European industry is stepping up pressure to reshape the Digital Omnibus. More than 30 national technology associations and European industry groups called on the Council not to rush negotiations on the package.
The Commission presented the Digital Omnibus in November 2025, aiming to cut red tape and simplify rules. However, for businesses, it should be used to make more substantive changes. “The Digital Omnibus is one of the most powerful tools the co-legislators have at their disposal to ensure a competitive regulatory and business environment,” they say in a joint letter published on Thursday.
The signatories want the package to tackle three main issues: mandatory data-sharing requirements under the Data Act, uncertainty over the use of personal data in AI development, and overlapping cybersecurity-reporting obligations.
They also want the Council to take more time over its position. The European Parliament has set itself a deadline of February 2027 to complete its work. “We call on Council to conduct a thorough procedure as well, with sufficient time for reflection instead of rushing through half measures,” the letter said.
You might be interested
EU Data Act: voluntary data-sharing
The first demand concerns the EU Data Act, which gives consumers and businesses greater access to data generated by connected products. It can also require manufacturers to make some of that information available to third parties. The aim is to prevent manufacturers from keeping exclusive control over data produced by connected machinery, appliances, vehicles, and other devices.
For the business, “requires manufacturers to hand over proprietary and sensitive operational data to third parties, including to competitors in Europe and abroad”, the letter said. They also claim compliance could cost €235M a year, alongside €410M in one-off costs.
Instead, they “recommend that the omnibus supports voluntary data sharing frameworks, that protect data where needed”. Under this approach, businesses would have greater control over when operational data is shared and under what conditions.
Clearer GDPR rules for AI
The second demand targets the GDPR and the use of personal data in artificial intelligence. Companies developing or deploying AI systems may process large volumes of information, some of which can relate to identifiable people. Under the GDPR, organisations must have a valid legal basis for using that data and comply with requirements covering transparency, necessity and individual rights.
Industry groups say companies “face uncertainty as to the data they can use and how to protect it”. The signatories want the Omnibus to clarify which GDPR legal bases companies can rely on, as well as the rules applying to scientific research data and information used to prevent fraud. They also point to more than €10M in GDPR compliance costs for each large organisation in Europe.
Unified cyber reporting
The third demand focuses on cybersecurity reporting. A cyberattack can trigger obligations under several EU laws. Depending on the company and the incident, reports may be required under the NIS2 Directive, the GDPR, the Digital Operational Resilience Act and other sector-specific legislation.
The Commission has already moved towards common NIS2 reporting templates. Industry groups say it does not resolve the differences between the various legal regimes. “While common NIS2 reporting templates may alleviate some of the burden of overlapping incident reporting obligations, the Digital Omnibus fails to address the real pain points,” the letter said.
The signatories want harmonised reporting deadlines and thresholds, a genuinely single reporting point and a simplified Cyber Resilience Act. They cite an estimate that NIS2 and the Cyber Resilience Act together will cost industry €60.2 bn.
Civil society warns of a digital rights rollback
The industry campaign comes amid criticism that corporate lobbying has already played too large a role in shaping the Digital Omnibus. LobbyControl and Corporate Europe Observatory say several elements of the Commission proposal resemble positions promoted by Big Tech. Also, European Digital Rights described the package as a major rollback of EU digital protections.
Industry rejects those ideas. Business groups argue that overlapping rules also affect European manufacturers, service providers, and other companies operating across regulated sectors. DIGITALEUROPE welcomed the original Digital Omnibus and welcomed progress on the AI Omnibus, describing the result as a “major win”.
