On 19 November 2025, the European Commission published its European Data Union Strategy – a policy blueprint intended to unlock the potential of data as a strategic economic asset for the EU, especially in service of artificial intelligence (AI) innovation and international competitiveness.[1]
The strategy explicitly follows and builds on the EU’s 2020 European Strategy for Data, which laid foundational infrastructure for a Digital Single Market for data and created instruments such as the Data Governance Act (DGA), Data Act, and Open Data Directive.[2] However, according to the Commission, this legal ecosystem – while comprehensive – has resulted in fragmentation, legal uncertainty, and under-utilisation of valuable datasets across the Union.[3] This backdrop is critical: the EU sees itself in a global data competition where access to high-quality, large-scale datasets is increasingly decisive in AI leadership and industrial innovation, a challenge underscored in the strategy’s own problem analysis.[4] Put simply, the Data Union Strategy is Europe’s latest attempt to move from foundational data governance toward operational data availability and competitiveness with a single, coherent data economy.[5]
Core Pillars of the Strategy
1. Scaling Up Access to Data for AI and Innovation
The strategy’s first pillar focuses on expanding the availability of data – especially datasets suitable for training advanced AI systems, including generative AI – and ensuring such data is accessible securely and at scale to companies, researchers, and SMEs.[6]
To that end, the Commission proposes “data labs”, which are shared service facilities that link the EU’s Common European Data Spaces with the AI ecosystem, offering tools, data curation, labeling, and compliance support.[7] This initiative dovetails with broader EU investments, including approximately 100 million Euros towards building and scaling common data spaces across key sectors such as defense and health, reinforcing the data pipeline for AI development.[8] Despite these commitments, stakeholders have noted longstanding challenges in interoperability and data quality, especially for IoT and public sector data, that remain obstacles even under ambitious planning.[9]
2. Streamlining Data Laws via the Digital Omnibus
The strategy’s second pillar focuses on simplifying and streamlining regulation.[10] To achieve this, the Commission has introduced the Digital Omnibus proposal alongside the Data Union Strategy with the aim to simplify and consolidate the EU’s digital rulebook, particularly in respect of data access, protection, and cybersecurity.[11]
Rather than introducing entirely new frameworks, the Omnibus proposes targeted amendments to existing EU laws, including the GDPR, ePrivacy Directive, Data Act, and cybersecurity laws such as NIS2 and DORA, to reduce duplication, legal overlap, and administrative burden.[12] It also entails consolidating data access rules by merging the Data Governance Act, Open Data Directive, and Free Flow of Non-Personal Data Regulation into a restructured Data Act, aiming for a single, coherent regime for data reuse and sharing.[13] Other notable element is integrating cookie and tracking-technology rules into the GDPR with a simplified legal basis for user consent.[14] With these, the Digital Omnibus proposal intends to make compliance with EU digital laws more predictable and less costly for businesses while still upholding core protections.[15]
Critiques and Controversies Around the Digital Omnibus
While the Commission frames the Omnibus as simplification rather than deregulation, the package has sparked significant concern from civil society and privacy advocates. Major NGOs warn that some proposals, especially to amend the GDPR, risk weakening privacy protections or enabling broader data use without explicit consent.[16]
Critics from rights groups such as European Digital Rights (EDRi) describe parts of the Omnibus as a potential rollback of digital protections, citing fears over easier AI training on personal data and expanded business exemptions.[17] Sharp civil society pushback highlights the tension inherent in the Data Union Strategy and Omnibus: balancing innovation and competitiveness against the EU’s longstanding commitment to data protection and fundamental rights.[18] Academics and privacy advocates have argued that consolidation may shift regulatory emphasis from individual control and privacy safeguards toward commercial data access for innovation, potentially stretching GDPR’s privacy-centric ethos.[19]
3. Strengthening EU Global Data Position and Sovereignty
The strategy’s third pillar emphasizes data sovereignty to ensure that Europe can compete in global data flows on terms that align with EU values while resisting data localization barriers.
Actions include drafting guidelines on fair treatment of EU data abroad and creating a toolbox to counter unjustified localization, exclusion, or data leakage measures. This reflects a broader geopolitical perspective where data access and cross-border data flows are increasingly framed as strategic assets and points of negotiation in global trade and tech governance. [20]
Stakeholder Reactions
Many industry stakeholders, from SMEs to tech associations, support the strategy’s emphasis on streamlined data access and reduced compliance costs, particularly the consolidation of overlapping legal regimes.[21] Business groups see simplified rules as critical for fostering a competitive environment that can keep pace with US and Chinese tech ecosystems, where data regulation is often less restrictive.[22]
On the other side, privacy advocates and civil society actors have expressed deep concern about aspects of the Digital Omnibus that amend the GDPR or reduce mandatory compliance thresholds for data breach reporting.[23] Critics argue this undermines the EU’s foundational data protection regime, warning these changes could dilute individual rights protections, especially regarding consent and data subject control.[24] The intense reaction highlights the ongoing values debate in EU digital policymaking: how to reconcile innovation-driven data access with the EU’s normative commitments to privacy and fundamental rights.[25]
Ambitions and Challenges Ahead
The Data Union Strategy represents a significant strategic pivot in EU digital policy – toward data availability, AI readiness, and economic competitiveness – while reaffirming the need for a strong legal framework.[26] Accompanying the strategy, the Digital Omnibus proposal seeks to simplify the regulatory landscape and reduce friction costs for businesses, but it also raises serious debate about the future shape of EU data protection.[27] Ultimately, the unfolding legislative process in the European Parliament and Council will test whether the strategy can balance innovation, fundamental rights, and global competitiveness without sacrificing the EU’s core digital values.[28]
[1] European Commission. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions: The European Data Union Strategy. COM(2025) 835 final, 19 Nov. 2025. EUR-Lex, https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A52025DC0835 (hereinafter: EU Commission – Data Union Strategy).
[2] EU Data Union Strategy; European Commission (2025). “European Data Union Strategy.” Shaping Europe’s Digital Future, https://digital-strategy.ec.europa.eu/en/policies/data-union (hereinafter: Data Union Strategy Summary).
[3] EU Commission – Data Union Strategy.
[4] EU Commission – Data Union Strategy.
[5] Data Union Strategy Summary.
[6] EU Commission – Data Union Strategy.
[7] EU Commission – Data Union Strategy.
[8] Data Union Strategy Summary.
[9] European Commission (2025). “Implementation Dialogue on EU Data Policy.” European Commission, 1 July 2025, https://commission.europa.eu/implementation-dialogues/implementation-dialogue-data-policy-2025-07-01_en (hereinafter: Implementation Dialogue, 2025)
[10] EU Commission – Data Union Strategy.
[11] European Commission (2025). “Simpler EU digital rules and new digital wallets to save billions for businesses and boost innovation.” Press Corner, 2025.11.19., https://ec.europa.eu/commission/presscorner/detail/en/ip_25_2718.
[12] Osborne Clarke (2025). “The Digital Omnibus – A Package of Simplification.” https://www.osborneclarke.com/what-our-clients-are-talking-about/digital-regulation/digital-omnibus-package.
[13] Two Birds. “EU Digital Omnibus Package: Major Changes to the Data Act Proposed.” Bird & Bird, 2025.11.19., https://www.twobirds.com/en/insights/2025/eu-digital-omnibus-package-major-changes-to-the-data-act-proposed.
[14] Eversheds Sutherland (2025). “EU Digital Omnibus at a Glance.” Eversheds Sutherland, 2025.12.09., https://www.eversheds-sutherland.com/en/sweden/insights/eu-digital-omnibus-at-a-glance.
[15] King & Spalding (2025). “The Digital Omnibus Proposal: Simplifying the EU Digital Rulebook by … adding more rules?” King & Spalding, 2025.11.24., https://www.kslaw.com/news-and-insights/the-digital-omnibus-proposal-simplifying-the-eu-digital-rulebook-by-adding-more-rules.
[16] Foo Yun Chee (2025). “Critics Call Proposed Changes to Landmark EU Privacy Law ‘Death by a Thousand Cuts’.” Reuters, 10 Nov. 2025, https://www.reuters.com/sustainability/boards-policy-regulation/critics-call-proposed-changes-landmark-eu-privacy-law-death-by-thousand-cuts-2025-11-10/.
[17] Jennifer Rankin (2025). “European Commission Accused of ’Massive Rollback’ of Digital Protections.” The Guardian, 19 Nov. 2025, https://www.theguardian.com/world/2025/nov/19/european-commission-accused-of-massive-rollback-of-digital-protections.
[18] Foo Yun Chee (2025).
[19] Barbara Lazarotto (2025). “The Data Omnibus: The Good, the Bad, and the Ugly Behind the DGA and Data Act Rewrite.” MediaLaws, 2025.12.19., https://www.medialaws.eu/the-data-omnibus-the-good-the-bad-and-the-ugly-behind-the-dga-and-data-act-rewrite/.
[20] https://dsv-europa.de/en/news/2025/11/data-union-strategy.html.
[21] Implementation Dialogue, 2025.
[22] Bertin Martens (2025). “The European Union Needs a Digital Omnibus to Make Digital Services Competitive.” Bruegel, 202512.08., https://www.bruegel.org/analysis/european-union-needs-more-digital-omnibus-make-digital-services-competitive.
[23] Foo Yun Chee (2025).
[24] https://www.theguardian.com/world/2025/nov/19/european-commission-accused-of-massive-rollback-of-digital-protections.
[25] Euronews (2025). “Between the Lines: What Europeans Say About the EU’s Data Strategy.” Euronews, 10 Nov. 2025, https://www.euronews.com/next/2025/11/10/between-the-lines-what-europeans-say-about-the-eus-data-strategy.
[26] EU Commission – Data Union Strategy.
[27] Osborne Clarke (2025).
[28] Daniel Schnurr (2025). “The Digital Omnibus: Positive Steps but an Unclear Strategy.” Centre on Regulation in Europe, 2025.11.28., https://cerre.eu/news/the-digital-omnibus-positive-steps-but-unclear-strategy.
