BRUSSELS - The Business Software Alliance (BSA) today called on the European Commission to go one step further in simplifying the EU’s digital rulebook, reinforcing the risk-based approach to AI and delivering deeper alignment across cybersecurity legislation.

In its response to the Digital Fitness Check consultation, BSA welcomed the general objective of the Commission’s Simplification Agenda to make rules simpler and therefore easier for companies to navigate and apply. However, meaningful simplification, BSA stressed, requires more than structural adjustments.

On artificial intelligence, BSA emphasized that the AI Act’s risk-based foundation must remain intact. High-risk regulatory requirements should stay focused on genuinely high-risk uses of AI and avoid unintentionally capturing lower-risk systems. Where meaningful human oversight is built in — with a person reviewing outputs and retaining the final decision — the AI system functions as a support tool, thereby mitigating the high-risk setting. That reality should be reflected in high-risk classification requirements.

On cybersecurity, BSA noted that a single reporting entry point is a welcome first step. However, companies operating across frameworks such as the CRA, NIS2, and DORA still face fragmented definitions, inconsistent reporting timelines, and duplicative audit requirements.

“The Commission has taken an important first step on simplification, but it shouldn’t stop there,” said Hadrien Valembois, Director, Policy – EMEA at BSA. “For companies building AI and cybersecurity solutions, clarity and coherence matter just as much as ambition. The AI Act should stay focused on real risk, especially where meaningful human oversight already limits harm. And on cybersecurity, reporting once should truly mean reporting once, with consistent definitions, reporting timelines across digital laws. Europe should not be afraid to go further; simplification is what will make its digital framework truly work in practice.”

BSA’s submission underscores that regulatory coherence, proportionality, and alignment across digital legislation are essential to strengthening Europe’s competitiveness, resilience, and innovation ecosystem.