Europe’s digital rulebook has expanded dramatically, with the number of EU laws related to digitalisation more than quadrupling in the past dozen years (from roughly 20 to 88) and their average length doubling in two decades. This vast “digital acquis”, spanning the DMA, DSA, GDPR, Data Act, AI Act, Data Governance Act, Cyber Resilience Act, and sectoral regimes like the European Health Data Space, shapes nearly every aspect of Europe’s digital economy. Yet its rapid growth has brought unintended complexity, overlaps, and inconsistencies that risk undermining legal certainty, innovation, and competitiveness.
The CEPS Task Force “Next Steps for EU Law and Regulation for the Digital World” will focus on fine-tuning and improving existing measures to enhance their effectiveness, efficiency, and coherence. The goal is to ensure that these laws deliver on their promises without needlessly sacrificing protection for businesses, citizens, and fundamental rights.
Rather than calling for new layers of regulation, the Task Force will seek to identify targeted reforms to flagship instruments including the Digital Markets Act (DMA), the Digital Services Act (DSA), GDPR, the Data Act, the AI Act, and the Cyber Resilience Act. In each case, we will be looking for simplification and consistency improvements with as little sacrifice of regulatory effectiveness as possible; greater coherence among these acts and with the rest of the EU acquis across multiple thematic areas including privacy, cybersecurity, and consumer protection; reduction of burden on SMEs, while recognising that they are often suppliers to larger firms; and more generally ensuring proportionate compliance costs across the value chain.
Alongside substantive improvements, the Task Force will address procedural and structural reforms needed to make digital rulemaking more agile and coherent. Topics include better ex-ante impact assessments, more objective and independent ex-post evaluations, and the use of RegTech (regulatory technology including AI) to streamline compliance. In doing so, the Task Force will apply a “customer experience” lens, focusing on how businesses and citizens experience regulatory obligations.
Methodology and timeline
The Task Force will convene four full-day hybrid workshops (dates are nominal and will be confirmed once sufficient membership commitments are secured):
- Workshop 1 (Nov 2025): Context-setting; improving the DMA’s interplay with competition law; strengthening ex-ante impact assessment.
- Workshop 2 (late Nov): Fine-tuning the DSA; ex-post evaluation practices; data governance reforms (Data Act, DGA, EHDS).
- Workshop 3 (Dec): Enhancing GDPR effectiveness and trust; simplification tools (sandboxes, SME exemptions, RegTech); cybersecurity calibration (NIS 2, CRA, DORA).
- Workshop 4 (Jan 2026): Integrating findings; AI Act coherence; responding to the Commission’s expected Digital Omnibus proposal (Dec 2025).
Each session introduced by a keynote and followed by structured discussion; proceedings follow Chatham House rules. Outputs culminate in a CEPS Final Report synthesising debates and independent research; consensus will be reported where possible, with disagreements explicitly mapped.
The Draft Final Report will circulate in March 2026, followed by publication and a launch event (e.g. at CEPS Ideas Lab).
Governance and integrity
The Task Force is organised by CEPS and chaired by J. Scott Marcus and Andrea Renda, with Artur Bogucki serving as rapporteur. It operates under CEPS integrity standards. Member contributions are invited and welcomed but do not determine its conclusions.
Becoming a member
For more information about the objectives and functioning of the Task Force, please refer to the Prospectus. To express your interest, kindly complete the registration form and email it to [email protected] or [email protected] by 30 October 2025.
For sponsorship inquiries, please contact [email protected] directly.
