Over the last decade, the EU has launched an unprecedented constellation of laws: GDPR, the AI Act, the Data Act, NIS2, the Cyber Resilience Act, DORA, DSA, DMA, eIDAS 2.0 and more. Together – under the ‘Digital Decade’ banner – they aim to form a powerful framework to protect fundamental rights, promote trustworthy technology and level the playing field. But in practice, businesses and even international governments are often looking at Europe through blurred regulatory optics: overlapping scopes, inconsistent definitions, parallel reporting channels, fragmented enforcement and difficult interfaces between regimes.
Unveiled on 19 November 2025, following a call for evidence in September, the Commission’s proposed Digital Omnibus aims to “simplify, clarify and improve” the existing acquis rather than add a new layer. It focuses on data, privacy and AI (in one track) and targeted amendments to the AI Act (in another), with parallel workstreams on cybersecurity simplification. It aims to introduce some harmonisation across the regulatory landscape, including proposals such as introducing a single reporting point for all incidents, following the “report once, share many” principle.
Please see our Article on the proposals, which walks through the key regimes in play –AI Act and AI rules; Data Act and data-sharing; GDPR and privacy; NIS2/CRA and cyber – setting out what the law currently does and what the Digital Omnibus proposals change.