What the European Commission and Civil Society Both Get Wrong on the Digital Omnibus

Mark Scott is a contributing editor at Tech Policy Press. Views expressed here are his own.

After the European Commission last week proposed major rewrites to the bloc’s digital rulebook, many civil society groups and legal experts came to the same collective response: hard pass.

It’s easy to see why.

Under the guise of unleashing Europe-wide competitiveness, Brussels wants to significantly alter the European Union’s existing privacy standards, as well as its upcoming comprehensive AI rules.

The goal: to make it easier for industry to tap into reams of citizens’ personal data, pare back regulation perceived as hampering growth and position Europe as a global competitor to the United States and China. It is driven primarily by internal political and economic pressures — and less by rhetoric from the US demanding the bloc pull back on its digital laws.

There are many reasons why such framing is flawed – especially the perceived wisdom, as outlined by former Italian prime minister and European Central Bank president Mario Draghi in his competitiveness report from 2024, that almost all regulation is a burden to economic growth.

Yet in dismissing the Commission’s recent proposals, which still must be approved by both EU member countries and the European Parliament by August 2026, critics make two mistakes that undermine their claims of upholding people’s fundamental rights at a time of seemingly insurmountable power from some of the world’s most powerful, and profitable, tech companies.

In its proposals, Brussels, too, has equally failed to tackle the underlying causes of Europe’s sluggish growth and continued failure to take advantage of consecutive generations of technology, which have allowed China and the US to leapfrog the Old World in digital prowess.

For civil society and legal experts, the problem is two-fold.

As much as Europe has staked its claim to be the Western World’s digital police officer, the bloc’s current rulebook has proven to be underwhelming — often blighted by under-resourced enforcement and a failure to demonstrate how digital regulation improves the lives of EU citizens.

Almost a decade after the EU’s General Data Protection Regulation came into force, for instance, the world-leading privacy regime has been plagued by lax enforcement, over-complicated rules and a perception that Big Tech giants used the legislation to outmuscle smaller competitors.

Even though the bloc’s AI Act has yet to become fully enforceable, the legislation is similarly beset with enforcement difficulties, especially within EU national capitals where agencies have struggled to take on their additional regulatory burdens. In Brussels, policymakers now privately acknowledge that the emerging technology is outpacing rules that were passed only last year.

To suggest Europe’s collective digital rules should not be touched — merely under the assumption that they represent a quasi-sacred cow for other countries to follow — does not meet the current reality of how the legislation actually works.

The second problem is harder to swallow: not all of the European Commission’s proposed changes are bad.

Yes, suggesting that companies with so-called high-risk AI systems may be able to voluntarily sidepass legal checks — if these firms believe their services don’t pose societal risks — is a dangerous overstep. So, too, is the ability for companies to use people’s personal data to train large language models without expressly gaining their consent to do so.

But other proposed changes — including the reduction of data protection red tape for relatively small businesses operating in Europe and the postponement of some parts of the AI Act until much-needed standards are created — are not the ‘end of the world’ kow-tow to industry that many would like to believe.

They are a response to the current regulatory reality in Europe that has seen many of the bloc’s well-meaning digital rules become more of a paper tiger than hard-hitting oversight. Merely by overlaying more complex rules on existing legislation, which itself is barely enforced, is not a means to protect people’s fundamental rights.

The European Commission’s proposals may not be the zero-sum outcome that many civil society organizations would like to see, in which these groups’ demands to hobble world-spanning companies are married with aggressive regulatory enforcement.

But, for the most part, they represent practical changes that still give Europeans some of the highest levels of protection within the digital world compared to their counterparts from Brazil to Bangladesh.

That does not mean, however, that Brussels should be given a free ride in its so-called Digital Omnibus package, which, at its heart, is aimed at freeing up European industry to make the most of what technology has to offer.

EU officials have taken aim at paring back the bloc’s AI and data rules. But they have again overlooked basic structural changes to the EU’s economy that would have significantly more impact than rewriting parts of the Continent-wide privacy regime or upcoming AI legislation.

The original sin of Europe’s approach to technology is that the bloc does not have a digital single market. That means it remains hard, if not impossible, for a Portuguese tech start-up to raise funds from an Italian investor to sell its digital wares to a Swedish consumer.

A combination of nationally-focused capital markets, a labyrinth of domestic labor laws and conservative institutional investors unwilling to bet on high-risk digital companies significantly blunts Europe’s ability to compete on the global stage with the US and China.

Neither of these countries has such problems — a consequence of Washington and Beijing’s ability to harness the forces of a singular country, compared to Brussels’ attempts to corral the different national interests of the EU’s 27 member countries.

If EU officials had truly wanted to unleash the bloc’s economic potential, they could have finally completed a European digital single market, which would have pulled back the current economic barriers that are the true reason why Europe has failed to keep pace with China and the US.

Instead, Brussels decided to forgo such hard negotiations in favor of tweaking digital regulation that will, at best, only have a marginal benefit to the bloc’s long-term economic competitiveness.