Menu
The image shows the flag of the European Union, featuring a circle of twelve gold stars on a blue background. The fabric appears to be slightly wavy, reflecting light and creating a sense of movement, much like the dynamic discussions led by the AI Act Monitoring Group.

EU Digital Omnibus: Commission Plan for Digital Law Simplification

The European Commission’s “Digital Omnibus” package is a horizontal simplification initiative aimed at cutting duplication and contradictions across core EU digital laws while preserving substantive protections. The project, presented to the LIBE Committee and opened for public consultation, seeks targeted, technical amendments that streamline compliance and enforcement for authorities and businesses. It is not a deregulatory exercise; rather, it focuses on coherence, clear definitions, consistent procedures, and reduced administrative friction across parallel instruments.

The scope spans a wide set of files, with priority touchpoints including the GDPR, Law Enforcement Directive, ePrivacy Directive, AI Act, Data Act, Data Governance Act, Digital Services Act, Digital Markets Act, NIS2, the Platform Workers Directive proposals, and related sectoral rules. Early discussion points signal attention to cross‑references, notification and reporting overlaps, complaint handling pathways, and alignment of supervisory roles where multiple regimes apply simultaneously. The Commission’s public portal indicates an emphasis on “digital simplification” through standardizing concepts and timelines, removing redundancies, and clarifying how different acts interact in practice.

For privacy and data protection practitioners, three areas are likely to matter. First, consistency between GDPR and ePrivacy: definitions of electronic communications data, consent mechanics, and enforcement interfaces with national authorities remain uneven, creating friction in incident response and audits. Second, interface with the AI Act: risk classification, DPIAs versus AI risk management documentation, and the treatment of personal data in model training and evaluation can benefit from harmonized guidance and cross‑act references. Third, data‑sharing frameworks under the Data Act and Data Governance Act need clearer alignment with GDPR lawful bases, international transfer rules, and confidentiality safeguards to avoid contradictory obligations.

Enforcement architecture and procedural streamlining are central. The Commission signaled interest in tightening the coherence of complaint and redress mechanisms, smoothing cross‑border cooperation, and clarifying the role of lead authorities when multiple regimes are triggered by one factual situation. In parallel, reporting obligations—security incidents under NIS2, personal data breaches under GDPR, AI serious incidents under the AI Act—may be reviewed to reduce duplication, align timelines, and realize coordinated reporting where appropriate. Stakeholders are encouraged to submit concrete, technical proposals through the consultation platform, focusing on definitional alignment, cross‑references, and procedural consolidation that can be achieved without altering core rights or obligations. The initiative will proceed through an impact‑assessed legislative process, with sector input shaping the final set of targeted amendments.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *