, Open Data Directive).
The second part of the Omnibus package will introduce significant changes to the AI Act: – linking the implementation timeline of high-risk rules to the availability of standards or other support tools; – extending regulatory simplifications granted to small and medium-sized enterprises (SMEs) to small mid-caps (SMCs), including simplified technical documentation requirements and special consideration in the application of penalties; – requiring the Commission and the Member States to foster AI literacy instead enforcing unspecified obligation on providers and deployers of AI systems in this respect, while training obligations for high-risk deployers remain; – offering more flexibility in the post-market monitoring by removing a prescription of a harmonised post-market monitoring plan; – reducing the registration burden for providers of AI systems that are used in highrisk areas but for which the provider has concluded that they are not high-risk as they are only used for narrow or procedural tasks; – centralising oversight over a large number of AI systems built on general-purpose AI models or embedded in very large online platforms and very large search engines with the AI Office; – facilitating compliance with the data protection laws by allowing providers and deployers of all AI systems and models to process special categories of personal data for ensuring bias detection and correction, with the appropriate safeguards; – a broader use of AI regulatory sandboxes and real-world testing, that will benefit European key industries such as the automotive industry, and facilitating an EU-level AI regulatory sandbox which the AI Office will set up as from 2028; – targeted changes clarifying the interplay between the AI Act and other EU legislation and adjusting the AI Act’s procedures to improve its overall implementation and operation.
Data Union Strategy
Data Union Strategy consists of three pillars: 1) Scaling up access to quality data for AI and innovation, i.a. through developing the common European data spaces (CEDS) 2) Streamlining data rules (Digital Omnibus package). In addition, the Commission will also announce work on one click compliance to enable automated regulatory reporting, and a support package for the Data Act, including model contracts, standard clauses, guidance on compensation and trade secrets, and a legal helpdesk for SMEs. 3) Safeguarding the EU’s data sovereignty through a strategic international data policy.
European Business Wallet
The proposal of Regulation on the establishment of European Business Wallets (EUBW) aims to create digital wallet that will enable entrepreneurs among others: – Secure digital authentication of business identity. – Management of e-signatures, seals, and attributes. – Easy granting and verification of powers of attorney in the digital world.
