EU Commissioner McGrath Outlines Digital Fairness Act, EU Inc. Initiative

---

Published

16 April 2026

Subscribe to IAPP Newsletters

Contributors:

Alex LaCasse

Staff Writer

IAPP

---

While the EU is on the cusp of finalizing several reforms to its digital rulebook through the Digital Omnibus packages, the European Commission still has work to complete in order for the bloc to achieve goals related to economic competitiveness. European Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection Michael McGrath said that digital simplification is just a component of a broader effort to fully integrate all sectors of the EU economy into a true "single market" and eliminate legal "fragmentation" from member state to member state.

Speaking with IAPP Cybersecurity Law Center Director Jim Dempsey at an event organized by the European Union Office in San Francisco, McGrath provided an update on progress around proposals for the omnibus and the Digital Fairness Act, and how they will work to support the establishment of EU Inc. — an effort to streamline and digitize the process of starting a business anywhere in the EU.

"We have a fantastic single market — 27 countries with 450 million people — but it's not a complete single market in many areas," McGrath said. "What we hear all the time from people who want to establish a business, and those who have established businesses, but want to scale and grow in the European Union, is that one of the issues that holds them back is the fragmentation by having to navigate all those different national (legal) systems."

Data protection agenda

This year marks the tenth anniversary of the EU General Data Protection Regulation's adoption in April 2016 and eighth anniversary of it becoming applicable in May 2018. McGrath indicated the landmark law has led to "more pluses than minuses" in terms of how EU citizens' personal information is protected. But as the GDPR gears up for its 10th anniversary, McGrath indicated the Commission's omnibus proposal aims to land on "targeted and proportionate" changes that address perceived issues with aligning legal interpretations.

"The key issue that came up (in stakeholder dialogues) was the need for consistent application of the GDPR throughout the European Union, because it's not adjudicated by one EU body, it's adjudicated by 27 different national data protection authorities," he said.

The GDPR plays an integral role in the EU-U.S. Data Privacy Framework, which remains in place despite ongoing strife between participating governments over a range of matters, including digital regulation and trade. The data transfer mechanism is intact despite the discrepancies, with McGrath noting the DPF has proved to be more resilient than its predecessor data transfer agreements because it is "mutually beneficial to both sides."

"There is recognition in the U.S., and certainly there is on the European Union side that there is too much at stake to allow (the DPF) to slip," McGrath said. "We know that many large U.S. companies that are the direct beneficiaries of the DPF are on the same page as us in that respect."

Digital Fairness Act preview

The Commission has yet to publicize its a draft text for the Digital Fairness Act. However, McGrath said it is being debated internally among commissioners with the goal of releasing the draft by the end of the year.

He added the overall objective of the DFA is to patch remaining loopholes in digital consumer protection laws, such as the Digital Services Act. It would extend DSA requirements to all companies that are not currently subject to the DSA as Very Large Online Platforms and Very Large Online Search Engines.

And while consumer protection matters are commonly handled by member state consumer protection authorities, McGrath noted the Commission has observed "clear gaps" in enforcement, specifically "when it comes to children." He pointed to DSA scope issues that potentially create legal uncertainty around the use of children's data for targeted advertising.

"When we hear back from the consumer protection authorities around the EU, on certain issues, they feel the law isn't clear enough, and when they feel something is wrong and should be tackled but they don't have confidence to bring a case," McGrath said. "So (the DFA) is about clarifying law and addressing any remaining gaps."

Asked by the IAPP's Dempsey how the pending DFA aligns with the Commission's overall goal of simplifying the EU's digital rulebook, McGrath said the ultimate goal is extending the clarity throughout the digital economy of the EU.

"We know the DFA is coming at a time when, in many respects, the trend is toward simplification and easing the burden of regulation," McGrath said. "But if you think about it, the DFA will address fragmentation, because in the absence of doing this centrally as a Commission, we see more and more national initiatives, which is the very thing that businesses don't want to see happen."

'Simplicity is key' to EU Inc.

McGrath said EU Inc. will be an optional legal regime of corporate rules with the goal of being able to establish an entity that can legally operate in the EU in 24-48 hours completely online. He said the corporate rules are "digital-by-default throughout the life cycle of the company," with a simplified digital insolvency regime.

It will have to be formally established through an EU regulation, like the EU General Data Protection Regulation, instead of a directive, such as the NIS2 Directive, which would have to be transposed into the national law of each country.

"This is a single corporate law rulebook for a company that will have the term 'EU Inc.' at the end of its name, which will be seamlessly recognized throughout the European Union," McGrath said. "The instrument of choice here is a regulation because the very motivation is to get away from fragmentation. If you were to go down the road of a directive, it would have to be transposed into national law, and the manner of transposition, you could end up with 27 versions of this new EU Inc. regime."

The Commission's goal is to complete a political agreement on EU Inc. by the end of the year with the hope of the regulation entering into force "as soon as possible." He said EU Inc. companies would have access to a digital wallet containing all essential company documents that are shared with the relevant national authorities, such as tax collecting agencies and social security administrations to help streamline those compliance processes in a centralized manner.

"Simplicity is key and we have to make sure that the final product is one that is attractive to investors, and in Europe, we have a real difficulty in that we don't have the same depth of capital markets (as the U.S.)," McGrath said. "Within the next decade, we will see considerable growth among European companies if we get this right."

Pushback on EU digital censorship claims

Concluding his remarks, McGrath discussed the European Democracy Shield, which is an initiative to enhance the EU's toolbox to counter foreign information manipulation and interference that was launched by the European Commission in 2024.

The nonlegislative project has a goal of establishing a new European Centre for Democratic Resilience, safeguarding the integrity of the information space, strengthening EU institutions, free and fair elections, and promoting free and independent media, and boosting civic engagement by 2027, according to European Parliament.

In promoting the EDS, McGrath defended the DSA and similar legislation as laws that actually uphold free speech online due to the provisions like the DSA's transparency requirements, which compel a digital platform's operators to inform a user when their speech has been removed and also offer an appeal process for the user to have their comments re-published after removal.

"When we look at the evidence under the DSA, we see a very significant number of content moderation decisions made by the platforms themselves that have been reversed because they have been challenged by citizens using the very instrument that we are accused of using for censorship," McGrath said. "We need to do a much better job in the European Union of explaining that, and defending the rulebook that we have that actually protects free speech."

This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.

Submit for CPEs

Contributors:

Alex LaCasse

Staff Writer

IAPP

Tags:

Frameworks and standards International data transfers Law and regulation GDPR Cybersecurity law Privacy

Related Stories

### European Commission outlines digital simplification plans at LIBE meeting 24 Sept. 2025

### European Parliament LIBE hearing tackles Digital Omnibus skepticism 27 Jan. 2026

### European Commission adopts EU-US adequacy decision 10 July 2023

### Recital 26, the Digital Omnibus, and why deidentification statements are becoming inevitable 16 April 2026

ANALYSIS