Digital Omnibus: Regulatory Simplification or a Redefinition of Digital Rights in the EU? -

On November 19, 2025, the European Commission officially presented the proposal for the “Digital Omnibus” regulation, a legislative package aimed at simplifying, harmonizing, and making the European Union’s complex framework of digital rules more consistent. The proposal, currently under review by the European Parliament and the Council, has a cross-cutting impact on several key pieces of legislation, including the GDPR, the ePrivacy Directive, the Data Act, the NIS2 Directive, and the AI Act, with the stated goal of reducing regulatory overlap, compliance costs, and uncertainty regarding application for businesses and public administrations.

The Digital Omnibus comprises at least two main proposals:

■ Digital Omnibus Regulation Proposal — technical provisions to amend and streamline digital regulations, with impacts on the GDPR, ePrivacy, Data Governance, Data Act, NIS2, and other acts.

■ Digital Omnibus on AI Regulation Proposal — more specific measures designed to refine the AI Act and coordinate it with the rest of the digital regulatory framework.

Key Issues and Critical Points in Personal Data Regulation

Among the most significant and critical aspects of the Digital Omnibus proposal is the issue of the definition of “personal data”. The initiative aims to redefine and contextualize this concept for the purposes of the GDPR, introducing criteria that are more functional and tied to the concrete context of identifying the data subject, emphasizing “means reasonably likely to be used.” Such an approach, if adopted, could affect the subjective scope of application of the GDPR, influencing the classification of certain information as protected personal data.

The proposal also addresses certain specific obligations, particularly regarding automated decision-making and cookie management, with the aim of reducing administrative burdens and simplifying compliance. However, these changes raise interpretative doubts, especially regarding the preservation of the protection standards enshrined in the Charter of Fundamental Rights of the European Union.

The package has sparked a wide-ranging debate: some fear a weakening of the GDPR’s safeguards, while others, on the contrary, see an opportunity for a more coherent and certain digital framework. The proposal is still under review by the European Parliament and the Council and remains subject to significant changes.