Deregulation of digital regulation in the European Union?

In the last legislative cycle (2019-2024), the European Union adopted a series of key and very comprehensive regulations in the field of the digital economy.

Key pieces of legislation include the Digital Services Act (DSA), the Digital Markets Act (DMA), the Data Governance Act (DGA), the Data Act (DA) and the Artificial Intelligence Act. It is a comprehensive reform of the digital legal order, the main purpose of which was the protection of fundamental rights, user security, market fairness and the EU's technological sovereignty.

However, this regulatory drive has been met with increasing criticism from industry, some Member States and even European institutions. They point out that the result is over-regulation, legal complexity, administrative burden and, consequently, a decline in the competitiveness of European digital companies. In response, the idea of an “omnibus” deregulation initiative has emerged, which is intended to simplify, streamline or even eliminate some digital regulatory obligations in the next legislative period.

Jaka Repanšek is the head of the strategic group for regulation at the Slovenian Digital Coalition (digitalna.si) and the president of the Advertising Tribunal. — *^{Author: Jaka Repanšek, Head of the Strategic Group for Regulation at the Slovenian Digital Coalition (digitalna.si) and President of the Advertising Tribunal}*

Companies, especially small and medium-sized enterprises (SMEs), which also form the backbone of the Slovenian economy, report “regulatory paralysis”, where they are no longer able to keep up with the multitude of regulatory requirements. In many cases, regulation leads to the opposite effect, as companies prefer to exit certain activities rather than risk non-compliance. The European model is facing reality: the US is building digital competitiveness on the basis of sectoral self-regulation, while China is building it on supervisory centralization. In this context, the key question is whether the EU will be able to follow all regulatory goals while promoting innovation and growth. As a small country with limited regulatory capacity, Slovenia was among the first to support initiatives to simplify digital regulation. National authorities responsible for implementing digital economy regulation have long warned of the lack of staff, legal fragmentation and SMEs’ compliance problems. It will therefore be crucial for Slovenia to actively participate in shaping the content of the “omnibus” package.

Omnibus

The term “omnibus” in a legislative context usually means a horizontal legislative instrument that amends several existing regulations in one legal move, with the aim of unifying, simplifying or streamlining. In the context of EU digital deregulation, it is an initiative that cuts through overlapping requirements between the DSA, DMA, the AI Act, the Data Act, etc., standardises definitions, simplifies compliance procedures and reduces regulatory fragmentation between Member States. Although there is no formal proposal from the European Commission on the table yet, preparatory discussions have already started in circles within the Directorate-General for Communications Networks, Content and Technology (DG CNECT) and the General Secretariat of the Council on the possibility of a common deregulation package in 2026 or 2027. A proposal to create a single “Declaration of Digital Compliance” for several regulators at once is mentioned as a possible solution. The deregulation package could introduce a single contact point, common reporting portals and centralised registers.

Particular emphasis should be placed on eliminating or simplifying certain requirements for micro and small enterprises, such as exemptions from fundamental rights impact assessments, less frequent reporting and automated compliance self-assessment tools.

However, there are also (justified) concerns: one of the main ones from civil society organizations and academia is that deregulation could undermine hard-won standards of data protection, child safety online, and other fundamental rights of users of digital services. At the same time, there is a risk that individual EU member states will not agree to deregulation, as some have already introduced national above-standard practices.

Problems in implementing the Artificial Intelligence Act

The Artificial Intelligence Act (AI Act), formally adopted by the European Union in spring 2024, is the world's first comprehensive legal framework for regulating artificial intelligence (AI). The aim of the act is to enable the safe use of AI that respects fundamental rights, democracy and the rule of law, while fostering innovation and technological development in the EU.

The act is based on a risk-based approach and classifies AI systems according to their potential impact on individuals and society. Systems with unacceptable risk are prohibited, high-risk systems are subject to strict regulation, while systems with limited or minimal risk are left to voluntary self-regulation.

However, the implementation of the AI Act faces a number of serious challenges concerning legal clarity, technical feasibility, institutional capacity and readiness of Member States, including Slovenia. Despite political support at EU level, a number of open issues remain that may affect the effectiveness and timeliness of implementation. One of the central problems of the AI Act is the legal ambiguity and complexity in classifying AI systems into individual risk categories. In practice, it is often unclear when an AI application constitutes “high risk” – especially in cases where it involves a combination of several functionalities. Users and developers will have to carry out self-assessments, which represents a significant regulatory burden, especially for medium-sized and small enterprises. In Slovenia, due to the fragmentation of sectors and the absence of a central regulatory authority, difficulties are already arising in understanding the requirements for risk assessment of AI systems. The AI Act also envisages the introduction of so-called “regulatory sandboxes” – controlled environments for testing AI solutions. In Slovenia, a regulatory sandbox has not yet been established, which hinders the involvement of innovators in the further development of AI-based solutions. At the same time, Slovenia has not yet appointed a competent authority by the summer of 2025, and in practice there is no clear demarcation between institutions such as the Information Commissioner, the Ministry of Digital Transformation, the Information Security Office, etc.

Conclusion

Compared to the US, which emphasizes soft self-regulation, and China, which implements strict controls, the EU has taken the path of formally regulating the introduction of AI at all levels. The US uses voluntary principles (e.g. the NIST AI Framework), while China uses strict pre-registration and security assessments. The EU is the only one among them to establish a very complex and legally binding framework, which increasingly raises the question of the competitiveness of the European market. The Artificial Intelligence Act is certainly a historic step in the legal regulation of AI. Its success will depend on the technical operationalization of the provisions, a clear institutional division of responsibilities, the timely establishment of support mechanisms and adaptation to rapidly evolving technology. If this is not the case, we risk that Europe's regulation will hold back innovation rather than promote it. Deregulation of the digital sector in the EU is therefore not a call to abolish the legal order, but an effort to achieve more effective, coordinated and proportionate regulation. The "Omnibus" deregulation initiative is an opportunity for the EU to avoid regulatory saturation, and for Slovenia, as an active member, it is also an opportunity to contribute to the creation of a rational European digital framework.