.webp)
.webp)
The European Commission's Digital Omnibus proposal introduces sweeping amendments to the EU AI Act, GDPR, and the wider data governance and digital legislative framework. Debated for the first time by the European Parliament's IMCO Committee on 27 February 2026, the Digital Omnibus package aims to simplify compliance, extend support for smaller businesses and start-ups, and strengthen the AI Office's oversight of general-purpose AI models and AI-generated content.
The European Union is moving to reshape its digital regulatory landscape in Europe. The European Parliament's IMCO Committee held its first exchange of views on the Digital Omnibus package on 27 February 2026, marking the beginning of formal parliamentary scrutiny of this new digital package. For organizations operating under the EU AI Act and related digital legislation, digital rules, and regulations, the proposed changes carry significant implications for compliance planning, compliance obligations, and strategic EU governance.
Two Proposals, One Objective
The Digital Omnibus consists of two legislative proposals. The first amends a broad range of existing laws covering data protection, data governance, and cybersecurity. It touches the General Data Protection Regulation (GDPR), the Data Act, and several cybersecurity instruments, while repealing the Platform-to-Business Regulation on the grounds that it overlaps with the Digital Services Act and the Digital Markets Act. The same package is also framed as simplification intended to reduce administrative work and regulatory frictions for public administrations and the European economy.
The second proposal focuses exclusively on the EU AI Act, and can be seen as a digital omnibus regulation proposal targeting implementation timelines, simplified compliance for SMEs, and the institutional powers of the AI Office. Together, the two proposals form what the European Commission describes as a coordinated effort to cut regulatory red tape, enable scaling-up, and strengthen Europe's position in the global AI race—often discussed in terms of EU competitiveness and closing an innovation gap.
AI Act Implementation: From Fixed Deadline to Standards Readiness
Among the most consequential changes is a proposed revision to the AI Act's implementation schedule. High-risk AI obligations, currently set to apply from August 2026, would no longer be triggered by a fixed date. Instead, they would take effect once the necessary harmonized standards, commission guidelines, and guidance are in place—shaping how high-risk AI systems are assessed for conformity, including in sensitive sectors such as medical devices.
Proponents argue this reflects practical reality, as companies cannot comply with AI Act obligations that lack clear technical benchmarks. However, a study presented during the IMCO session by Visionary Analytics warned that replacing a defined deadline with a readiness-based trigger could introduce uncertainty if the criteria for readiness are not transparent and predictable. Both the European Parliament and the Council appear to support the revised timeline, according to draft texts reported by Euractiv.
The proposal also extends simplified compliance procedures beyond SMEs to include small mid-caps, and it strengthens the role of the AI Office in overseeing general-purpose AI models at EU level. It may also encourage more practical support mechanisms, including AI regulatory sandboxes, to accelerate responsible development and reduce immediate relief pressures tied to unclear standards. For businesses preparing for the next phase of AI regulatory compliance, these changes reinforce the need for a proactive, standards-aligned governance strategy—especially where fundamental rights impact assessments may become a more central expectation for high-impact deployments.
GDPR Amendments: Redefining Personal Data
The most far-reaching amendments concern the GDPR. The proposal narrows the test for determining whether data qualifies as personal data. Under the current framework, identifiability is assessed based on whether any actor could theoretically identify an individual. The revised approach would examine whether a specific data controller can realistically do so using the means at its disposal, which could influence how organizations justify use of a large corpus for model training and related development activities.
Supporters say this would reduce disproportionate compliance burdens, particularly for organizations processing large datasets for AI development. Critics, including several MEPs, have cautioned that narrowing the identifiability test could weaken data protection and disproportionately benefit dominant non-EU AI firms seeking expanded access to European data. Organizations navigating these shifts will need to maintain robust data governance practices to ensure continued alignment with evolving requirements, technical amendments, and any further coordination between supervisory authorities.
What This Means for Compliance Strategy
The Digital Omnibus signals a clear shift in the EU's regulatory posture: from rigid timelines toward a more adaptive, standards-driven approach within a broader digital rulebook. While this may offer greater flexibility, it also demands that businesses remain closely engaged with the legislative process and invest in scalable governance frameworks—particularly where high-risk AI systems, AI-generated content, or cross-border data use are involved.
As the proposals advance through parliamentary and Council negotiations, organizations that take a forward-looking approach to navigating the EU AI Act and related digital regulations will be best positioned to turn compliance into a foundation for trust, accountability, and long-term competitive advantage across Europe. For many, the practical question will be whether the long-awaited proposal delivers genuine simplification—potentially alongside broader initiatives such as a digital omnibus package approach or references to an eprivacy directive alignment—without undermining protections for citizens or slowing responsible innovation.
