The EU's 2025 agenda for regulatory simplification and the digital package
The European Commission published earlier this month its 2025 Work Programme, which aims to streamline regulatory frameworks and improve competitiveness within the EU. Accompanied by a Communication on Implementation and Simplification, the Programme includes five Annexes detailing new, pending, withdrawn and repealed proposals, as well as the Commission's annual plan for evaluations and fitness checks. This follows the release of the Competitiveness Compass on 29 January 2025, which outlines actions to boost economic competitiveness in Europe.
In its “Communication on Implementation and Simplification”, the Commission outlines actions and tools to improve the implementation of EU rules. This initiative introduces several "Omnibus packages" of simplification measures and highlights the Commission's intention to work with Member States to reduce administrative burdens, promoting consistency in the transposition and application of EU rules. A key element is the digital package, which includes a review of the Cybersecurity Act. This review aims to simplify cybersecurity legislation, facilitating multi-purpose reporting and avoiding duplications. The accompanying assessment, expected during the first year of the 2024-2029 mandate, will determine if the expanded legal framework for the digital environment meets the needs of businesses, particularly small and medium-sized enterprises (SMEs) and small midcaps, which means companies with up to 499 employees, falling between SMEs (typically up to 250 employees) and larger mid-cap firms.
The digital package could have an impact on EU companies by streamlining cybersecurity reporting requirements and data-sharing obligations. Valdis Dombrovskis, the European Commissioner responsible for Economy and Productivity, including Implementation and Simplification, confirmed at a recent press conference in Strasbourg, that the package will simplify cybersecurity legislation. Commissioner Dombrovskis stated: “European businesses should spend less time and resources complying with red tape, so that they can instead focus on what really matters: developing innovative ideas, putting them into motion in Europe and creating high-quality jobs.” In addition, the package will address existing data rules for the purposes of ensuring a coherent legal framework for data sharing, while respecting security and privacy standards.
As part of its work programme, the Commission published a list of 51 initiatives for this year and details of 37 pending files it plans to withdraw, including the AI Liability Directive. The fitness check on the legislative acquis in the digital policy area is expected to conclude in the last quarter of 2025.
Additionally, the EU’s General Data Protection Regulation (GDPR) will be part of the digital simplification package. Michael McGrath, the EU Commissioner for Democracy, Justice, the Rule of Law, and Consumer Protection, confirmed that GDPR will feature in the future digital package, focusing on record-keeping requirements for SMEs and organisations with fewer than 500 people. The Commission is examining ways to ease the burden on smaller organisations regarding record retention while maintaining GDPR objectives. Currently, companies with fewer than 250 employees are exempt from keeping records unless processing personal data is regular, poses a threat to individuals’ rights and freedoms, or involves sensitive data or criminal records.
In conclusion, the 2025 Work Programme seeks to simplify and modernise the EU's regulatory landscape by addressing administrative burdens and industry criticism about over-regulation.
