EU Unveils 'Digital Omnibus' Bill Streamlining GDPR and AI Act Rules
Summary
Today, the European Commission formally unveiled a “digital omnibus” bill aimed at simplifying its privacy and AI regulatory framework. The proposal streamlines parts of the General Data Protection Regulation (GDPR) and the AI Act, responding to growing criticism from industry, the U.S. and some EU governments that the rules are overly complex and slowing innovation. The package notably proposes delaying stricter rules on the use of AI in “high-risk” areas until December 2027 and streamlining other requirements. The omnibus also introduces a single-entry point for companies to fulfill all cybersecurity incident-reporting obligations, consolidating requirements under laws such as the NIS2 Directive, the GDPR and the Digital Operational Resilience Act (DORA). Additionally, targeted GDPR amendments aim to harmonize, clarify and simplify certain rules to ease compliance. The omnibus is complemented by a new Data Union Strategy, which aims to boost access to high-quality datasets, as well as a European Business Wallet, which will provide European companies and public sector bodies with a unified digital tool. The proposals will now be submitted to the European Parliament and the Council for adoption.
