On 19 November 2025, the European Commission unveiled its DIGITAL OMNIBUS STRATEGY, a broad simplification package designed to streamline key elements of the EU digital regulatory framework. The initiative accompanies legislative proposals amending several cornerstone instruments of EU digital law, including the GDPR, the Data Governance Act, the Data Act, the Open Data Directive, the ePrivacy framework, the AI Act, and cybersecurity legislation.
At first sight, the proposal appears surprising. Most of the instruments targeted by the Digital Omnibus are not old legislation in need of modernization. On the contrary, they represent some of the most recent and ambitious components of the EU’s digital acquis. The Data Governance Act became applicable in 2023, the AI Act was adopted in 2024, and the Data Act only started to apply in September 2025.
This raises an important question: why is the European Commission proposing amendments to legislation that has barely entered into force?
From Regulatory Expansion to Regulatory Consolidation
The answer offered by the Commission is revealing. The Digital Omnibus is not presented as a change of regulatory direction. Rather, it is described as a first step in a broader effort to “stress-test” the EU digital rulebook and ensure that digital legislation remains supportive of innovation, competitiveness and economic growth while preserving high levels of protection.
According to the Commission, the rapid expansion of EU digital regulation over the last decade has created a complex legal landscape. Stakeholders have increasingly reported overlaps between legislative instruments, duplicative compliance obligations, legal uncertainty, fragmented reporting requirements, and difficulties understanding how different rules interact in practice.
The Digital Omnibus therefore reflects a shift from the phase of regulatory construction to a phase of regulatory consolidation. Rather than introducing entirely new rules, the Commission seeks to simplify, align and rationalise the existing framework.
Key Highlights
1. Towards a “One Data Act” Approach
One of the most significant elements of the proposal concerns the EU data framework.
The Commission acknowledges that the current data acquis has become fragmented across multiple instruments. To address this, the Digital Omnibus proposes:
the repeal of the Free Flow of Non-Personal Data Regulation while preserving its core principle of free movement of non-personal data within the EU;
the integration of key provisions of the Data Governance Act and the Open Data Directive into a more coherent framework centred on the Data Act;
simplification of rules governing data intermediation services;
clarification of provisions relating to data sharing, cloud switching and public-sector access to data.
The objective is to create a more coherent legal architecture capable of supporting data-driven innovation and strengthening the European data economy.
2. Greater Legal Certainty for Data Protection and AI
A second pillar of the strategy concerns the interaction between data protection law and artificial intelligence.
The Commission identifies persistent uncertainty regarding:
anonymisation and pseudonymisation techniques;
the processing of personal data for scientific research;
the use of personal data for the development and operation of AI systems;
access rights under the GDPR;
data protection impact assessments and risk assessment obligations.
The proposed amendments seek to provide greater legal clarity without altering the fundamental principles of EU data protection law.
Importantly, the Commission explicitly links these reforms to the objective of facilitating the development of trustworthy AI in Europe.
3. Tackling “Consent Fatigue” and Cookie Banner Overload
The Digital Omnibus also addresses one of the most visible sources of regulatory frustration for internet users: cookie consent banners.
The Commission recognises the phenomenon of “consent fatigue”, whereby users are confronted with repetitive consent requests that undermine meaningful choice. To address this issue, the proposal includes:
one-click consent mechanisms;
machine-readable preference standards;
enhanced use of browser-based preference signals.
These measures aim to reduce compliance burdens while improving the effectiveness of privacy choices.
4. Simplifying the Implementation of the AI Act
The package includes a dedicated proposal amending the AI Act.
The Commission emphasises that these changes do not alter the fundamental objectives of the AI Act. Instead, they are intended to facilitate implementation, reduce unnecessary administrative burdens, and improve legal certainty for businesses.
The Commission also announces an extensive programme of guidance documents covering issues such as:
high-risk AI classification;
transparency obligations;
incident reporting;
fundamental rights impact assessments;
interactions between the AI Act and other EU legislation, including data protection law and cybersecurity rules.
5. A Single Cybersecurity Incident Reporting Mechanism
Another major objective of the Digital Omnibus is the rationalisation of cybersecurity reporting obligations.
The Commission proposes the creation of a single reporting mechanism capable of reducing overlaps between multiple notification requirements contained in different pieces of EU cybersecurity legislation.
This responds directly to stakeholder concerns regarding duplicated reporting duties and administrative complexity.
6. Repeal of Outdated Digital Legislation
The proposal also repeals several instruments considered redundant or superseded by more recent legislation, including the Platform-to-Business Regulation and other data-related measures whose objectives are now covered by newer regulatory frameworks.
A New Phase in EU Digital Governance
Perhaps the most important aspect of the Digital Omnibus is not any individual amendment, but what it reveals about the evolution of EU digital governance.
The Commission openly acknowledges that the challenge is no longer simply adopting new digital legislation. The challenge is ensuring that the growing body of digital regulation functions coherently as a system.
The Digital Omnibus therefore represents the first large-scale attempt to review the cumulative effects of the EU digital acquis. It marks the beginning of what the Commission calls a broader Digital Fitness Check, a process intended to assess how the digital rulebook affects innovation, competitiveness and regulatory effectiveness across sectors.
In this respect, the Digital Omnibus can be understood as an exercise in regulatory maintenance rather than deregulation. Its significance lies not only in simplifying compliance, but also in signalling the emergence of a new phase of EU digital policy: one focused on coherence, implementation and regulatory quality after years of intensive legislative expansion.
The Commission estimates that, if adopted, the measures could generate approximately EUR 5 billion in administrative cost savings for businesses and EUR 1 billion for public authorities by 2029.
Whether these ambitions will be achieved remains to be seen. What is already clear, however, is that the Digital Omnibus constitutes a significant milestone in the maturation of the European digital regulatory model.
