![European American Chamber of Commerce New York [EACCNY] | Your Partner for Transatlantic Business Resources](https://eaccny.com/wp-content/uploads/2020/06/eaccny-logo.png){kind=logo}
Commission unveils digital package revamping data and AI rules
On Wednesday (19 November), the European Commission presented a major digital simplification package designed to foster innovation while maintaining high standards. The proposal intends to cut administrative costs by up to €5 billion by 2029 and introduce new European Business Wallets, which could generate an additional €150 billion in yearly savings. Overall, the package seeks to make it much easier for European companies to scale and remain leaders in technology by streamlining rules on artificial intelligence, data and cybersecurity.
The digital omnibus and AI rules
The core of the Commission’s effort lies in its digital omnibus, a legislative proposal that simplifies several existing EU rules, particularly concerning the vital areas of AI and data.
A central focus of this omnibus is the intersection of AI and data protection, specifically the General Data Protection Regulation (GDPR). Recognising the need for vast datasets to effectively train and operate AI systems, the Commission proposes a significant change to how companies can access personal data.
Under the new rules, companies will be able to rely on “legitimate interest” as a legal basis for using personal data for AI development and operation. This is a crucial shift, as it is far less restrictive than the current requirement for explicit consent. By broadening access to data in this manner, the proposal wants to give Europe’s AI sector the resources it needs to compete globally. To support this change, the omnibus also provides greater clarity on the often-debated definition of personal data itself.
Moreover, the proposal introduces innovation-friendly AI rules that directly address the landmark EU AI Act. The Commission is proposing a delay in the entry into force of the stringent requirements for High-Risk Systems (HRS). These rules will now apply by December 2027, a postponement from the original August 2026 deadline. This extension offers valuable time for regulators and industry to finalise the necessary technical standards and comprehensive compliance guidance. Furthermore, the proposal includes expanded exemptions from certain reporting obligations, designed to benefit a wider range of companies, particularly smaller and medium-sized enterprises.
Streamlining compliance and consumer experience
First, the system for reporting cybersecurity incidents will be simplified. Instead of reporting incidents under multiple laws, such as the NIS2 Directive and the Digital Operational Resilience Act (DORA), the omnibus introduces a single-entry point where companies can meet all their incident-reporting obligations, saving time and administrative efforts.
The new legislation takes a substantial step toward simplifying the labyrinth of EU data law by proposing the consolidation of four major existing data regulations, including the Data Act and the Data Governance Act, into a single, unified instrument. This move is intended to improve clarity and coherence across the digital rulebook.
Other adjustments have also been proposed in areas affecting business operations and consumer experience. For example, Rules concerning tracking cookies, currently governed by the ePrivacy Directive, are set to be integrated into the GDPR. This change aims to reduce the proliferation of annoying consent banners seen across websites by widening the list of “harmless” processing activities that no longer require explicit user consent. In addition, the package would simplify the requirements for conducting Data Protection Impact Assessments (DPIAs) and the reporting of data breaches to supervisory authorities, aiming to reduce the administrative burden on companies.
Data Union Strategy
Besides, presented alongside the omnibus package is a new Data Union Strategy, which seeks to build upon the legislative changes and further expand access to high-quality data for the AI ecosystem.
The strategy outlines practical steps, including the creation of new data labs and a dedicated Data Act Legal Helpdesk to support implementation and compliance across the bloc. Crucially, the strategy also focuses on strengthening Europe’s data sovereignty. It includes an anti-leakage toolbox, measures to protect sensitive non-personal data, and guidelines designed to help assess the fair treatment of EU data when it is processed abroad.
European Business Wallet
Finally, a fundamental part of the new package is the introduction of the European Business Wallet. This proposal will give European companies and public sector bodies a unified digital identity tool that moves many in-person operations online.
With the Wallet, businesses will be able to digitally sign, timestamp, and seal documents; securely store and exchange verified documents; and communicate securely with public administrations across all 27 Member States. Scaling up a business, paying taxes, and completing cross-border paperwork will be easier than ever, with the Wallets estimated to unlock up to €150 billion in savings for businesses each year
European Commission plans consumer protection law overhaul before 2030
The European Commission adopted the 2030 Consumer Agenda on Wednesday (19 November), a five-year plan launched with little fanfare but set to trigger a series of regulatory changes that will significantly reshape EU consumer protection. The agenda reflects the growing centrality of the digital sphere and a steady tightening of enforcement tools. Together, the coming initiatives could significantly influence how firms, especially those selling digital goods and services across the single market, operate in the years ahead.
New enforcement powers
Most consequential is the Commission’s first explicit commitment to revise the Consumer Protection Cooperation (CPC) Regulation, the EU’s enforcement pillar for cross-border consumer law breaches. For the first time, Brussels is floating the idea of direct, EU-level enforcement powers to complement its current coordination role among national authorities. A legislative proposal is expected to be introduced in the final quarter of 2026.
In a recent public consultation, national consumer authorities indicated that they would welcome the prospect of stronger centralised powers. They have long been frustrated by slow procedures, scarce resources and the difficulty of pursuing rogue traders outside the EU. Businesses, too, said the enforcement gap has become untenable: non-compliant sellers, especially on e-commerce platforms, undercut firms that play by the rules. Companies stressed that their top priority is not new legislation but consistent enforcement, clearer guidance and simplified procedures across the bloc. Yet many caution that expanding EU powers should not pile new administrative obligations onto compliant firms, a risk that would undercut the Commission’s own push for simplification.
Focus on digital
The Commission confirmed also work on a Digital Fairness Act (DFA), due in late 2026, aimed at quelling manipulative design features, deceptive interfaces and unfair personalisation practices, particularly those targeting minors. Consumer groups have greeted the plan enthusiastically, arguing that digital loopholes have allowed harmful practices to proliferate faster than legislation can respond. Businesses, however, urge caution, insisting that existing rules, if properly enforced, already cover many of the problems identified. They warn that new obligations must be tightly scoped, technology-neutral and backed by robust impact assessments.
Other files will follow in parallel. A European Product Act, scheduled for the third quarter of 2026, will revisit the EU’s product-safety architecture, strengthening market-surveillance tools and tightening checks on goods imported through online marketplaces.
The Commission also plans a formal evaluation of the Geo-Blocking Regulation in the second quarter of 2026. Adopted in 2018, the law bans unjustified online discrimination based on nationality or residence, giving consumers more equal access to goods and services across the EU. While it has improved cross-border shopping, the Commission finds that persistent obstacles and uneven implementation remain.
Balancing act
Stakeholders across the spectrum agree on the direction of travel: better enforcement, stronger digital protections and fewer cross-border frictions. However, the agenda also highlights the EU’s challenge of balancing consumer protection in a complex marketplace while ensuring that regulatory requirements remain manageable for businesses operating in the same environment.
Irish government advances major reforms on environmental legal costs and infrastructure delivery
The Irish Government is advancing significant reforms aimed at reducing barriers to infrastructure delivery by addressing judicial review processes, environmental legal costs, and planning system inefficiencies.
According to correspondence obtained by the Business Post, Minister for Public Expenditure Jack Chambers wrote to Minister for Climate and Environment Darragh O’Brien in June 2025, warning that judicial reviews had become “one of the most significant barriers to infrastructure delivery,” calling for alignment between his department’s work and ongoing efforts to establish a new Environmental Legal Costs Scheme. The proposed scheme would cap recoverable legal fees in environmental cases at around €35,000, limiting the costs that applicants can recover from the State and aiming to reduce the volume of lengthy or procedural litigation related to environmental and planning decisions.
Alongside this, the Government is preparing to introduce a major infrastructure plan to cabinet on 2 December 2025. As reported, the plan will include two legislative measures: a Critical Infrastructure Bill, designed to fast-track a small number of strategic projects through prioritised and streamlined consenting processes; and an Emergency Powers Bill, which will allow direct government intervention and approval of projects deemed to be of national importance. The measures reflect recommendations from the Accelerating Infrastructure Taskforce, with officials stating that Ireland must increase its “risk appetite” to overcome chronic delays in infrastructure delivery.
The reform package also proposes structural changes to the planning and regulatory system, including allowing consenting processes to run concurrently rather than sequentially, simplifying infrastructure guidelines, and establishing a new regulatory-simplification unit within the Department of Public Expenditure. These efforts are partly intended to address what Government officials describe as “over-transposition” or “gold-plating” of EU environmental directives, which they argue has created additional administrative steps compared with other member states.
These developments come amid growing concern from industry bodies over the impact of judicial reviews on essential infrastructure. The Construction Industry Federation recently warned that the planning and review regime is “overly prescriptive” and is “throttling” housing and infrastructure development. Rising judicial review volumes further underscore the challenge: An Coimisiún Pleanála recorded 127 judicial reviews lodged in the first nine months of 2025—nearing the 2024 record of 144 cases. The Law Society similarly noted that delays in the justice system and insufficient resourcing pose a risk to business confidence and Ireland’s competitiveness.
Recent reporting indicates that the Government is also considering reforms that would require courts to assess the likelihood of success before granting leave for judicial review, potentially filtering out lower-merit cases. If implemented alongside a costs cap, this may significantly reduce both the financial and temporal burden associated with contesting planning decisions.
Compliments of Vulcan Consulting – a member of the EACCNY