Digital "Omnibus": European Parliament brakes Commission plans for data and AI
The EU Commission's plans aim to combine various data laws and AI regulations. This is meeting with resistance in Parliament.
European Parliament building in Brussels
(Image: PP Photos/Shutterstock.com)
The EU Commission on Monday lobbied in the EU Parliament for its legislative proposals on digitalization and AI regulation – with moderate success. Almost all parliamentary groups criticized the proposals presented in December 2025 and warned against diluting hard-won protection standards in favor of "Big Tech" companies.
Simplified rules, open data market
With a digital omnibus law, the Commission wants to simplify the rules in the digital sector and bring four different sets of norms under one roof: The Regulation on the free flow of non-personal data, the Open Data Directive, the Data Governance Act, and the Data Act. Reporting obligations for data loss, which are scattered across various digital laws, are also to be consolidated, so that companies will have a central point of contact for them.
This is a real improvement for companies, emphasized Renate Nikolay, Deputy Director-General of the DG Connect of the EU Commission. The simplification of European norms and increased competitiveness for European companies are the central goals of the package.
Wishlist of lobbyists processed?
In the Parliament's Committee on Civil Liberties, Justice and Home Affairs, however, there was talk of a "deregulation initiative" by the Commission. Simplified regulation and increased competitiveness sound good, says Irish rapporteur on the AI Act, Michael McNamara (Renew), and calls it astonishing when the Commission's drafts "reproduce proposals from the major Big Tech companies article by article."
MEPs from the Pirate/Green and Social Democrat groups warned, in this first discussion of the package, primarily against a redefinition of personal data. For example, pseudonymized data can be passed on to third parties in the future if it can no longer be re-identified by them. The Commission itself intends to determine in implementing decisions what type of pseudonymization is "secure."
Birgit Sippel (S&D) criticized the possibility for AI companies to classify themselves as "High Risk" or not. Her party colleague and Vice-Chair of the Committee on Civil Liberties, Justice and Home Affairs, Marina Kaljurand, questioned the planned privilege for AI companies that allows them to use sensitive data: "Is the processing of personal data in AI models automatically safer than processing by other applications?"
Videos by heise
Shaken and stirred, but not simpler?
Axel Voss (EVP) acknowledged that the Commission wants to merge the GDPR and the AI Act. Whether the remixing would succeed in terms of legal certainty and clarity is still unclear with the draft presented. Voss urged not to be rushed due to the ongoing implementation of the AI Act. The committee meeting was the first on the package, but, as Kaljurand emphasized, not the last.
(ds)
