The EU’s European Economic and Social Committee has backed European Commission plans to simplify digital rules, saying changes should cut bureaucracy without weakening privacy protections, workers’ rights or legal certainty.
Simplification could reduce administrative burdens for businesses, public bodies and citizens, the Committee declared on Friday.
However, it warned against lowering safeguards in laws including the General Data Protection Regulation (GDPR) — the EU’s main data protection law — and the EU AI Act.
Companies, workers and consumers need “clear, coherent rules” that reduce compliance risks and paperwork “without lowering standards in substance”, rapporteur Heiko Willems said.
The Committee called for more simplification proposals to be developed through an upcoming “Digital Fitness Check” of EU digital legislation, with input from businesses, workers, civil society and scientists.
It also urged the EU to clarify and harmonise definitions used across digital laws — including “personal data”, “data holder” and “placing on the market” — to reduce legal uncertainty.
AI rules and reporting obligations
On the planned AI-focused changes, the Committee reiterated support for a risk-based approach under which stricter requirements apply to higher-risk uses of artificial intelligence.
It warned that overlaps between the AI Act and sector-specific rules could add costs and delays, and called for a “simplification by design” approach combined with “rights by design.”
Workers’ representatives should be involved whenever AI is introduced in the workplace, with consultation rights respected and oversight in place, co-rapporteur Angelo Pagliara said.
The Committee also supported “regulatory sandboxes” — controlled testing environments for new technology — and said compliance deadlines should be aligned with the availability of harmonised standards, while calling for transparency, accountability and human oversight in AI systems.
On reporting requirements, it welcomed plans for an interoperable EU “single entry point” for obligations under laws including NIS2, GDPR, DORA, eIDAS and CER, saying companies should be able to reuse information and submit reports in English.
The Committee said access for authorities should be limited to a “need-to-know” basis and pilots should be co-designed with industry and social partners.
It also stated simplified regimes for small and medium-sized enterprises should apply only to genuinely independent companies under EU definitions, and called for mandatory data-sharing obligations to be limited to strictly necessary cases while encouraging voluntary data sharing through common European data spaces.
