Dr. Edoardo Celeste (Dublin City University)
Following the Draghi report on the state of EU competitiveness, the new mantra of the EU digital strategy has become ‘simplification’. The EU’s regulatory approach in the digital field has created a substantial amount of red tape that stifles EU innovation and compromises the EU’s capability to react fast and compete with global technopoles, such as the United States and China. In the digital field, the Commission published on 19 November 2025 the proposal for two regulations on ‘simplification of the digital legislative framework’, one general and one focusing on AI, which, given their impact on multiple areas of EU digital law, have been officially nicknamed the ‘Digital Omnibus’.
This proposal does not represent an isolated effort of the Commission: other omnibus proposals have been proposed to reduce the administrative burden in EU law compliance across a variety of policy sectors. From a methodological perspective, the two Digital Omnibus measures were preceded by a series of meetings to gather feedback, including three public consultations on specific areas of digital law and by a call for evidence.
Consolidating EU digital law: long-awaited reforms
The EU Commission explicitly admits that the decade of ‘actification’ of EU digital law produced a regulatory framework characterised by overlaps and inconsistencies. The general Digital Omnibus’s first mission is to streamline and consolidate data legislation. It plans to repeal the Free Flow of Data Regulation, the Open Data Directive and the Data Governance Act. These norms will be consolidated in a recalibrated version of the Data Act. Particular attention is paid to small and medium companies, whose obligations are standardised and simplified.
Moreover, the EU Commission aims to introduce a long-awaited reform of cookies, currently regulated by the now digitally ‘prehistoric’ e-Privacy Directive. Following multiple failed attempts to approve the proposal for an e-Privacy Regulation, the Digital Omnibus will modernise cookie rules, allowing also users to save personal preferences in their browsers without having to express or decline their consent on a case-by-case basis.
The risks of regulatory streamlining: uncertainty and unpredictability
If the consolidation of these data-related regulatory pieces and the cookie reform are certainly welcome, a more contested proposal relates to the amendments to the GDPR. The Digital Omnibus aims to introduce a criterion of reasonableness of identification as a threshold to trigger the definition of personal data. If a controller no longer has the reasonable possibility to identify the data subjects, those data will be considered as anonymous and thus not be subject to the GDPR. This proposal has been heavily criticised for its potential to inflate the level of relativity of the concept of personal data.
A similarly contested proposal is the one related to restricting the possibility for the data subject to exercise the rights to access to circumstances related to the protection of personal data, thus denoting as abusive requests with a different purpose. Such a change would deprive individuals of a right that is routinely used also to support legal disputes, making it very difficult in practice to identify cases where the right to data protection is not engaged, especially given the ancillary nature of this right to other interests.
Despite being adopted only last year, the AI Act has not been exempted from the intervention of the EU Commission. A separate Digital Omnibus on AI has been proposed to introduce more flexibility in the post-marketing monitoring phase and clarifying the interplay between the AI Act and other pieces of EU digital law. However, among its most contested proposals, the Omnibus plans to reduce the obligations of EU Member States in terms of promoting digital literacy and to concentrate in the AI Office the responsibility of overseeing the development of AI systems relying on general-purpose AI model. Indeed, leaving the implementation of the Act to Member State level was considered as a risk of creating fragmentation and slowing down EU innovation in the sector.
The new provisions on AI have not been welcomed by practitioners. Indeed, the AI Act is still in its phase of implementation, and the potential introduction of new rules exacerbates the climate of uncertainly that already naturally characterises the early phases of a new regulation.
Where is EU digital law going? The risk of weaponisation
The EU has so far been extremely proud of being the first to regulate substantial components of the digital ecosystem. The field of EU digital law has grown exponentially to the level that academic curricula as well as practitioners struggle to stay up to date. This process has not occurred in a vacuum. On the one hand, these pieces of regulation have allowed the EU to ensure its core fundamental rights are defended in the digital age and its internal market can work without barriers. But, on the other hand, their adoption has a specific meaning to convey to third country actors: even if you do not innovate in Europe, you will be subject to our rules if you want to offer your services here.
The EU economic weight has not been manifested in technological innovation made in the EU, but in EU regulation. The normative power has been for the EU its ultimate tool to preserve its values in an open market not dominated by EU actors. For this reason, the current proposals to simplify EU digital law have to be carefully assessed. Firstly, the EU cannot lower the standards that has so fiercely defended in the past decade. A simplification that would de facto correspond to a watering down of fundamental rights protection would represent an internal contradiction. Secondly, the EU should not fall in the trap of considering EU digital law as a tradable item in the global arm-wrestling with other third countries.
Here, the challenge is to justify the EU Commission’s proposals to simplify EU digital law as a genuine attempt to streamline it and eliminate red tape, and not as a way to please third countries such as the US with a strong interest in lowering EU regulatory standards in order to reduce the economic pressure of compliance on their tech companies. EU digital law should not be used by others as a weapon to threaten to withdraw support from the EU in other areas, such as military and defence. EU digital rights are non-negotiable, exactly as are their analogue principles on which they are based.
This blog was first published on the Dublin European Law Institute blog.
Edoardo Celeste is an Associate Professor of Law, Technology and Innovation and the Chair of the European Master in Law, Data and AI (EMILDAI) at Dublin City University.
