Rethinking the Digital Omnibus: simplification vs. rights, coherence and methodology

This report defends a simple idea: simplification is necessary, but it is only valuable if it improves the readability of the law, reduces duplication, and strengthens legal certainty without weakening fundamental rights. Yet, in its current form, the Omnibus package risks, on the contrary, creating greater uncertainty, undermining certain safeguards, and introducing – under the guise of rationalisation – substantive changes to the existing framework.

For example, the AI Omnibus primarily responds to a timing constraint, as certain obligations under the Artificial Intelligence (AI) regulation are due to come into force in the very near term. Several adjustments are relevant, particularly when they aim to clarify responsibilities, better frame transparency requirements for AI-generated content, or more finely articulate the horizontal regime of the AI Act with certain sectoral legislation.

However, the use of deferral mechanisms, the lack of anticipation regarding implementing acts, and the temptation to prematurely relax certain obligations raise a broader question: is the European Union (EU) in the process of weakening the implementation of a framework that is nonetheless grounded in the protection of rights and trust?

The Digital Omnibus raises even deeper concerns. The proposal to modify the definition of personal data, based on a questionable reading of recent case law, would create major legal uncertainty and could reduce the practical scope of the General Data Protection Regulation (GDPR). Likewise, the proposed changes regarding cookies, the consolidation of the Data Act, and the establishment of a single entry point for reporting cyber incidents must be examined with caution. While they may improve the coherence of the system, this holds true only if they remain strictly proportionate, technically restrained, and compatible with the role of national authorities.

On the cybersecurity front, the idea of a single entry point for incident reporting could provide genuine operational added value, particularly by avoiding the multiplication of forms, deadlines, and points of contact. However, its usefulness will depend on its technical design: it must be minimalist, secure, interoperable with existing frameworks, and must not weaken the competences of national authorities. Otherwise, simplification in form risks failing to offset underlying complexity.

Moreover, the consolidation of the Data Act may constitute a real improvement in readability if it is limited to grouping and harmonising texts without altering their substantive balance. Conversely, if this consolidation becomes an opportunity to redefine the scope of the right of access to data generated by connected devices or to multiply exceptions and differentiated regimes, it could result in a more fragmented and less comprehensible legal framework for both users and businesses.

Beyond the substance, the Omnibus method itself must also be questioned. By significantly compressing the drafting, consultation, and negotiation phases, the Union risks producing a diminished democratic debate, weakened parliamentary scrutiny, and less stable law. Yet the quality of European digital law depends as much on the robustness of its procedures as on the quality of its rules. Simplification must not mean legislating faster at the expense of coherence, predictability, and the protection of rights.

In this context, the Digital Fitness Check appears to be the most promising initiative within the package, provided it is conducted in a transparent and inclusive manner and oriented toward the overall coherence of the European digital framework. Only under these conditions will the EU be able to build a body of law that is more readable, more effective, and genuinely protective for both businesses and citizens, without sacrificing essential safeguards.

To contribute to this debate, Renaissance Numérique proposes 11 recommendations aimed at reconciling simplification, legal certainty, the protection of rights, and the effectiveness of public action. The objective is not to slow down the modernization of European digital law, but to prevent poorly designed simplification from becoming a vehicle for deregulation, instability, and the erosion of fundamental safeguards.

This report is the outcome of the “Omnibus Dialogues”, a two–day event organised by Renaissance Numérique which brought together European experts to discuss the issues raised by the European Commission’s “Digital Omnibus” proposal.