European Union: Commission announced Proposal for Digital Omnibus Regulation (EU 2025/0360) including data protection regulation

On 19 November 2025, the European Commission announced its Proposal for a Digital Omnibus Regulation (EU 2025/0360) on the simplification of the digital legislative framework. The Digital Omnibus would amend a number of existing regulations, including the GDPR, the Data Act, the EU AI Act, and the NIS 2 Directive, while repealing the Regulations on non-personal data, the P2B Regulation, the Data Governance Act, and the Open Data Directive. The Digital Omnibus would amend the GDPR by extending the definition of personal data to specify that an entity is reasonably likely to have the means to identify a person, exempting certain biometric data and data used by AI from the restrictions on processing special categories of personal data, and specifying that processing of personal data that is necessary for the interests of a controller in the development or operation of an AI system can be pursued for legitimate interests. The Digital Omnibus would also alter the requirements for cookie banners by exempting personal data processing from the cookie requirements under the ePrivacy Directive. Instead, it would amend the GDPR to maintain consent requirement, while specifying that certain processing activities, such as electronic communications transmissions, service provision, audience measurement solely for an online service provider, and maintaining or restoring security, would be considered lawful. The Digital Omnibus proposes changes to the Data Act allowing trade secret holders to refuse requests for access to data in certain situations. The amended Data Act would also include provisions for the registration of digital intermediation services and digital altruism organisations. Further, the Data Act would be amended to provide for the reuse of data held by public bodies, the reuse of open government data, encouraging the open availability of research data, and specifying rules regarding the availability of high-value datasets.