Adaptive Data Governance for EU Regulatory Change

The European Commission has proposed a new Digital Package, including a “Digital Omnibus” and an “AI Omnibus,” to streamline and align elements of the EU AI Act, GDPR, the Data Act and related digital rules. The goal is to ease overlapping obligations and make implementation of high‑risk AI requirements more practical and proportionate, while still preserving the EU’s high standards for privacy and fundamental‑rights protection.

For European financial institutions, this does not remove regulatory pressure so much as change its shape: firms still need to evidence strong data governance, operational resilience and AI accountability to supervisors across jurisdictions, but now against a moving target. That makes it increasingly important to build platforms and partnerships that can absorb regulatory change and turn compliance capabilities into a durable source of competitive advantage.

The Regulatory Landscape: What We Know – and What We Don’t

Over the past several years, financial institutions have navigated increasingly stringent compliance requirements. Under the original AI Act text, firms faced significant potential penalties for non‑compliance with high‑risk AI requirements, alongside extensive obligations for documentation, risk management and third‑party assessments.

At the same time, GDPR enforcement, the EU Data Act and the Digital Operational Resilience Act (DORA) are all pushing banks, insurers and investment firms, as well as market‑infrastructure providers, towards more resilient architectures, stronger data‑subject controls and demonstrable end‑to‑end governance.

Now, regulatory simplification is on the table. But history teaches that policy rarely moves in one direction for long. Even as some obligations ease, new demands are materializing. These include enhanced data‑switching rights under the Data Act, expanded portability mandates and tighter cybersecurity requirements under DORA.

“Trust in AI starts with trust in your data, your lineages, and the ability to evidence that trust consistently to European supervisors and national competent authorities,” said Kim Hatton.

Looking Back: What Financial Services Have Already Accomplished

Prior to these proposed changes, leading financial institutions had already invested heavily in unified data architectures, automated compliance workflows and explainable AI models. Leading European institutions such as Santander Bank Polska, Rabobank, Raiffeisen, Erste Group and ABN AMRO use the Databricks Data Intelligence Platform to combine strong governance with faster innovation. ¹

For example, Santander Bank Polska uses Databricks Unity Catalog to address critical governance challenges, while other well known European banks use a lakehouse framework for financial crime detection that maintains clear data lineage and audit trails required by European supervisors and national competent authorities.

Rabobank similarly leverages the platform to enhance its compliance infrastructure with scope‑based access controls and automated data governance.

These organizations have implemented sophisticated data‑management models with multi‑layered governance. They have decentralised platform ownership to subsidiaries, applied tenant‑based separation within departments and enforced scope‑based access control for each use case. At Raiffeisen, this approach achieved remarkable results: a complex annual compliance report that once took 30 days can now be generated in minutes, in a solution approved by European supervisors and national competent authorities across Central and Eastern Europe.

These firms did not just check compliance boxes; they transformed governance into a strategic enabler, reducing false positives, accelerating regulatory reporting and freeing up teams for higher‑value work.

What’s New: Strategic Positioning for an Uncertain Future

The question now is not whether regulations will change, but how firms will adapt when they do.

“To deliver operational resilience and personalised customer experiences, you must weave together intentional partnerships, modern data fabrics and agentic AI,” said Cyril Cymbler at the 2025 Sibos conference in Frankfurt. That means investing in platforms built for continuous evolution, not one‑time projects.

Three Strategic Moves for Financial Services Leaders

Strategic Move 1: Unify Governance Across the Data Lifecycle

A unified control plane for governance makes it easier to demonstrate consistent policy enforcement from ingestion to analytics and AI, including access management, PII discovery and lineage.

Rabobank uses Unity Catalog to transition to a secure, audit‑ready architecture, addressing critical regulatory challenges in credit analytics.

Strategic Move 2: Automate Compliance with AI Agents

Databricks Agent Bricks helps firms build production‑grade agents for tasks such as compliance checks, fraud monitoring and reporting in weeks rather than months, by combining governed data, governance controls and LLM tooling on one platform.

Erste Group Bank AG, one of the largest retail banks in Central and Eastern Europe, has already taken this approach by building an Agent for AI Governance on the Databricks platform.

Showcased at the Data + AI World Tour in Munich, the bank replaced ticket‑based processes with a conversational compliance AI assistant. Users can “just talk,” and the system automatically structures, validates and enriches their input for AI‑governance stakeholders. It then produces reviewer‑ready packets that cover EU AI Act obligations, security, data protection and architecture, while maintaining an auditable trail.

Strategic Move 3: Leverage Strategic Partnerships

Leading consultancies are already operationalising these shifts.

Deloitte is partnering with Databricks to help financial institutions build enterprise‑grade platforms that support both immediate use cases and long‑term strategic goals, combining unified architecture with expertise in governance, cloud migration and advanced analytics.

Equally, a broader ecosystem of partners is helping institutions modernise legacy architectures, improve data quality and scale AI safely — turning governance and compliance capabilities into long‑term competitive advantages.

Databricks’ Technical Advantage: Built for Change

What sets Databricks apart is not just governance, but intelligent governance that adapts in real time. Unity Catalog’s automated data classification scans and classifies sensitive data, including common PII types, as it is ingested, generating dashboards for audit trails. Liquid clustering dynamically reorganises data to optimise query performance, reducing costs and manual maintenance.

The platform captures runtime data lineage across all languages, down to the column level, enabling root‑cause analysis and troubleshooting in near real time. For compliance‑heavy industries, this means faster audits, clearer accountability and more agility when regulations shift.

ABN AMRO, the third‑largest bank in the Netherlands, overcame legacy data‑warehouse challenges by adopting Azure Databricks. The bank achieved 10x faster time to market for use cases, with deployments in about two months, and empowered more than 500 engineers, scientists and analysts. It now supports fraud detection, compliance monitoring and near‑real‑time customer insights across hundreds of terabytes of data from disparate sources.

As Junta Nakai noted in a recent vodcast with Josue Borgan, VP of Data and Architecture at Zeb: “When businesses democratize insight and automation, they don’t just reduce overhead. They surface unseen risks and opportunities, enabling industry‑defining moves.”

The Path Forward: Governance as a Competitive Advantage

We stand at an inflection point. Regulatory scale‑back is not a signal to relax; it is a window to strengthen foundations and prepare for whatever comes next. The organisations that will lead in this new era are those that treat compliance not as a cost centre, but as a source of strategic differentiation and growth.

With the federation capabilities in Unity Catalog, Agent Bricks and a robust ecosystem of partners, Databricks equips financial‑services firms to manage continuous change, automate governance at scale and turn regulatory uncertainty into competitive advantage. As the regulatory future unfolds, one constant remains: the firms that invest in transparent, adaptive, intelligent data platforms today will define their industries tomorrow.

For European financial institutions, this is a chance to modernise data and AI foundations in a way that meets today’s EU requirements while remaining flexible for what comes next.

Digital Omnibus / AI Omnibus proposals remain under negotiation and timelines may change.

Explore how Databricks can help your organization strengthen governance, operationalize AI responsibly, and stay ahead of evolving EU regulations. Reach out to our team to start the conversation.

¹ On 9 of January Santander completed the sale of 49% of Santander Bank Polska to Erste Group