Digital Omnibus Package: A step to simplify Europe’s Digital Rulebook

Digital Omnibus Package: A step to simplify Europe’s Digital Rulebook 

On 19 November 2025, the European Commission published its Digital Omnibus package, a comprehensive set of reform proposals designed to simplify, modernise and better align the EU’s digital legislative framework, while still supporting innovation, competitiveness and growth.

The package aims to make Europe’s digital rulebook more coherent and less burdensome for businesses of all sizes, from start-ups to multinationals, by streamlining existing laws across data, privacy, cybersecurity and AI hoping to save up to €5 billion in administrative costs by 2029.

1. Two proposed regulations 

General Digital Omnibus: updates and simplifies core digital laws (including GDPR, DORA, Data Act, ePrivacy, NIS2, and others), and repeals certain overlapping legislation. It proposes updated data access and reuse rules, stronger trade secret protections, calibrated cloud-switching requirements and a single EU entry point for incident reporting. Given the central role of pseudonymised data across many sectors, the proposals would bring greater legal certainty regarding the application of the GDPR. In line with recent CJEU case law, data will be regarded as personal for a given entity only where that entity can identify an individual, taking into account the means reasonably likely to be used. Furthermore, the proposal envisage transferring cookie and tracking requirements to the GDPR in cases involving the processing of personal data. They introduce limits on repeated consent requests to mitigate “cookie consent fatigue” and permit access to or storage of personal data on terminal equipment without consent in narrowly defined scenarios, including first-party aggregated audience measurement and service or device security.

Digital Omnibus on AI: proposes targeted amendments to the AI Act to facilitate implementation and reduce administrative burden. Certain AI Act obligations for high-risk systems will be linked to the adoption by the Commission of a decision confirming the availability of support tools and technical standards. It also refines documentation, monitoring and registration obligations and expands the use of regulatory sandboxes. For instance, certain AI systems that providers do not classify as high-risk would no longer be subject to mandatory registration in the EU high-risk AI database, reflecting a shift towards a more pragmatic, self-assessment-based approach.

2. Data Union Strategy

A strategic communication to scale up access to high-quality data for AI, put in place a Data Act Legal Helpdesk, streamline data policy and strengthen EU data sovereignty.

3. European Business Wallet  

A proposal to introduce a digital identity wallet for businesses, simplifying interactions with public authorities and reducing paperwork across Member States. Aim is that it could unlock €150 billion in savings for businesses each year.

The Digital Omnibus is still at proposal stage and will now move through the EU’s ordinary legislative process, alongside parallel public consultations launched by the Commission. We will closely follow how these proposals evolve and keep you informed on what they mean in practice for your organisations.