Feedback from German Social Insurance issued 14 October 2025
Call for evidence by the European Commission on a Digital Omnibus
Preliminary remarks
The German Social Insurance (DSV) welcomes the European Commission’s initiative to simplify and harmonise the multitude of existing legislation in the digital field through an omnibus proposal. Social insurance institutions, with their own IT infrastructures, data-intensive administrative processes and the anticipated use of artificial intelligence (AI) systems, face the task of integrating the requirements of relevant legislation into their governance and compliance structures early and sustainably. A clear, coherent and user-friendly regulatory framework is therefore essential to ensure the legally sound use of digital innovations while safeguarding Europe’s high standards of data protection and social security.
Social insurance institutions are not merely users of digital solutions but active co-designers and data providers. They increasingly develop their own data-driven applications, for example for service management, prevention or fraud detection. At the same time, they make social data available that is indispensable for research and innovation – for example for the development of AI models. The regulatory framework should take account of this role of social insurance as an active market participant and promote, rather than hinder, cooperation with research and industry.
Position
Artificial intelligence
DSV supports the objective of the European AI regulatory framework to enable innovation while protecting fundamental rights and European values. However, practical implementation reveals a considerable need for adjustment. In particular, it is necessary to ensure coherence between the AI Act (Regulation (EU) 2024/1689) and other relevant frameworks on data protection, cybersecurity or social data protection. This will reduce administrative burdens caused by divergent requirements and multiple audits while creating legal certainty.
Especially legal certainty in the application of the AI Act is of importance for social insurance institutions. DSV therefore welcomes the European Commission’s efforts to provide practical implementation support through already published and forthcoming guidance documents – for instance on the definition of AI, the classification and handling of high-risk AI systems, and the interaction with other legal acts such as the Medical Devices Regulation (Regulation (EU) 2017/745) and the General Data Protection Regulation (Regulation (EU) 2016/679). In the longer term, the AI Act Service Desk could also make an important contribution. However, the guidance published so far lacks practical relevance. It is therefore essential that future guidance address more specifically the circumstances of the public sector and in particular social insurance.
From the perspective of social insurance institutions, it is crucial to receive practical and resource-efficient implementation tools. These include not only guidance but also technical standards, templates and self-assessment tools that reflect concrete use cases – from benefit processing and service chatbots to exploratory machine-learning applications. For the latter, it is particularly important that technically unavoidable intermediate steps – such as the generation of scores or probabilities at the level of individual entities – are not prematurely classified as “profiling”. A clear distinction between the public-interest use of AI in the public sector and commercially motivated profiling practices would help to avoid impeding innovation in social security.
Data, data protection and cybersecurity
Social insurance institutions not only provide social data for research but also require reliable data access themselves to ensure continuous service provision. Simplified and harmonised data-governance rules are therefore of great importance, also to facilitate the implementation of major digital projects. In this context, DSV welcomes the European Commission’s plans, within the Digital Omnibus, to update outdated provisions on cookies and other tracking technologies. The aim must be to establish clear and pragmatic rules that provide legal clarity on lawful data access and processing while limiting “consent fatigue”. This would ensure that digital services – such as web-based platforms for rehabilitation or follow-up care – and the related consent processes can be designed and operated in a user-friendly and legally compliant manner.
Furthermore, DSV calls for clear and practical EU-wide provisions on the reporting of security and data-protection incidents. The goal must be to reduce administrative burdens for public bodies, avoid duplicate reporting and ensure a streamlined workflow. Already today, public entities are subject to extensive reporting obligations for security incidents and data breaches to various national and European authorities. It is therefore necessary to consolidate these reporting duties across the digital domain by establishing clear references to competent authorities in the relevant EU legal acts. In doing so, synergies with existing national structures – such as Computer Emergency Response Teams (CERTs) – could be leveraged to create a coherent European reporting architecture.
Electronic identification
DSV supports the objective of the European Digital Identity (EUDI) and the EUDI Wallet to establish the basis for secure, interoperable and cross-border identification procedures. However, this requires that European solutions are compatible with existing infrastructures to avoid duplication and unnecessary interface developments. This also applies with regard to the announced European Business Wallet (EBW).
In this context, the swift and coherent implementation of the European digital identity framework (Regulation (EU) 2024/1183) is essential. It must be ensured that, in addition to the primary identity, supplementary credentials – such as pension identification cards – are governed by harmonised European standards to ensure compatibility. Moreover, personal data changes (for example changes of name or gender) should automatically update across all relevant credentials in order to avoid separate national procedures and to strengthen cross-border interoperability.
The authentication process itself should follow clear principles. DSV welcomes that the eIDAS Regulation enshrines the principle of data minimisation, requiring relying parties to determine in advance which identification data are necessary for a given purpose and to process only those data. In addition, it should be ensured that, alongside the standard method of electronic identification, alternative secure procedures remain available so that users can flexibly choose the identification method most suitable for them.
About us
The German Federal Pension Insurance (DRV Bund), the German Social Accident Insurance (DGUV), the National Association of Statutory Health Insurance Funds (GKV-Spitzenverband), the national associations for statutory health and long-term care insurance funds at the federal level and the Social Insurance for Agriculture, Forestry and Horticulture (SVLFG) have joined forces to form the "German Social Insurance - Working Group Europe" (Deutsche Sozialversicherung Arbeitsgemeinschaft Europa e. V.) with a view to their common European policy interests. The association represents the interests of its members vis-à-vis the bodies of the European Union (EU) as well as other European institutions and advises the relevant stakeholders in the context of current legislative projects and initiatives. As part of the statutory insurance system in Germany, health and long-term care insurance with 75 million insured persons, pension insurance with 57 million insured persons and accident insurance with more than 70 million insured persons in 5.2 million member companies offer effective protection against the consequences of major risks of life.