EU’s 'Digital Omnibus' Proposes Easing AI and Privacy Rules, Sparking Fierce Debate

The European Commission has unveiled a package of proposals nicknamed the "Digital Omnibus" aimed at simplifying and clarifying rules on artificial intelligence and data privacy. The measures would delay stricter limits on certain AI uses, loosen some privacy constraints, and clarify when data stops being "personal" under EU law — moves that supporters say will boost innovation and critics argue amount to a rollback of digital rights.

What the proposal would change

Key elements include pushing back the enforcement date for tougher controls on "high-risk" AI applications from August 2026 to December 2027. High-risk categories cited include biometric identification, utilities, health services, credit scoring and law enforcement tools. The Commission also proposes clarifications on when data can be considered effectively anonymised, potentially making it easier for companies to use such information to train AI models.

The package would amend several EU laws, including the AI Act, the General Data Protection Regulation (GDPR), the e-Privacy Directive and the Data Act. Among the specific proposed changes are exemptions from registering certain high-risk AI systems in an EU database when those systems perform narrow or purely procedural tasks, and simplified rules for cookie consent pop-ups.

Supporters and critics

Commission officials say the adjustments are intended to strike a balance: protecting citizens while keeping Europe competitive with firms in the United States and Asia. "Europe has not so far reaped the full benefits of the digital revolution," EU Economy Commissioner Valdis Dombrovskis said, warning the bloc cannot afford to fall behind.

Industry representatives largely welcomed the move as a step toward clearer, less burdensome rules. Major tech firms and trade groups have lobbied for changes to make compliance easier; some European companies, including Siemens and SAP, have publicly called for revisions to reduce complexity.

Legal experts described the approach as an attempt to reduce friction for innovators while preserving core safeguards. "The Commission appears to be aiming for simpler, more predictable rules that reduce friction for innovators while keeping core EU safeguards intact," said Ahmed Baladi, a partner at Gibson Dunn who specialises in AI and tech regulation.

However, privacy campaigners and civil rights organisations warned that the proposals dilute protections. Max Schrems of privacy group noyb warned the changes would channel personal data into the algorithms of big tech platforms, enabling AI systems to infer intimate details and potentially manipulate people. An open letter signed by 127 civil organisations described the package as "the biggest rollback of digital fundamental rights in EU history."

EU antitrust chief Henna Virkkunen acknowledged the competing views, saying some stakeholders will argue the package does not go far enough while others will say it goes too far. Lawmaker Brando Benifei, who led Parliament talks on AI rules, urged continued defence of citizens' digital rights.

Public response and next steps

Protests broke out in Brussels, where campaigners placed mobile billboards and posters urging Commission President Ursula von der Leyen to resist pressure from Big Tech and the U.S. administration. Dutch MEP Kim van Sparrentak called the proposals "disappointing," saying the Commission had succumbed to lobbying pressure.

The proposed changes still require approval from EU member states and members of the European Parliament before they can take effect. If adopted, they would reshape the timeline and some compliance requirements for companies operating in the EU while prompting fresh debates about the balance between innovation and fundamental rights.

By Supantha Mukherjee and Foo Yun Chee