European Union (EU) policymakers are making rollbacks of protective, digital regulations – such as the General Data Protection Regulation (GDPR) and the Artificial Intelligence Act – within the Digital Omnibus Package. Most businesses are thankful for the changes, while privacy advocates are worried. The changes have the goal of simplifying compliance and fostering innovation, while many warn that the changes can ignore and diminish fundamental rights of the people.
The Digital Omnibus law has entered into effect across all the EU Member States
This law extends the changes in the regulations governing Artificial Intelligence, and changes in the areas where the laws on Data Protection and Cybersecurity laws apply. The law changes the implementation period for the new regulations on Artificial Intelligence in the areas of Biometric Data, Health Care, and Law Enforcement.
These – and other – areas of Health Care and Law Enforcement are categorized as ‘High Risk’ AI systems and were to have stricter regulations coming into effect in March 2026. This has now been extended to December 2027. Technology companies now have an extra 16 months to comply with the new regulations, especially those companies categorized as ‘Big Tech.’
The Omnibus Law also changes regulations governing the processing of personal data lawfully under the General Data Protection Regulation (GDPR). Such changes will now allow companies to use the argument of ‘Legitimate interest’ to claim their lawful processing of data to train an AI model is valid. Companies will also no longer need to obtain cookie consent from users. This will also result in fewer pop-ups on the web and other web-related communicationsthatย users receive from companies
Less documentation and fewer processes to complete reports
The new law promises small and medium-sized enterprises (SMEs) and other companies involved in cross-border trade within the EU Member States, less documentation and fewer processes to complete reports. These changes to the rules are predicted to result in an overall loss of โฌ5 billion for companies between now and 2029.
EU Economy Commissioner Valdis Dombrovskis has emphasized the need to ‘close the innovation gap’:
“Europe has not so far reaped the full benefits of the digital revolution.โ
Pressure from the Trump Administration and U.S. Tech Giants also played a role. Lobby groups representing companies like Google, Apple, and Meta have for years criticized the EUโs regulatory approach as far too restrictive, claiming it stifles innovation. These reforms reflect a balancing act between the U.S. Tech Sector and the EUโs regulatory approach.
Privacy advocates consider the regulatory reforms a bad rollback of the legal protections digital citizens have
Max Schrems, the NOYB – European Center for Digital Rights, stated:
“This is the biggest attack on Europeโs digital rights in years.”
More critics believe the regulatory reforms put citizens at risk of invasive data collection and biased decisions from algorithms. The concerns have also been significant surrounding the digital rights of citizens.
Privacy advocates consider the regulatory reforms a bad rollback of the legal protections digital citizens have. Max Schrems also stated:
“This is the biggest attack on Europeโs digital rights in years.” More critics believe the regulatory reforms put citizens at risk of invasive data collection and biased decisions from algorithms. The concerns have also been significant surrounding the digital rights of citizens. Campaigners have stated the EU’s global digital rights advocacy position has been weakened.”
Before becoming law, the proposals must be approved by the European Parliament and the member states. If approved, it will be a major change in the EUโs approach to regulation, shifting from a more severe approach to a flexible, business-friendly style. The debate is not settled because the relief from business is welcomed, and the right balance between fundamental rights and innovation is not clear in Europe.
