The EACB welcomes the opportunity to contribute to the European Commission’s public consultation on the Digital Fitness Check. While recognising the value of a consistent EU-wide digital rulebook, the EACB emphasises that this achievement remains fragile. Divergent supervisory interpretations, misaligned implementation timelines and overlapping requirements increasingly undermine legal certainty and create significant administrative burdens for cooperative banks.
The EACB stresses the need to address structural shortcomings in its design and implementation of EU digital legislation. Digital rules should be coherent from the outset, aligned with sector-specific legislation and accompanied by realistic implementation timelines that reflect operational realities.
The EACB also highlights the major overlaps and inconsistencies across the digital rulebook, notably between DORA, NIS2 and the CRA; between the AI Act, GDPR and existing financial sector rules; and between data sharing frameworks such as the DGA, the Data Act and the FiDA proposal. These duplications lead to disproportionate complexity, multiple reporting obligations and fragmentation across Member States.
To improve coherence, legal certainty and workability, the EACB outlines several priority areas for action:
- Better sequencing of EU legislation and a clearer articulation between lex generalis and lex specialis, ensuring that horizontal frameworks are stabilised before sector specific rules are adopted.
- Realistic and predictable timelines for delegated and implementing acts, avoiding late adoption and year end deadlines that create operational bottlenecks.
- Strengthened cross-institutional governance and early stakeholder involvement, with enhanced coordination between DG CNECT, DG FISMA, the ESAs and national authorities.
In addition, the EACB stresses the need for targeted improvements in key regulatory areas:
- AI Act: A coherent and workable AI framework requires a clear EU definition of AI systems, timely standards, strong alignment with DORA, GDPR and credit sector rules, and predictable timelines for high risk AI obligations. Existing statistical method such as linear and logistic regressions should be consistently recognised as outside the Act’s scope.
- DORA: DORA should be fully recognised as lex specialis to avoid duplicative obligations with CRA and NIS2. Consolidated group level incident reporting and alignment between Level 1 and Level 2 texts are essential for legal clarity and operational efficiency.
- Digital Identity: Greater legal and operational clarity is needed regarding the interaction between eIDAS 2.0, PSD2/PSR and AML requirements, including responsibilities in fraud cases, harmonised implementation across Member States and realistic timelines for mandatory acceptance of the EUDI Wallet.
- Fraud prevention: A cross sector, ‘prevent fraud by design’ approach is needed, with fair distribution of responsibilities across banks, PSPs, telcos, platforms and social media. Banks must be able to rely on shared fraud prevention data infrastructures, rather than bilateral arrangements.
- Data sharing: A coherent data sharing ecosystem requires stabilising the horizontal framework (the merger of the ODD, DGA and FFDR under the Data Act Data Act) before introducing sector specific regimes such as FiDA. The EACB warns that FiDA risks duplicating the functionality of DGA based data intermediation services, creating parallel ecosystems and imposing disproportionate costs in the absence of clear market demand and a sustainable business model.
The EACB strongly believes that the proposed improvements will help build a digital regulatory environment that supports innovation and EU competitiveness, while maintaining high standards of consumer protection and alignment with the realities of the banking sector.