The European Commission’s Digital Omnibus and AI Omnibus proposals aim to streamline Europe’s digital rulebook, reduce compliance costs, and make regulation more innovation-friendly. The ambition is clear: cut red tape and boost competitiveness. But as the Brussels machinery starts turning, two realities stand out, procedural complexity and contentious substance.
What’s in the package?
What was anticipated as the Digital Omnibus Package, was presented as a set of twin proposals the Digital Omnibus (COM(2025) 837) and AI Omnibus (COM(2025) 836). The former, bundles and updates large parts of the data, privacy and cybersecurity acquis, and aims at streamlining certain aspects of the EU data sharing, privacy and data protection regulatory framework as well as the creation of a single-entry point for cybersecurity and data-breach reporting via ENISA. The latter fine-tunes the new AI Act by linking high-risk system compliance deadlines to the availability of standards and guidance, extending SME-style flexibilities to small mid-caps, and establishing a legal basis for processing sensitive data to detect algorithmic bias.
Together, the measures respond to longstanding calls for coherence and digital-by-design compliance tools, with the Commission projecting substantial savings, around €5 billion over three years for the Digital Omnibus, and €297–433 million for the AI package.
Where simplification meets Brussels: a procedural maze
In the European Parliament, competence disputes are already surfacing. Each legislative file is assigned to Committees based on subject matter. When proposals span multiple areas –as the Omnibus does– several Committees claim a stake.
On the AI Omnibus, the expectation was for IMCO and LIBE to reprise their co-leadership from the original AI Act, but ITRE and JURI are now pushing back, arguing that the technical adjustments and legal clarifications fall squarely within their remits. The Digital Omnibus is no less complex: by revising GDPR, the Data Act and EU cybersecurity frameworks, it naturally pulls in both ITRE and LIBE as likely co-leads, while IMCO and JURI angle for opinion roles. Even other committees, like BUDG, may seek involvement given the resource implications for ENISA and the AI Office.
Why does this matter? Competence fights delay negotiations. For the original AI Act, it took nearly a year to settle roles. If history repeats, the Commission’s six-month ambition looks optimistic to say the least.
On the Council side, the Digital Omnibus sits with the Antici Group on Simplification (AGS), where each Member State sends one fixed representative for all Digital Omnibus meetings, and one rotating expert depending on the topic (cybersecurity, data, telecom). Ultimately, decisions escalate to Coreper II and the General Affairs Council (GAC) which means political agreement will depend on broader simplification priorities, not just digital policy.
Implication: While the Council avoids fragmented technical debates, the reliance on AGS and Coreper means progress hinges on political consensus, and less technical expertise, another factor that could slow adoption.
Contentious substance: What you should be on lookout for
- Cybersecurity Single Entry Point
The Digital Omnibus mandates ENISA to build a “report once, share many” platform for NIS2, GDPR, DORA, CER and eIDAS notifications. Governments welcome the aim but flag national sovereignty, interoperability, and security concerns: will the single-entry point become a single point of failure? Can it truly be integrated in existing national systems and templates without duplicating workflows or centralising sensitive data at EU level?
- GDPR adjustments
The Digital Omnibus narrows the notion of “personal data” (entity‑specific identifiability), introduces machine‑readable consent signals (with a grace period for browsers/interfaces), and aligns breach notification thresholds and DPIA lists at EU level. While these steps can lower day‑to‑day compliance friction, NGOs and some governments warn of legal uncertainty and potential weakening of protections if definitions and templates are not crystal clear.
- e-Privacy and consent fatigue
The Digital Omnibus moves cookie consent rules into GDPR and introduces machine-readable consent signals. While this could reduce banner fatigue, questions remain on technical feasibility, browser readiness, and whether media exemptions undermine user choice.
- AI Act timelines
The AI Omnibus links entry‑into‑application for high‑risk obligations to the availability of standards/guidance (with backstop dates in late 2027/2028). Several member states favour one fixed deadline for certainty. Without fixed criteria for the Commission decision that “adequate measures” exist, businesses could face continuous uncertainty across sectors and jurisdictions.
- Sensitive data for bias detection & AI Literacy
The AI Omnibus introduces a legal basis for processing special categories of personal data to detect and mitigate bias in high-risk AI systems.; Questions remain open on its proportionality, safeguards, and alignment with GDPR principles and the EU Charter of Fundamental Rights.
Bottom line: Businesses should monitor negotiations closely, stress-test compliance frameworks, and prepare to engage in consultations. Simplification could be an opportunity, but only for those ready to adapt.
The road ahead
The Omnibus package seeks to recalibrate Europe’s digital governance framework, yet it arrives in a policy landscape that continues to evolve rapidly. Alongside efforts to streamline existing rules, the forthcoming Digital Fitness Check and new initiatives such as the Digital Networks Act and Digital Fairness Act will further shape the regulatory outlook. Ultimately, the impact of the Omnibus will depend on legislators’ ability to resolve procedural hurdles and provide legal clarity. Achieving this would mark a meaningful step toward a more coherent, digital-by-design framework; falling short risks turning the reset into a modest refinement rather than the comprehensive simplification many stakeholders have called for.
If you’d like to understand what the Digital Omnibus and AI Omnibus proposals mean for your organisation, or how to position your interests in the upcoming legislative debate, reach out at: efesatidou@political-intelligence.com or lneri@political-intelligence.com.
Erato Fesatidou – Consultant, Brussels
Lisa Neri – Senior Consultant, Brussels
