European Citizens' Initiative · Article 11(4) TEU
One EU IT Act A single, coherent legal framework for the EU's digital obligations and rights — replacing the current fragmented landscape.
The Problem
A rule of law problem,
on both sides
Over a decade, the EU has produced digital regulation of remarkable density. Volume and fragmentation are now themselves part of the problem.
Companies can't find their obligations
Dozens of overlapping instruments, each with delegated acts, guidance, 27 transpositions, and competent-authority positions. Microenterprises and SMEs cannot reasonably identify what applies to them.
Individuals can't find their rights
The same person is at once data subject, recipient of digital services, user of AI systems, consumer, holder of trust services. The protections exist but are inaccessible without specialist legal help.
Volume is structural
Each instrument is extensive, prescriptive and detailed in ways that frequently go further than necessary. The Treaty principles of subsidiarity and proportionality (Article 5 TEU) are not visibly satisfied.
The Digital Omnibus addresses this only at the margins.
The direction needs to change.
The Proposal
One Act, one place,
one set of definitions
A single Union legislative act consolidating the digital and IT acquis into one instrument structured by category — both obligations and rights, in one place.
One Act, structured by category
Privacy. Cybersecurity. AI. Digital services and platforms. Data sharing. Digital identity. Digital products and liability. Each section holds, in one place, both the obligations imposed and the rights conferred.
Repeal and recodify, by default
Every Union act that can be folded into the IT Act is identified and replaced. Where an instrument stays outside, the justification is expressly stated. Not "amend-and-coexist."
Proportionality and parsimony
Drafted as concisely as the subject permits. Consolidation must not mean accumulation. The Commission publishes a quantitative comparison of the IT Act's operative volume against the acts it replaces.
Common definitions
Manufacturer, provider, deployer, operator, user, controller, processor, data holder — defined once for the whole Act. Any sectional deviation is expressly justified.
Information model, machine-readable, equally authoritative
A formal information model representing obligations, rights, conditions, exceptions and cross-references. Built on ELI and Akoma Ntoso. The machine-readable form is authoritative on equal footing with the human-readable form.
Forward discipline
New Union proposals in the IT field default to amendments of the IT Act rather than free-standing instruments, each with an assessment of its cumulative effect.
The Path
The path for a Citizens' Initiative
Regulation (EU) 2019/788 is the only direct-democracy instrument capable of obliging the European Commission to formally engage with a citizen-driven proposal.
1 · Form the group of seven
Seven EU citizens of voting age, each resident in a different Member State, acting as the official committee vis-à-vis the Commission. One confirmed. Six to find.
2 · Register with the Commission
The committee submits the registered text and the optional draft legal act. The Commission has two months to register, exceptionally four.
3 · Collect one million signatures
One million verified signatures across at least seven Member States within twelve months, with national minima (Sweden ~15 000, Germany ~73 000, France ~55 000).
Get Involved
Ways to help
All involvement is appreciated!
For the record
The Draft Proposal
The full text the committee will submit to the Commission for registration.
Open the current full draft proposal
One EU IT Act: a single, coherent legal framework for digital obligations and rights
Subject matter. The Commission is invited to propose a single Union legislative act, the EU IT Act, consolidating the digital and IT-related Union acquis, both obligations imposed and rights conferred, into one instrument structured by category, and to identify Union acts that can be repealed and folded into it.
Background: a rule of law problem
Compliance with the EU's digital and IT acquis now requires the parallel reading of dozens of overlapping Union acts. Among them: GDPR, ePrivacy Directive, AI Act, Digital Services Act, Digital Markets Act, Data Act, Data Governance Act, Cyber Resilience Act, NIS2 Directive, DORA, eIDAS 2.0, the Platform-to-Business Regulation, Open Data Directive, Free Flow of Non-Personal Data Regulation, and the digital and cybersecurity provisions of the GPSR, RED and Machinery Regulation. Each instrument carries its own delegated and implementing acts, guidance, FAQs, model clauses, harmonised standards, 27 national transpositions where applicable, and competent-authority positions.
The problem is not only scatter. Volume is itself a structural concern. Each digital instrument is extensive, prescriptive and detailed in ways that frequently go further than necessary to achieve its objectives. The Treaty principles of subsidiarity and proportionality (Article 5 TEU) require Union action to go no further than necessary. The cumulative trajectory of the digital acquis does not visibly satisfy that test, and any consolidation exercise that merely repackages the same volume in a single document would not solve the problem it sets out to solve.
The principle that legal subjects should be able to know, in advance, what the law requires of them, and what the law grants them, is foundational. The current siloed approach does not meet it. Neither the obligations imposed on those who must comply, nor the rights conferred on those the acquis is meant to protect, are accessible without specialist legal assistance that microenterprises, SMEs, civil society organisations and individual citizens do not have. The Commission's Digital Omnibus addresses this only at the margins. The direction needs to change.
Objectives
1. One Act. The Commission shall propose a single Union legislative act, the EU IT Act, bringing together the principal Union obligations and rights relating to digital and IT activity. The Act shall be the primary reference instrument for those obligations and rights.
2. Repeal and recodify, by default. The Commission shall identify every Union act, directive and regulation that can be repealed and folded into the EU IT Act. The default position shall be repeal-and-recodify, not amend-and-coexist. Where an instrument is retained outside the IT Act, the justification shall be expressly stated.
3. Proportionality and parsimony in drafting. The EU IT Act shall be drafted in accordance with the Treaty principles of subsidiarity and proportionality (Article 5 TEU), with the additional discipline of legislative parsimony: only what is necessary, drafted as concisely as the subject permits. Consolidation shall not mean accumulation. Where existing provisions overlap, duplicate or contain unnecessary detail, those shall be removed in the consolidation. The Commission shall publish, alongside the proposal, a quantitative comparison of the operative volume of the IT Act against the operative volume of the acts it replaces, and shall explain any net increase.
4. Structure by category. The IT Act shall be organised into sections corresponding to the subject-matter categories that legal subjects actually need to navigate, including: personal data and privacy; cybersecurity and incident response; artificial intelligence systems; digital services, platforms and online intermediaries; data access, sharing and reuse; digital identity and trust services; digital products and liability.
Each section shall set out, in one place, both the obligations imposed on those who must comply and the rights conferred on those the acquis is meant to protect.
5. Common definitions. Recurring concepts shall be defined once for the whole Act. Any sectional deviation shall be expressly justified in the recital text.
6. Information model and machine-readable form. The Commission shall develop and adopt a formal information model representing the legal content of the EU IT Act. The model shall build on ELI and Akoma Ntoso. The machine-readable form shall be authoritative on equal footing with the human-readable form.
7. Forward discipline. New Union proposals in the IT field shall, as a default, take the form of amendments to the EU IT Act rather than free-standing instruments.
Treaty basis
- Article 11(4) TEU (instrument of the Initiative)
- Article 16 TFEU (data protection)
- Article 26 TFEU (internal market)
- Article 114 TFEU (approximation of laws, principal legal basis)
Out of scope
This Initiative does not weaken the substantive level of protection afforded by the existing acquis — it strengthens that protection by making both obligations and rights knowable to those they concern. It addresses architecture, not substance.