The Commission’s proposals may present far-reaching implications for companies operating in the EU’s digital landscape.
By Sophie Goossens, Jean-Luc Juhan, Susan Kempe-Müller, Alfonso Lamadrid, Myria Saarinen, Tim Wybitul, Gail E. Crawford, James Lloyd, Fiona M. Maclean, and Michael H. Rubin
Key Points:
- Seeking a more practical and flexible EU digital regulation landscape: The European Commission seeks to consolidate overlapping aspects of the GDPR, the EU AI Act, and other EU digital acts.
- Streamlined data and AI requirements: Proposed changes would potentially narrow GDPR scope, facilitate use of personal data for AI training, simplify data breach and cyber incident reporting, and extend compliance deadlines for high-risk AI systems.
- Early signal of direction of travel: Though the proposals are at an early stage, companies may begin to review, monitor, and strategically prepare for future regulatory changes.
The EU intends to simplify and streamline its complex landscape of digital law with the aim of reducing bureaucracy and boosting competitiveness for businesses operating in the EU. On this basis, the European Commission published a proposed legislative pact (the Draft) on 19 November 2025 to amend aspects of the GDPR, the EU AI Act, and other EU digital acts as part of its Digital Omnibus reform. The Draft must now be agreed with the European Parliament and the Council of the EU before being finalised, and is expected to receive intense scrutiny.
For more details, see our Client Alert.