The EU Digital Omnibus

The European Union’s digital rulebook has long suffered from siloed legislation, forcing multinational firms to navigate a maze of national implementations. The Digital Omnibus seeks to replace that patchwork with a unified framework anchored in the Data Act, while the Data Union Strategy promises data‑labs and a legal helpdesk to accelerate AI innovation. By introducing a Europe‑wide Business Wallet, the Commission aims to give companies a secure digital identity recognised in every Member State, cutting administrative friction for cross‑border contracts, e‑invoicing and public‑sector interactions.

For artificial intelligence, the Omnibus marks a pragmatic shift. High‑risk AI obligations will only kick in once the Commission certifies that harmonised standards and guidance are in place, delaying enforcement to 2027‑28. This gives developers time to align with common specifications and reduces the risk of premature penalties. The creation of an EU‑level sandbox for general‑purpose AI models, coupled with expanded powers for the AI Office, centralises oversight and mitigates the current fragmentation among national regulators. Small mid‑cap firms also gain proportionate documentation requirements, echoing earlier SME relief measures.

Data protection and cybersecurity receive parallel simplifications. GDPR’s personal‑data definition is clarified to reflect recent Court of Justice rulings, and breach notifications are extended from 72 to 96 hours, but only for incidents posing high risk to individuals. A single reporting portal, to be built by ENISA, will aggregate incident notifications across GDPR, NIS2, DORA and other regimes, streamlining compliance for organisations operating across the bloc. Together, these reforms aim to lower administrative burdens, foster a more predictable regulatory environment, and position the EU as a cohesive digital market for businesses and innovators alike.