Technology & Science
EU Digital Omnibus: Brussels Moves to Delay High-Risk AI Rules and Loosen GDPR Data Limits
On 19 November 2025 the European Commission unveiled a “Digital Omnibus” that would push enforcement of high-risk AI Act provisions from August 2026 to December 2027 and redefine “personal data” so companies can train models on EU citizens’ information with fewer consent requirements.
Focusing Facts
- Commission forecasts €5 billion in administrative cost savings by 2029 if the Omnibus is adopted.
- Grace period for high-risk AI systems is extended by 16–18 months, giving firms until December 2027 to comply.
- The plan introduces a cross-border “European Business Wallet” expected to cut up to €150 billion in paperwork annually once fully deployed.
Context
Europe has swung between pioneering privacy rules (the 1995 Data-Protection Directive and 2018 GDPR) and later easing them when competitiveness fears spike—much like its 1980s retreat from strict telecom monopolies that culminated in the 1998 liberalisation directive. Today’s Omnibus echoes that pendulum: a regulatory high-water mark in 2024 is already receding under pressure from U.S. diplomacy and domestic industry, reminiscent of the post-Sarbanes-Oxley softening in the U.S. mid-2000s. Structurally, the move signals a pivot from rights-first governance toward industrial policy aimed at stemming the brain- and capital-drain to America and China; it also centralises power in Brussels via the new AI Office, continuing a decades-long trend of EU competence creep. On a century horizon, how Europe resolves this tension will shape whether it remains a rule-setter—in the tradition of the 1985 “New Approach” to product standards—or becomes primarily a market governed by external tech giants. If the proposal passes, it may mark the moment the EU chose competitiveness over its vaunted data-protection model; if it fails, it will affirm that the Union’s identity is still anchored in fundamental rights even at economic cost.
Perspectives
Left-leaning European media and privacy-advocacy outlets
e.g., The Guardian, DutchNews.nl — They cast the Digital Omnibus as a major rollback of hard-won EU digital rights that hands Big Tech and the Trump administration a victory at the expense of citizens’ privacy and fundamental freedoms. Because these publications often champion civil-liberties causes, they emphasise worst-case privacy scenarios and downplay the Commission’s competitiveness rationale, framing the reform almost exclusively as corporate capture.
Business- and tech-industry-friendly tech press
e.g., Mobile World Live, Engadget — They present the proposals as overdue red-tape cutting that will boost European competitiveness, simplify compliance and let startups innovate without being strangled by strict AI and privacy rules. Their coverage echoes talking points from lobby groups such as CCIA, largely glossing over civil-rights critiques and portraying deregulation as an unqualified economic good.
Legal and compliance trade publications
e.g., CMS Wire, Lexology — They frame the leaked Omnibus as a pragmatic legal streamlining that clarifies GDPR grey areas, consolidates data laws and offers companies welcome breathing room while technically maintaining core protections. Targeting corporate counsels, they foreground practical compliance benefits and may understate the political controversy or the potential erosion of user rights flagged by NGOs.