On 19 November 2025, the European Commission published its Digital Omnibus package, a legislative proposal to amend the AI Act, the GDPR, the ePrivacy Directive, the Data Act, and several cybersecurity frameworks in a single stroke. The word “simplification” appeared 23 times in the accompanying press release.
Six days earlier, a coalition of 127 civil society organisations had already published an open letter warning that the package would amount to, in their words, the biggest rollback of digital fundamental rights in EU history.
The Commission chose the word “simplification” carefully. Nobody opposes simplification. Simplification sounds like tidying a desk.
What the Omnibus actually proposes is something altogether more consequential: delaying the AI Act’s core obligations for high-risk systems by up to 16 months, creating a new legitimate interest basis under the GDPR for companies training AI models on personal data, narrowing the definition of personal data itself, and removing the obligation for AI providers and deployers to ensure staff AI literacy.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
These are not editorial corrections. They are structural concessions.
The logic behind them is familiar and, on the surface, compelling. Europe cannot compete with the United States and China in artificial intelligence if its companies are buried in compliance paperwork.
Mario Draghi’s landmark competitiveness report of September 2024 laid the intellectual foundation: the EU has missed the digital revolution, its productivity gap with America is widening, and regulation, among other things, bears part of the blame. The Omnibus is the Commission’s answer to Draghi’s diagnosis. But it is answering the wrong question.
The assumption embedded in the Omnibus is that regulation is what holds Europe back. Remove the friction, the thinking goes, and European AI companies will flourish. The trouble is that the evidence points in a different direction entirely.
As Columbia Law School professor Anu Bradford argued in a 2024 paper published in the Northwestern University Law Review, the technological gap between the EU and the US cannot credibly be attributed to the stringency of European digital regulation.
The causes are more foundational: the absence of a genuine digital single market, shallow and fragmented capital markets, punitive bankruptcy laws that discourage risk-taking, and an immigration system that makes it harder to attract global tech talent.
Bradford’s argument dismantles the premise on which the entire Omnibus rests. Europe had virtually no meaningful tech regulation before 2010, the period during which Google, Meta, and Amazon built their global dominance. If light regulation were the key to tech success, Europe should have produced its own giants in those years. It did not.
The numbers tell the same story. According to the State of European Tech 2025 report, US startups attract funding at roughly 0.74% of GDP, compared with 0.35% for the UK and Ireland, the highest-performing European region.
Nearly half of all late-stage funding for European deep tech spinouts still comes from outside Europe, predominantly from America. We previously reported that roughly 30% of Europe’s unicorns between 2008 and 2021 relocated abroad, mostly to the US. They were not fleeing the GDPR. They were chasing capital, customers, and a continent-sized market that Europe still does not convincingly offer.
This is the structural problem that no omnibus can fix, and it is the one Brussels appears least interested in confronting. Weakening the AI Act does not create a European capital markets union. Narrowing the definition of personal data does not give a startup in Tallinn frictionless access to customers in Lisbon.
Delaying compliance deadlines does not persuade a pension fund in Amsterdam to put 2% of its assets into venture capital instead of 0.01%. The Omnibus is treating a symptom, and not even the right symptom, while leaving the disease untouched.
What the Omnibus does risk, though, is dismantling something Europe actually built. Over the past decade, the EU assembled a regulatory architecture that no other jurisdiction could replicate: the GDPR, the Digital Services Act, the Digital Markets Act, and the AI Act. These were not universally popular, and their implementation has been uneven. But together they represented something genuinely distinctive: a credible, values-based framework for governing technology that shaped global standards.
The GDPR became, as Bradford coined it, a textbook case of the “Brussels Effect,” with major US tech companies adopting it as their de facto global standard rather than maintaining separate systems for each market.
As TNW noted when the AI Act entered into force, the EU had positioned itself as a global leader in AI governance, with other jurisdictions watching closely to see how enforcement would unfold.
That regulatory credibility was a form of competitive advantage, just not the kind that shows up in quarterly GDP figures. It attracted researchers, shaped corporate governance norms, and gave European firms a trust premium in markets where consumers increasingly care about how their data is handled.
Now the Commission is proposing to hollow it out before the ink on the AI Act has fully dried, and before anyone can fairly assess whether the framework works.
The timing is not incidental. The Omnibus arrives in a political moment dominated by anxiety about American tech supremacy and the deregulatory posture of the Trump administration. Europe is watching the US gut federal oversight of AI and digital markets, and concluding that it needs to keep pace.
But keeping pace with deregulation is a race that structurally favours incumbents with capital advantages Europe does not have. Amazon, Google, Meta, and Microsoft did not become dominant because of light regulation. They became dominant because of network effects, massive R&D spending, deep capital markets, and a single domestic market of 330 million consumers.
Loosening Europe’s rules does not replicate any of those conditions. It merely removes one of the few things that distinguished Europe’s approach.
The irony is that the Draghi report itself, read carefully, does not prescribe dismantling existing regulation. Draghi’s emphasis was on closing overlaps, accelerating enforcement, and channelling investment. He called for an ARPA-type European research agency, a €200 billion R&D budget, and a genuine capital markets union. These are expensive, politically difficult proposals.
The Omnibus, by contrast, costs nothing and offends nobody in industry. It is the path of least resistance dressed up as reform.
There are reasonable arguments for some of the Omnibus’s provisions. Extending compliance deadlines when harmonised standards have not been published is defensible. The European Parliament seems to recognise the nuance.
When it voted on its position in March 2026, it supported the delay in high-risk AI deadlines but set fixed dates, shortened the Commission’s proposed grace period for watermarking obligations, added a ban on AI-powered “nudification” systems, and retained, in weakened form, AI literacy obligations the Commission had proposed removing entirely.
The Parliament is trying to hold the line between pragmatic adjustment and wholesale retreat.
But the broader trajectory is what should concern anyone who believes regulation can coexist with innovation, and that Europe’s long-term competitive position depends on demonstrating that it can.
The Jacques Delors Centre warned in a recent analysis that the Omnibus proposals, advanced without a comprehensive impact assessment, risk increasing legal uncertainty and creating loopholes rather than reducing complexity. In markets dominated by foreign tech companies, the Centre noted, looser rules risk entrenching foreign dominance and undermining the EU’s stated objective of digital sovereignty.
The argument that deregulation helps European startups assumes those startups, rather than American incumbents, will be the primary beneficiaries. History suggests otherwise.
The Digital Fitness Check, running alongside the Omnibus, makes the trajectory clearer still. The Digital Services Act and Digital Markets Act have already been named as potential targets. These are the frameworks that give the EU leverage over algorithmic amplification and platform monopolies.
Weakening them does not boost European competitiveness. It boosts the competitive position of the very companies Europe was trying to regulate.
There is a word for what the Commission is doing, and it is not simplification. It is capitulation to a framing that treats the absence of rules as the presence of innovation. Europe spent a decade building something no other bloc had: a coherent, enforceable framework for governing the technologies that will shape the next century. It was imperfect, sometimes clumsy, occasionally overreaching. But it was real. And it was Europe’s.
Dismantling it to copy an American playbook that depends on capital structures, market scale, and talent pipelines Europe does not possess is not a competitive strategy. It is the geopolitical equivalent of selling your furniture to pay the heating bill. The house gets colder either way.
Get the TNW newsletter
Get the most important tech news in your inbox each week.