Connect Europe and GSMA comments on the Digital Omnibus Proposal

Several significant areas of regulatory burden remain unaddressed within the proposal, and others require further clarification,

Digital Omnibus

Connect Europe and the GSMA, the industry associations representing telecoms operators in Europe, welcome the European Commission’s focus on regulatory simplification and competitiveness, and take note of the initiatives proposed through the Digital Omnibus proposal. In our view, it is an extraordinarily important moment to deliver on these goals, particularly as the telecommunications sector faces significant changes, namely brought by the Digital Networks Act (DNA) and Cybersecurity Act review (CSA2). However, while we welcome the reduction of unnecessary red tape in certain areas, there remains much more to be done to truly support Europe’s digital ecosystem and allow its core players to focus on continuing to provide the quality of connectivity the continent’s citizens and businesses need and expect.

Several significant areas of regulatory burden remain unaddressed within the proposal, and others require further clarification, which we believe deserve urgent attention. This includes aspects related to the continued effects of the ePrivacy Directive, the proposal for an EU-single entry point for incident notification and the proposed targeted amendments to the General Data Protection Regulation (GDPR). In this paper, we underline our main messages in this respect and invite you to take note of what remains to be problematic for the European telecommunications sector. Making these changes will support our mutual goal of uplifting European businesses and cutting regulatory overlaps, resulting in an improved framework that centres innovation and competitiveness as core principles.

Main points:

  1. The ePrivacy Directive: The ePrivacy Directive is outdated and must be repealed. The principle of confidentiality of communications should be maintained and integrated into horizontal legislation.

  2. The EU Single-Entry Point for Incident Notification: The proposed Single-Entry Point must ensure that incidents may be reported at national level and only once, in accordance with best practice and cybersecurity legal provisions. It should not create further burdensome procedures rather than simplifying existing ones.

  3. The GDPR: The risk-based approach of the GDPR should be respected, and its core principles maintained. Targeted adjustments on personal data are necessary to align with the 2025 ruling by the CJEU recognising the role of privacy-protecting techniques.

READ/DOWNLOAD THE PAPER

Connect Europe and GSMA comments on the Digital Omnibus.pdf (.pdf) Pink arrow pointing downwards at a pink horizontal line