On 19 November 2025 the European Commission published the much-anticipated EU Digital Simplification Package. Also referred to as the "Digital Omnibus", the package is made up of two proposed omnibus laws: 

• a Regulation on the simplification of the implementation of harmonised rules on artificial intelligence (the "Digital Omnibus on AI")
• a Regulation simplifying and consolidating parts of the EU's digital acquis, making targeted amendments to data, privacy and cyber laws ("Digital Legislation Omnibus").

The Digital Omnibus package is a pivotal step in the EU's push towards harmonising and streamlining its digital regulatory framework, including for AI, data access, privacy, and cybersecurity. This forms part of the EU's new "digital package", which also includes a new Data Union Strategy and a proposal for a European Business Wallet. More broadly, the Digital Omnibus sits within a wider EU focus on enhancing competitiveness, reflected in the Competitiveness Compass, and aligns with the European Data Protection Board (EDPB)'s recent Helsinki Statement, which called for practical simplification of the EU's General Data Protection Regulation (GDPR), clearer and more usable guidance and deeper cross-regulatory cooperation to ensure greater consistency across the EU's evolving digital regulatory landscape.

Some of the key proposals of the Digital Omnibus relate to:

• Facilitating use of personal data in AI training, development and operation
• Transitional periods for entry into application of certain requirements under the EU AI Act (including high-risk AI provisions) and targeted amendments to other EU AI Act provisions on oversight, AI literacy, documentation and registration
• Consent fatigue and cookie rules
• Codifying a subjective, entity-driven approach to the definition of personal data in the GDPR
• Minimising the burden on controllers for certain data subject rights  under GDPR
• Creating a single point for incident reporting under a number EU laws, and increasing reporting thresholds and timeframes under GDPR
• Amending and consolidating key EU laws on data access and re-use
• Repealing the Platform-to-Business Regulation.

Our briefing provides an overview of the main proposals of the Digital Omnibus package and the practical implications of its proposals.

This is only the first step in a legislative process: the proposals will require approval from the European Parliament and the Council of the EU before they can become law. Further engagement with businesses and civil society is expected in the coming months as the Member States and Parliament consider their positions. Organisations should analyse the potential impact of the proposed reforms and consider whether, and how, to commence or continue policy engagement. 

In addition to monitoring the progress of the Digital Omnibus, organisations should review and track:

• The Data Union Strategy
• The proposal for European Business Wallets
• The newly published Model Contractual Terms on Data Access and Use and Standard Contractual Clauses for Cloud Computing Contracts
• The Digital Fitness Check consultation and calls for evidence, which could result in further reform to a wide range of other EU digital legislation such as, potentially, the Digital Services Act and the Digital Markets Act.

Our briefing includes a high-level overview of these developments.