On 19 November, the European Commission published two (2) proposed Digital Omnibus Regulations.
The first (Digital Omnibus Regulation Proposal) proposes significant amendments to provisions of well-known legislative instruments that are already in force, such as the General Data Protection Regulation (GDPR – Regulation 2016/679), the Data Protection Regulation for the EU institutions, bodies, offices and agencies (EUDPR – Regulation 2018/1725), the ePrivacy Directive (Directive 2002/58/EC), the Data Act (Regulation 2023/2854), the Single Digital Gateway Regulation (Regulation 2018/1724), the NIS2 Directive (Directive 2022/2555) and the Critical Entities Resilience Directive (Directive 2022/2557).
It also proposes the repeal of other legislative instruments that are currently in force, namely the Regulation on the free flow of non-personal data (Regulation 2018/1807), the Data Governance Act (Regulation 2022/868), the Regulation on platform-to-business relations (P2B – Regulation 2019/1150) and the Open Data Directive (Directive 2019/1024).
The second (Digital Omnibus on AI Regulation Proposal) proposes significant amendments to legislation that is currently partially in force, in particular the Artificial Intelligence Act (AI Act – Regulation 2024/1689), while also introducing additions to legislation that is fully in force, specifically the Regulation establishing common rules in the field of civil aviation (Regulation 2018/1139).
Homo Digitalis, together with the European network of which it is a member, European Digital Rights (EDRi), as well as other civil society organisations, academics and experts, sought throughout 2025 to maintain a substantive and well-documented presence in the relevant legislative preparatory process. In this context, we submitted a series of open letters to the competent bodies of the European Commission in May, September and November, while at the same time setting out our positions and arguments in detail through active participation in the public consultation process in October 2025.
We had already warned that the Digital Omnibus package forms part of a broader wave of deregulation that threatens to weaken critical European rules, portraying fundamental rights as an alleged obstacle to innovation and, in practice, serving the interests of large technology companies. From the outset, we had no confidence that the European Commission would be able to genuinely absorb and process our positions within the framework of the public consultation, because the consultation closed in mid-October and the publication of the final text with the proposed provisions was expected just one month later. It would have been essentially impossible to analyse and incorporate arguments and proposals into the text within such a short timeframe.
By November 2025, it had become clear that the European Commission was never interested in substantive dialogue and exchange of views regarding this legislative initiative. At that point, a leak of certain drafts of the proposed provisions revealed that the Commission had already shaped a draft regulation containing highly problematic provisions, representing the greatest rollback in the protection of human rights in the digital sphere. We then highlighted, through a joint press release, the significant challenges arising from the proposed changes to the GDPR and the ePrivacy Directive. A few days later, the official text was published, concealing new surprises and even greater challenges for our rights and freedoms in the digital environment.
Today, we publish our in-depth study on the package of proposed Digital Omnibus reforms, explaining the challenges that arise for our rights and freedoms.
The text of our study is available here (EL).
The Digital Omnibus reform package is not a technical exercise in codification, but a decisive shift of the European digital acquis towards a regime of reduced safeguards and diminished accountability. If adopted as is, the Union risks losing the strongest tool it possessed internationally: the example that technological progress can coexist with high standards of fundamental rights protection.
This weakening will not be felt through dramatic ruptures, but through a slow and persistent erosion, whereby rights we considered non-negotiable will be transformed into exceptions, and oversight will become a shadow of its former self. The choice facing EU legislators does not concern the “simplification” of legislation, but the very future of the European model of human protection: whether it will remain a pillar of the rule of law or allow itself to be replaced by a logic in which innovation is imposed without counterbalances and privacy becomes negotiable.