Press Release: Commission’s Digital Omnibus is a major rollback of EU digital protections
Today the European Commission has published two Digital Omnibus proposals, reopening the EU’s core protections against harm in the digital age. This step risks dismantling the rules-based system that was hard-won over decades, endangering the very foundation of human rights and tech policy in the EU.
Brussels, 19 November, 2025 – Today, the European Commission has published two Digital Omnibus proposals (Digital Omnibus and Digital Omnibus on AI) and opened a Digital Fitness Check, part of a sweeping deregulation agenda for EU digital policies. This is a massive reopening of EU’s core digital protections – so far including the General Data Protection Regulation (GDPR), ePrivacy Directive and the Artificial Intelligence (AI) Act – a move that risks dismantling the very foundation of human rights and tech policy in the EU.
The Omnibus weakens the ePrivacy framework by shifting the key provision of device access into the GDPR. Consent will remain necessary for most tracking, but several broad exceptions will still allow businesses to read data on devices without asking. The privacy signal is the one positive element. It gives people a clear way to refuse access, but it applies only after two years and does not cover many media sites.
The same proposal also rewrites essential parts of the GDPR. It narrows the definition of personal data through a new recital that allows companies to mark their own homework, allows the unchecked use of people’s most intimate data for training AI systems, and reshapes automated decision making, leading to discriminatory impacts to allow wider use with fewer limits.
Taken together, these changes give both state authorities and powerful companies more room to collect and process personal information with limited oversight and reduced transparency. People will lose straightforward safeguards, and minoritised communities will face even higher exposure to profiling, automated decisions and intrusive monitoring.
"'If the Commission devoted the same energy to enforcing digital laws as it does to gutting them, we wouldn’t be debating simplification. Europe’s rulebook doesn’t need a facelift. It needs a backbone.''
The Digital Omnibus on AI tears the AI Act apart, undermining its key protections, including oversight and transparency mechanisms. Those making or selling AI systems could exempt themselves from fundamental rules, turning the EU’s flagship legislation into a “carte blanche” for high-risk algorithmic technologies. It also delays the high risk requirements without a clear timeline – caving to industry’s demands – and ultimately subverting the protections for people from AI harms and completely undermining legal certainty. As if this is not enough, the proposal weakens transparency, accountability and the role of fundamental rights bodies. This will leave people without effective redress when AI systems harm or discriminate against them.
“Despite the Commission’s attempts to play down the issue, the Digital Omnibus is a full-on betrayal of Europe’s promise. They are trading the protection of people from harmful AI systems for hollow promises of ‘innovation’. This is no shocker: when tech money flows like water in Brussels, guess who is steering the ship?"
The Digital Omnibus proposals pander to corporate interests, with Big Tech players as well as European corporations standing to gain significantly. It also plays into the hands of the US administration, which has a vested interest in undermining the EU’s tech policy framework. Industry players also had privileged access to decision-makers and the law-making process: the Commission followed a procedure with legislative shortcuts that circumvented democratic scrutiny, sidelining concerns from civil society acting in the public interest.
“We have to ask: who really benefits from this broad deregulatory agenda? Because if you want to be able to breathe clean air, protect workers from abuse, and go online without being tracked by hundreds of bad actors, then you certainly won’t.”
The EU does not need fewer rules, it needs the political will and long-term vision to protect people and communities in the digital age. We urge the European Council and Parliament to reject this attempt to weaken the GDPR, ePrivacy, AI Act and other key digital rules. The Digital Fitness Check further signals that it is ‘open season’ for literally any and every digital protection. Instead of dismantling the EU’s digital rights framework, policymakers should focus on strong, consistent enforcement.
Experts available for comments:
- Ella Jakubowska, Head of Policy (deregulation and Digital Omnibus proposals in general)
- Itxaso Domínguez de Olazábal, Policy Advisor (data protection and privacy)
- Blue Duangdjai Tiyavorabun, Policy Advisor (AI)
The Digital Omnibus and the Digital Fitness Check
- The Digital Omnibus Regulation Proposal and the Digital Omnibus on AI Regulation Proposal are two separate but inter-related legislative proposals claimed by the European Commission to update the EU’s tech policy framework, but are instead reopening vital protections. The Digital Omnibus cuts across data issues, including the EU’s General Data Protection Regulation (GDPR), the ePrivacy Directive, and the Data Governance Act, whilst also tackling issues of the use of data for AI. The second one, the Digital Omnibus on AI, reopens the EU Artificial Intelligence Act.
- Alongside these Omnibus, the Commission has opened a call for evidence on the Digital Fitness Check – which they explain could include any law with a significant digital element.
- The digital policy space has already experienced several deregulation initiatives: the withdrawal of the ePrivacy Regulation and AI Liability Directive in early 2025, and the fourth in the Commission’s wide-ranging Omnibus series, the “Midcaps” Omnibus.
- In April 2025, the European Commission also released its AI Continent Action Plan, with the aim of “unlocking the full potential of AI”, and introduced a Data Union Strategy to increase the availability of data for AI development. With this move, the EU announced the simplification of EU data rules under the pretext of strengthening the EU’s global position on international data flows.
- Together, these numerous proposals and initiatives are part of the Commission’s Digital Simplification Package. This is the first Digital Omnibus.
The European Commission’s deregulation drive
- On 13 November, the European Parliament voted in plenary to approve the Omnibus I package, which scales back the EU’s new sustainability and due diligence rules. These laws were designed to ensure that companies report on their environmental footprint and prevent human rights and environmental abuses throughout their supply chains. With the material aspects that technologies entail, environmental justice is digital justice. According to more than 100 legal experts, the proposal breaches EU law.
- On 21 May 2025, the European Commission published a proposal for regulation, known as Omnibus IV, amending – among others – the GDPR. With this, the Commission aims to expand measures available to small and medium sized enterprises (SMEs) to Small Mid-Cap companies (SMCs), like the reduction of compliance costs, to improve economic growth. More about EDRi’s perspective.
- This deregulatory political moment is likely to spill over into upcoming legislation, such as the Digital Fairness Act expected in 2026. This forthcoming EU law is meant to modernise consumer protection for the digital age, a key file that EDRi has been advocating for to ensure that online platforms tackle manipulative design practices and embed fairness by design and by default.
- Forthcoming Digital Omnibus would mark point of no return
- Why the Digital Omnibus puts GDPR and ePrivacy at risk
- Deregulating digital rights: Why the EU’s war on ‘red tape’ should worry us all
- EDRi’s consultation response to the European Commission’s call for evidence on the Digital Omnibus
- The EU weakens the rules that safeguard people and the environment
- One year of the AI Act: What’s the political and legal landscape now?
- The European Commission and Member States must keep AI Act national implementation on track