Written by Cathy Kremer

Dear reader, 

Welcome to Publyon’s EU Digital Policy Update (DPU). As the countdown to Christmas begins, the Publyon team is still in full policy mode. The European Commission seems determined to deliver a final burst of (digital) legislation before the winter break, with the Digital Omnibus among the most significant files to watch – and the focus of this edition’s policy update. In our geopolitical corner, we unpack recent developments from drone sightings to tensions in the semiconductor ecosystem and cyber supply chains. And as always, we dive into the latest AI, cyber, and other digital policy news.  

Europe’s bold plan for sustainable growth, the “Clean Industrial Deal”, represents a major shift for EU businesses, especially in energy-intensive sectors. Don’t miss your chance to engage with the Commission to shape this deal and influence the policy direction for the next five years.

LEARN HOW
The spotlight

The spotlight

The Digital Omnibus: simplification push for AI and data protection? 

On 19 November, the European Commission released its long-anticipated Digital Omnibus proposal, published alongside two complementary initiatives: the proposal for the European Business Wallet and the Data Union Strategy. Together, the package marks a significant step in the EU’s effort to modernise its digital governance framework and strengthen Europe’s position in the global data economy. 

 

Omni-what?  

Before diving into the details, it is helpful to understand the purpose behind an EU omnibus: it is a strategic tool designed to simplify, align, and update multiple laws at once, making the regulatory landscape clearer and more efficient for businesses and innovators alike. 

 

The Digital Omnibus: What is in it for you?  

At the heart of the proposal are four flagship regulations: the General Data Protection Regulation (GDPR), the Artificial Intelligence (AI) Act, the Data Act, and the Cybersecurity Act. The initiative would also repeal outdated instruments; including the Data Governance Act and the Free Flow of Non-Personal Data Regulation to reduce fragmentation and duplication. 

 

Buzzing terms: AI and GDPR 

The omnibus introduces key updates to the AI Act aimed at making compliance simpler and more predictable for businesses:  

  • The Commission will provide detailed implementation guidance before the AI Act fully takes effect, giving organisations clear benchmarks for meeting their obligations;  
  • Relief measures currently available to SMEs will be extended to small mid-caps, reducing administrative burdens while keeping safeguards in place;  
  • Overlapping or duplicative requirements across EU digital laws will be removed, helping businesses avoid double reporting and navigate the regulatory landscape more efficiently. 

The omnibus also clarifies how personal data can be used for AI training and operations, providing clear guidance on the intersection between AI and the GDPR:  

  • Companies can use personal data if they have a legitimate reason, as long as they follow strong rules like collecting only what is needed, being transparent with people, and allowing anyone to object.  
  • For sensitive data, such as health or location information, there are extra rules: it cannot be collected on purpose, it should be removed when possible, and if that is too difficult, it must be kept safe and not used or shared. 

 

What does this mean for your business?  

For businesses, the Digital Omnibus means simpler compliance and greater legal certainty. Companies will face fewer reporting requirements, for instance thanks to a single, cross-regulation cybersecurity incident reporting channel, reducing administrative burden. At the same time, the omnibus clarifies how personal and sensitive data can be used for AI development, giving firms clear rules and safeguards that support innovation while keeping them compliant. 

Curious about the opportunities the Digital Omnibus could bring to your business? Are you concerned about the uncertainty this legislation brings in the short term? Maybe we can help. Get in touch with our Director Cathy Kremer at C.Kremer@publyon.com. 

Impact analysis for your business

Impact analysis for your business

Our free policy updates keep you informed, but is that enough? With our tailored EU Digital Policy Updates you’ll receive:

  • Custom insights on how upcoming policy changes might impact your business;
  • Strategic advice from your dedicated policy consultant on how to turn challenges into opportunities;
  • Early warnings about key legislative developments.
Schedule a free consultation
Geopolitical corner

Geopolitical corner

In Publyon’s geopolitical corner, we examine how geopolitics continues to steer Europe’s digital and security agenda. Another month, another reminder that Europe’s vulnerabilities are becoming increasingly predictable, to the point where it feels like we are narrating the same story but in a different Member State. 

 

Europe’s skies under pressure: drone incursions escalate across Belgium 

Between 7 and 10 November, Belgium faced a surge in disruptive drone activity targeting critical sites. On 9 November, five drones were observed circling the Doel nuclear power plant for nearly an hour, following earlier disruptions at Liège Airport where air traffic was briefly halted around 19:30. Additional sightings at Brussels Airport, military bases and the Port of Antwerp prompted an emergency meeting of Belgium’s National Security Council on 6 November, with security services increasingly viewing foreign interference as a plausible scenario. 

In response to Belgium’s request for assistance, Germany, France and the United Kingdom deployed counter-drone specialists over the same period, underscoring the seriousness of the threat. The situation highlights the growing urgency for Member States to clarify when counter-UAS tools can be activated in civilian airspace, how data can be handled legally, and who bears operational liability. Once again, hybrid pressures are accelerating the convergence of digital regulation, airspace governance and defence planning. 

 

Semiconductors and leverage: temporary relief in the Nexperia saga 

On 9 November, China lifted export restrictions on Nexperia-made chips for civilian use and paused dual-use material bans, easing immediate concerns within Europe’s automotive sector. The move followed the Dutch government’s decision in October to assume control of Nexperia to safeguard semiconductor security, which triggered months of supply-chain tension. Car manufacturers had warned that production could be disrupted within weeks unless the restrictions were lifted. 

While the easing provides short-term stability, the episode exposed the extent of Europe’s structural dependency on foreign semiconductor processing, with roughly 70% of Europe-made Nexperia chips still completed outside the EU. This incident underlines that Europe’s semiconductor resilience remains incomplete. Achieving strategic autonomy will require redundant processing capacity, diversified finishing sites and a more shock-resistant industrial model – otherwise each geopolitical tremor will continue to ripple through Europe’s supply chains. 

 

Germany steps up on cyber supply chains 

On 14 November, Germany approved new legislation granting the Interior Ministry expanded powers to block high-risk technology suppliers across all critical sectors, including energy, transport, digital infrastructure and health. The law implements the EU’s NIS2 Directive but goes further by enabling targeted bans on specific foreign-made components, reflecting Berlin’s tougher line on Chinese technology.  

Policy updates

Policy updates

Greens/EFA warn Commission against weakening key digital laws in the Digital Omnibus 

On 12 November, the Greens/EFA group sent a letter to European Commissioner Henna Virkkunen and President von der Leyen, warning that the leaked approach to the upcoming Digital Omnibus could weaken key EU digital laws rather than simplify them. The group says the draft risks undermining the Artificial Intelligence Act (AI Act), GDPR, ePrivacy rules and the Data Act. 

According to the letter, weakening transparency rules in the AI Act or creating loopholes in the GDPR would make it easier for large non-European tech companies to avoid EU protections, reducing Europe’s control over its own digital systems and data. The group also warns against reopening the Data Act or easing requirements in the Data Governance Act. Greens/EFA call on the Commission to avoid deregulation and instead focus on clear, targeted fixes that improve enforcement and legal certainty. 

 

New EU rules enter into effect to speed up fibre and 5G rollout 

On 12 November, the Gigabit Infrastructure Act (GIA) entered into effect, introducing new rules to make fast and advanced connectivity widely available across the EU. The act aims to cut costs and simplify procedures for deploying fibre and 5G networks, which are essential to support emerging services powered by artificial intelligence and cloud computing. 

The GIA promotes faster network rollout through measures such as infrastructure sharing, better coordination of civil works and digitalised permit procedures. It also requires information on existing infrastructure to be made available and encourages telecom deployment alongside other public works. In addition, new buildings and those undergoing major renovation must be equipped with fibre-ready infrastructure and internal fibre wiring. 

The Commission is working with Member States and the Body of European Regulators for Electronic Communications (BEREC) to ensure smooth implementation. The new rules are expected to accelerate high-speed connectivity across the EU and reduce barriers for operators deploying fibre and 5G. 

Next up is the Digital Networks Act, expected to be published on 20 January 2026.

 

Commission begins work on code of practice for labelling AI-generated content 

On 5 November, the European Commission launched work on a new Code of Practice (CoP) for marking and labelling AI-generated content. Under the AI Act, material such as deepfakes, AI-generated text and other synthetic content must be clearly identified, reflecting the growing difficulty of distinguishing AI output from human-created content. 

The code will support providers and deployers of generative and interactive AI in meeting their transparency obligations, helping them label AI-generated audio, images, video and text in machine-readable ways so they can be detected. The process begins with a seven-month, expert-led drafting phase involving public consultation and stakeholders chosen through an open call. 

 

Commission launches RAISE to boost AI-driven scientific breakthroughs 

On 3 November, the Commission launched the pilot of RAISE (Resource for Artificial Intelligence Science in Europe) at the European AI in Science Summit in Copenhagen. The virtual institute, funded with €107 million under Horizon Europe, is a flagship action under the Apply AI Strategy and the European Strategy for AI in Science. 

RAISE will bring together resources to apply AI to major scientific challenges, including medical research, environmental issues and natural disaster prediction. The initiative aims to strengthen Europe’s scientific leadership and support advanced AI research across the EU. 

 

Commission seeks input on upcoming EU Quantum Act 

On 31 October, the European Commission opened a call for evidence to shape the EU Quantum Act, planned for adoption in 2026. The Act aims to boost quantum research, scale up industrial capacity with pilot lines and a design facility, and strengthen supply chain resilience. 

It will build on the Quantum Europe Strategy and complement initiatives such as the Chips Act and EuroHPC. Authorities, industry, start-ups, researchers and experts are invited to contribute via the “Have Your Say portal until 26 November 2025. 

 

DSA opens new data access for researchers 

From 29 October, the Digital Services Act (DSA) allows qualified researchers to request data from very large online platforms and search engines. This new access aims to support studies on systemic risks such as recommender systems, illegal content and financial scams, especially their impact on users and minors. 

Requests will be assessed by national Digital Services Coordinators, and platforms must comply once legal criteria are met. The rules enable stronger, evidence-based research on platform risks while protecting companies’ sensitive data. 

 

Commission pushes forward multi-billion Scaleup Europe Fund 

On 28 October, the Commission met with major private investors to advance plans for the Scaleup Europe Fund, a new multi-billion investment vehicle for Europe’s most promising deep tech companies. The initiative supports the EU Startup and Scaleup Strategy. 

The fund will target late-stage investments in artificial intelligence, quantum, semiconductors, robotics and autonomous systems, and will be privately managed and co-financed. The move aims to strengthen Europe’s ability to scale high-growth deep tech firms. 

Blog

Blog

Digital Fairness Act: protecting consumers from unethical techniques and commercial practices

The Digital Fairness Act, expected to be presented in Q4 2026, seeks to strengthen European online consumer protection rules by tackling unethical techniques and commercial practices as well as strengthening consumer rights.

Read more
Digital Fairness Act: protecting consumers from unethical techniques and commercial practices
Events

Events

Where can you spot our digital team this month?  

This week, Director Cathy Kremer and our colleague Irene Veth will attend the European Business Summit 2025. Do not hesitate to say hi! 

Jan will participate in the ELF Techno-Politics event (19 November, Brussels), Citoyens Numériques forum on digital education (26 November, Louvain la Neuve) and the symposium of Jean Gol Centre on Steering the AI revolution (5 December, location tbc). 

Request a tailored policy update for your organisation

Fill out the form below to schedule a free consultation with our team to discuss how Publyon can help guide you through policy developments that affect your business.

    * required field