Keep it simple
Ideas to simplify the EU digital rulebook were put by the Polish presidency of the Council of Ministers to other EU member-state governments on 6 June. Nils Rauer and Wouter Seinen download the data
Major changes to the way businesses navigate and comply with digital regulation in the EU – such as rules on AI, use of data, and cybersecurity – could follow from a package of proposals put to lawmakers on 6 June.
The ideas were presented by the Polish presidency of the Council of Ministers to other EU member-state governments.
They include, among other things, a delay being applied to the effect of certain legislative provisions that have already been finalised – including, potentially, certain rules under the AI Act – in the same way that has happened already in the context of sustainability-related due-diligence and disclosure obligations.
Further changes that businesses would see from the implementation of the ideas include simplified transparency obligations, reduced cyber-incident notification duties, and lighter-touch regulation for SMEs
Other measures envisage harmonisation of the way important concepts are defined across different pieces of digital regulation, greater coordination between regulators responsible for enforcing the various legislation, and publication of guidance to help businesses better understand how the different EU rules interact.
Broadband
The proposals would affect a wide range of EU digital regulation, including the AI Act and General Data Protection Regulation, the second Network and Information Security Directive and the Cyber Resilience Act, as well as the Data Act, the Digital Services Act (DSA), Platform-to-Business Regulation, and Digital Operational Resilience Act.
The Council of Ministers is one of the EU’s law-making institutions. It comprises representatives from the governments of each of the 27 member states in the bloc.
Digital ministers from across those governments met on 6 June, where Poland’s proposals were presented but not discussed. The proposals derive from input received from industry.
In addition to businesses, EU policymakers are coming under increasing political pressure to reduce regulatory burdens in digital markets.
The US government, for example, has called on the EU to do more to support technological innovation by companies, with many US-headquartered technology companies operating in the EU market, while Mario Draghi (former European Central Bank president), in a report into EU competitiveness, last year urged action to reduce regulation – particularly for tech companies.
Amid this backdrop, there is political will to act.
European Commission proposals for ‘simplification’ of the EU’s digital policy rulebook are expected to be published in the autumn, as confirmed by Henna Virkkunen (EU Commissioner for Tech Sovereignty, Security and Democracy) at a press conference that followed the council’s meeting.
Safe mode
The Polish proposals are the precursor to those proposals being set out, and could inform how they are developed by the commission – or how the council, when it comes to scrutinise the simplification package, responds and the amendments it might prepare.
The contents of the commission’s simplification package could, potentially, also be influenced by the outcome of a new consultation regarding implementation of the AI Act’s rules on ‘high-risk’ AI systems, which it opened on 6 June.
The rules on ‘high-risk’ AI are not due to take effect until August 2026.
According to the consultation, some changes to those rules are under commission consideration – including in relation to the classification of high-risk AI systems and the obligations associated with providing, deploying, importing or distributing those systems.
The consultation closes on 18 July 2025.
Commission President Ursula von der Leyen previously pledged to “cut red tape” in relation to AI – a pledge repeated by Virkkunen on 6 June.
She confirmed that there would be no “backslide” from the “main objectives” of the AI Act by the commission, but said that simplification of processes and the cutting of red tape, bureaucracy, and reporting obligations were under consideration.
Addressing the fact that AI Act rules applicable to ‘general purpose’ AI (GPAI) models are due to take effect on 2 August this year, but that a highly anticipated code of practice to support compliance with those rules has yet to be finalised,
Virkkunen said that she expects the code to be published in the coming weeks.
She added that the commission would ensure that further guidelines and standards anticipated under the legislation would be delivered before the relevant provisions addressed by those guidelines and standards would take effect. Some of those provisions are due to come into force on 2 August 2025.
The Polish proposals address a number of challenges facing businesses operating in the EU’s digital single market, including the lack of concrete guidance, best practices, and technical standards to help organisations test and ensure that they comply with digital regulations.
As the Polish presidency has identified, governments and regulators at member-state level apply their own interpretation of the regulatory requirements and expect organisations to operationalise abstract legal concepts, such as ‘transparency’ and ‘privacy by design’, in their own often complicated ecosystems.
A company is, for instance, often required to explain in plain and simple terms how they have weighed the legal interests of individuals against the interests of the company and third parties when seeking to use that individual’s data.
Similar simplified explanations of complex assessments of – often conflicting – interests are required under the AI Act and the DSA, without clear guidance and examples to help them.
On top of this, organisations are not able to seek confirmation that the compliance solution they have built meets the standards of the regulator, let alone the law.
This definitive answer is only available if those solutions are challenged by a regulator or are the subject of claims before the courts.
Innovation would be served if there were mechanisms for organisations to help them find a balance, in discrete use-cases, between conflicting fundamental interests detailed in various regulations, as well as for seeking confirmation or advice from government or regulators of the position they have taken.
Plug-and-play
The mainstream emergence of DeepSeek – the Chinese open-source model that the company behind it claims to have developed at a fraction of the cost of other large language models on the market, and without access to the same computing power – has spurred discussions within the commission about classification of ‘general-purpose AI’ (GPAI) models in the context of the scope of rules applicable to GPAI models under the AI Act.
It goes without saying that the digital single market within the EU requires a certain level of regulation: for example, we want to have effective and efficient means to battle unauthorised and illegal content on the internet, and limit fake news and undue manipulation.
Inevitably, this comes with transparency and record-keeping obligations, as well as other administrative burdens.
Thus, the Polish initiative is not meant to turn back the wheel to zero but is, instead, striving for the ‘right level’ of regulation – a goal that is difficult to achieve, but represents a worthy aim.
Dublin-based technology law expert Andreas Carney (Pinsent Masons), adds: “The sheer number of EU directives and regulations relevant to digital regulation identified by the Polish presidency is a simple indicator as to the challenges that businesses face in seeking to meet their compliance obligations.
“Whether sector-specific or general in application, navigating the various requirements and the inevitable overlap of certain obligations is proving burdensome. At a time when Europe’s competitiveness in this area is in sharp focus, a more concise and joined-up approach would, no doubt, help to ease that.”
Dr Nils Rauer is a partner in Pinsent Masons based in Frankfurt and is an expert in AI regulation. Wouter Seinen is a partner in Pinsent Masons and is head of office in its Amsterdam office.
LOOK IT UP
LITERATURE:
- ‘Balancing regulation and innovation in the technologydriven economy – outcomes of the discussions onsimplification activities in the digital field’ (General Secretariat of the Council of the European Union, 2 June
2025) - ‘Commission launches public consultation on high-risk AI systems’ (European Commission press release, 6 June 2025)