The Cake Test
A recipe for real digital simplification
The best cakes are not the most complicated.
You don’t need three kinds of flour, endless sifting or a mountain of mixing bowls. A good cake works because the recipe is simple – the right ingredients, used well.
Digital rules should follow the same idea. If “simplification” adds more steps, more forms and more layers, then it’s not simplification. It’s just complexity in disguise.
The Cake Test sets out seven easy steps to check whether the Digital Omnibus delivers real simplification – or just fresh icing on the same old cake.
The key ingredients of Europe’s digital future
Artificial intelligence
Artificial intelligence (AI) carries enormous transformational potential for industry and society. Insurers are using AI to improve customer service, increase efficiency and provide greater insight into customers’ needs.
Customers are embracing this innovation in insurance, as it responds to their needs and makes their interactions with insurers more convenient. However, as with any technological development, it also comes with challenges that need to be assessed and, where relevant, addressed by policymakers and businesses.
Insurance Europe supports actions at EU level to promote and support the development and uptake of AI, as well as actions to facilitate access to and use of data, which is essential for the further development of AI systems.
Cloud
Cloud adoption plays a key role in the digital transformation of insurance companies, offering benefits like enhanced data analysis, improved customer experience, cost and operational efficiencies, scalability and agility, which are essential for staying competitive and innovating. It enables insurers to streamline operations and can help speed up innovation and the adoption of new technologies like AI.
Ensuring the highest possible level of cybersecurity and operational resilience is paramount, as well as the ability to leverage access to best -in-class technology. The regulatory framework needs to support and promote the uptake of cloud and avoid any measures that may slow down adoption.
Cybersecurity
In an increasingly interconnected world, cybersecurity has become a cornerstone of the European Union’s digital strategy.
As cyber threats grow in scale and sophistication, the EU is working to strengthen its collective resilience through coordinated policies, robust legislation, and cross-border cooperation. From the Network and Information Security (NIS2) Directive to the European Cybersecurity Act, the EU aims to protect critical infrastructure, ensure data privacy, and foster trust in digital services.
Cybersecurity is a strategic imperative for safeguarding democratic values, economic stability and the rights of EU citizens. It underpins trust in Europe’s digital economy and the resilience of its critical infrastructure.
Data
To enable data-driven innovation, the EU must focus on enhancing the usability, coherence and effectiveness of its legislative framework.
The proliferation of overlapping legal instruments – including the General Data Protection Regulation (GDPR), AI Act and the Data Act – creates uncertainty about their interplay. Comprehensive and accessible guidelines must be developed by the Commission to help stakeholders understand how these instruments interact in practice. Such guidance should clarify obligations and rights while facilitating compliance and innovation.
The ongoing digital transformation present significant opportunities for insurers and their customers alike. While the current regulatory framework is designed to safeguard consumers, it is equally important to evaluate whether existing rules inadvertently hinder innovation or impose unnecessary barriers for both insurers and their policyholders.
The European Commission’s Digital Omnibus is a package of updates to existing EU digital laws – such as the AI Act, Data Act, Cyber Resilience Act and DORA – to make them simpler, more consistent and easier to apply.
It aims to reduce overlap, close gaps between frameworks and ensure that Europe’s digital rules remain coherent as technology evolves.
Cybersecurity
In an increasingly interconnected world, cybersecurity has become a cornerstone of the European Union’s digital strategy.
As cyber threats grow in scale and sophistication, the EU is working to strengthen its collective resilience through coordinated policies, robust legislation, and cross-border cooperation. From the Network and Information Security (NIS2) Directive to the European Cybersecurity Act, the EU aims to protect critical infrastructure, ensure data privacy, and foster trust in digital services.
Cybersecurity is a strategic imperative for safeguarding democratic values, economic stability and the rights of EU citizens. It underpins trust in Europe’s digital economy and the resilience of its critical infrastructure.
Know what’s inside
No hidden ingredients, no relabelled complexity.
A good recipe starts with clarity. You don’t want mystery ingredients or vague labels – just a clear list of what’s in the mix and why it is there. Digital rules should be the same.
Simplification should not mean hiding complexity behind new names or frameworks. Every element should have a clear purpose, understood by everyone who has to apply it.
Why it matters: Clarity prevents inconsistent interpretations and avoids unnecessary burdens.
Only use one bowl
Simple recipes don’t need five mixing bowls. One is enough.
Today, insurers face different reporting and oversight channels under the AI Act, DORA, and GDPR, each with separate definitions, expectations, and reporting lines. True alignment means one coordinated framework, not parallel systems that contradict one another.
Why it matters: Alignment reduces duplication, streamlines supervision, and makes compliance manageable.
Weigh only what you need
Precision matters. Too many requirements spoil balance.
Too much of anything can spoil even the greatest recipe. In legislation, it is the same. Excessive reporting and templates drain resources without improving outcomes.
Why it matters: Targeted rules reduce administrative burden and focus efforts where they count.
Refine and filter
If an element adds no value or repeats what is already there, leave it out.
Before adding new rules, the EU should filter what already exists in Solvency II, IDD and GDPR. Without this review, new laws risk duplicating old requirements or creating parallel obligations for the same risk.
Why it matters: Filtering avoids redundancy and ensures new rules genuinely improve governance.
Blend well
Ingredients must come together smoothly.
Digital legislation across AI, data protection, and cyber risk is currently drafted in silos. Without clear guidance, these frameworks clash in practice, forcing companies to reconcile contradictions.
Why it matters: Interoperability ensures consistency and reduces friction in implementation.
Give it time to bake (and rest)
Even a perfect recipe fails if rushed.
Continuous updates to frameworks, before implementation has begun, like those seen with DORA, create disruption and divert investment. Stability and realistic transition timelines are essential for meaningful delivery.
Why it matters: Predictable timelines support planning, investment, and compliance.
Taste before serving
Make sure it suits the global palate.
Rules should be tested before rollout. Thresholds, incident definitions, and impact assessments must work in real-life conditions, not just on paper.
Why it matters: Proportionate testing prevents overreaction and unintended burden.
A good recipe – and a good baker – also caters to who will taste it.
Simplification should make EU rules clear, consistent and practical for all who apply them. When frameworks connect smoothly with existing global practices, Europe stays competitive and its safeguards remain strong.
Simplification is not about making things smaller. It is about making them work for those who must live with the outcome.
How can simplification keep Europe competitive?
Done with dessert? Visit our main website to explore Insurance Europe’s broader policy work: insuranceeurope.eu
The European Commission’s Digital Omnibus is a package of updates to existing EU digital laws — such as the AI Act, Data Act, Cyber Resilience Act and DORA — to make them simpler, more consistent and easier to apply.
It aims to reduce overlap, close gaps between frameworks and ensure that Europe’s digital rules remain coherent as technology evolves.
The European Commission’s Digital Omnibus is a package of updates to existing EU digital laws — such as the AI Act, Data Act, Cyber Resilience Act and DORA — to make them simpler, more consistent and easier to apply.
It aims to reduce overlap, close gaps between frameworks and ensure that Europe’s digital rules remain coherent as technology evolves.
The European Commission’s Digital Omnibus is a package of updates to existing EU digital laws — such as the AI Act, Data Act, Cyber Resilience Act and DORA — to make them simpler, more consistent and easier to apply.
It aims to reduce overlap, close gaps between frameworks and ensure that Europe’s digital rules remain coherent as technology evolves.