The European Commission’s unveiling of the digital omnibus package has unleashed a torrent of responses, as lawmakers, civil society groups, and industry representatives debate whether the proposals genuinely streamline regulation or quietly erode fundamental rights.
The package, which includes delays to high-risk AI rules and revisions to GDPR and ePrivacy provisions, comes amid mounting pressure from the US administration and an increase in lobbying by Big Tech, as well as earlier calls from figures like Mario Draghi to delay the AI regulation.
MEPs’ rift over simplification
The Commission claims the package will ease compliance, reduce administrative costs, and save companies billions. High-risk AI systems, GDPR obligations, ePrivacy rules, and data governance are all on the table. For some politicians, this is a chance to modernise an outdated framework. MEP Eva Maydell (EPP/BLG) framed it as a matter of industrial survival: “Europe cannot afford a digital rulebook that drains time, talent, and opportunity. The digital omnibus is our chance to make laws work like a jigsaw: efficient, consistent, and agile.” DigitalEurope echoed the sentiment, highlighting delays to the AI Act and the European Business Wallet as crucial steps to boost competitiveness.
But political support is far from uniform. Socialists and Greens warn that the Commission’s push risks undermining Europe’s carefully constructed digital protections. MEP Alex Agius Saliba (S&D/MLT) argued that the omnibus “could recklessly undermine the EU’s digital legal framework”, stressing that enforcement should take priority over simplification.
MEP Kim van Sparrentak (Greens-EFA/NLD) added that the package appeared to cave to external pressures, warning that the EU risks “rolling out the red carpet to a business model based on stolen data, hype and zero regard for human rights or the planet”. Even Renew MEPs, while welcoming some practical simplifications, insisted that the GDPR should remain intact.
You might be interested
Alarm bells ringing
The AI Act, and particularly the delay of its high-risk provisions, has become a centre point. These refer to the provisions applied to systems used in sensitive areas like job screening, credit scoring, law enforcement, biometric identification, or critical infrastructure. Although originally due to take effect in August 2026, the obligations could now be postponed until December 2027. The controversy deepens with the proposed removal of the registration requirement for self-assessed high-risk AI systems. Companies could decide if their AI is high-risk or not without notifying authorities.
Critics argue this grants an extra year of unregulated operation for AI systems that pose serious risks to fundamental rights. LibertiesEU called the move “a total surrender on a basic, minimum fundamental rights protection”, while EDRi policy advisors warned it could dismantle decades of hard-won EU digital protections.
The digital omnibus would mainly benefit Big Tech, while failing to provide any tangible benefits to average EU companies. — Max Schrems, noyb
Concerns extend beyond AI. The omnibus proposes a redefinition of personal data under the GDPR and broader allowances for AI training on sensitive datasets. Max Schrems of noyb finds the changes a reason to worry. “The digital omnibus would mainly benefit Big Tech, while failing to provide any tangible benefits to average EU companies. This proposed reform is a sign of panic around shaping Europe’s digital future, not a sign of leadership,” he says. BEUC joined the criticism, highlighting that companies could process personal data for AI without consent, giving large firms an advantage over European start-ups and threatening consumers’ privacy.
Industry welcomes the changes
While civil society sees the proposals as a rights rollback, industry representatives frame the Omnibus as a necessary step toward EU competitiveness. DigitalEurope, which represents over 45k business members with European operations, welcomed the “refinement” of the AI Act and the European Business Wallet, positioning them as tools to support Europe’s digital competitiveness. The Director-General, Cecilia Bonefeld-Dahl, emphasised that the “simplification package is a first concrete step to keep European leadership in AI and advanced technologies within reach”.
The simplification package is a first concrete step to keep European leadership in AI and advanced technologies within reach — Cecilia Bonefeld-Dahl, Director General, DigitalEurope
Nevertheless, CCIA Europe, whose members include Google, Apple and Meta, called for further and bolder action. Alexandre Roure, Head of Policy highlighted gaps in the AI Act, cautioning that “Across Europe, AI developers and deployers need clarity, and they need it fast.” The organisation also stressed that the single cyber-incident portal is a modest improvement but insufficient to address fragmentation in cybersecurity rules.
While welcoming clarification of the interplay between AI, data protection, and cybersecurity, Mr Roure warned that “principle-based legislation, not GDPR changes introducing overly prescriptive rules on consent or objection” is key to fostering innovation. The digital omnibus now moves to the European Parliament and the Council. The negotiations there will determine how far lawmakers are willing to go in adjusting the EU’s tech laws.
