The Digital Omnibus Reopens the EU Data Acquis Before It Has Even Been Tested

The European Union’s Digital Omnibus, unveiled this spring, seeks to streamline a patchwork of data‑related legislation that has emerged since 2022. By folding the Data Governance Act, the Open Data Directive and related measures into the 2023 Data Act, the proposal creates a single legislative hub for data access, reuse and governance. Proponents argue that a unified framework will reduce administrative burden for businesses and public bodies. However, the underlying rules of the Data Governance Act are still being implemented, meaning the omnibus attempts to simplify a system that has not yet been tested in practice.

Critics warn that the merger jeopardises the primacy of the General Data Protection Regulation, the cornerstone of EU data protection. The Data Act’s focus on market‑driven access could eclipse GDPR‑mandated safeguards such as purpose limitation and data‑subject rights, leaving companies unsure which regime applies. Moreover, the draft makes registration of data‑intermediaries—a key trust‑label mechanism—voluntary, diluting the enforceable neutrality that the Data Governance Act intended. This regulatory blur risks fragmented compliance, higher legal costs and a weakening of the EU’s reputation for strong, coherent data protection.

From a public‑policy perspective, the omnibus narrows non‑emergency pathways for authorities to obtain privately held data, potentially stalling environmental monitoring, market surveillance and research that depend on timely access. Expanded refusal grounds could give dominant data holders greater leverage, reinforcing market concentration. Stakeholders, including civil‑society groups, call for a clearer separation of governance and access functions, mandatory trust‑label registration, and explicit links to GDPR obligations. Without these safeguards, the EU risks trading legal certainty for an ill‑tested simplification that could hinder innovation and erode citizen trust.