Simplifying the EU’s digital regulatory framework

Of Swedish businesses, 38 percent experience significant obstacles to growth due to regulatory burden and bureaucracy.¹ The European Commission’s announced simplification work in the digital area, the Omnibus Digital package, is therefore most welcomed.

Companies today must relate to, among other legislations, the AI Act, the General Data Protection Regulation (GDPR), the Data Act, the Digital Markets Act (DMA), cybersecurity rules such as the NIS 2 Directive and the Cyber Resilience Regulation (CRA). The rules apply to different types of data but often affect the same activities. They also have different objectives, different supervisory authorities and, in some cases, even conflicting requirements.

The result is a growing complexity that makes it more difficult to develop new products and services. In the worst case, it means that innovation does not take place in Europe – but elsewhere.

If the EU is serious about strengthening Europe’s competitiveness and becoming a world leader in digital technologies, it must make it easier – not harder – to innovate in Europe.

The Confederation of Swedish Enterprise therefore calls on the European Commission to:

• Clear the regulations of administrative requirements that do not increase the protection of consumers or society. In particular, simplify the AI Act, GDPR and CRA
• Ensure a risk-based and balanced application of the GDPR, especially in the use of AI.
• Modernise the regulation of automated decision-making and bring it together in the AI Act.
• Clarify the interaction between the Data Act, DMA and GDPR and simplify data sharing requirements. The Data Act creates uncertainty for investments and restricts freedom of contract.
• Create a single-entry point for all incident and cybersecurity reporting in the EU and introduce common reporting templates

Simplifying is not letting go of control – it is creating clarity, legal certainty and innovation.

¹ Företagens Regionala Utveckling 2025, page 17