Digital Omnibus: EU simplifies GDPR, AI, and cookie regulations

The biggest digital reform of EU law since the GDPR and AI Act

The European Commission has presented the “Digital Omnibus” proposal, aimed at transforming the EU’s digital regulatory framework. Experts consider it potentially the most significant update since the introduction of the GDPR and the AI Act. 

The package seeks to simplify corporate compliance obligations, reduce administrative costs, and enhance competitiveness in the digital sector, including in artificial intelligence and online services.

Simplifications for companies in the processing of personal data and the use of AI

The proposal introduces changes to personal data protection rules. It includes measures to facilitate the use of anonymized and pseudonymized data and their application in training AI models under the so-called legitimate interest basis. The Commission emphasizes that all such activities must still comply with the broader privacy protection framework.

New cookie rules- no more banners, more control for users

The Digital Omnibus revises the rules governing the use of cookies. Low-risk cookies would no longer require explicit user consent, and privacy settings could be managed directly via the browser or operating system. The aim is to reduce intrusive cookie banners that have long dominated the European internet.

High-risk AI: shifting responsibilities and supporting small businesses

The new rules postpone the application of requirements for high-risk AI systems. Implementation will be possible only after up to 16 months from the confirmation of the availability of relevant technical standards and deployment tools. Small businesses will benefit from simplified documentation requirements and broader access to regulatory sandboxes.

Centralization of incident reporting- one system for GDPR, DORA, and NIS2

The Commission also proposes centralizing the reporting of security incidents. Currently, companies must file reports under multiple regulatory frameworks, including GDPR, NIS2, and DORA. The new system is intended to streamline this process, improve consistency of reports, and strengthen oversight of data security across the EU.

Digital wallet for businesses- savings and simpler formalities

The Digital Omnibus introduces a digital wallet for companies, enabling document signing, secure communication with partners and public administrations, and management of tax-related processes. The Commission expects that its implementation will generate significant savings and facilitate business operations across the Union.

Controversy surrounding the Digital Omnibus- will it threaten citizens’ rights?

Although technical in nature, the proposal has sparked controversy. Critics warn that it may weaken existing data protection standards and increase the influence of major tech corporations. Attention is being drawn to the risk of limiting digital sovereignty, while the organization NOYB describes the Digital Omnibus as one of the greatest threats to citizens’ digital rights in recent years.

What next for the project? The future of Digital Omnibus lies in the hands of the EP and Member States

The Digital Omnibus will now proceed to the European Parliament and EU Member States, where the legislative process and discussions on the final regulatory framework will continue. These decisions will shape the future of EU digital regulation and its impact on business, technology, and data protection.

Changes to EU digital law will affect every company operating online

If you want to assess the impact of the Digital Omnibus on your business, adapt your procedures to new regulations, or prepare for the implementation of the GDPR, AI Act, DORA, or TFR, contact the Dudkowiak & Putyra team.