The European Commission’s expectation is to reduce unnecessary administrative costs – that is, that companies, “from factories to startups”, spend “less time on administrative work and checking compliance with the rules”, thus freeing up “more time for innovation”. Measures that, according to European estimates, should save at least 5 billion euros in administrative costs by 2029.
To be implemented, the proposals will require approval from the 27 EU countries and the European Parliament, and must now be sent to the Internal Market and Consumer Protection (IMCO), Industry, Research and Energy (ITRE) and Civil Liberties, Justice and Home Affairs (LIBE) committees.
Among other measures, the Commission proposes to give companies more time to implement the new rules on “high-risk” AI systems (for use in sensitive areas such as biometric identification, provision of public services, health, solvency and law enforcement), allowing them to adapt to the new rules by the end of 2027 – instead of August 2026, as was initially foreseen in the AI legislation that the European Union (EU) adopted last year and which is being implemented gradually.
Technological companies can have easier access to personal data
The changes may broaden the definition of non-personal data. The Commission’s objective is to clarify when data is no longer considered “personal” under the General Data Protection Regulation (GDPR), which facilitates the use of anonymous information from European citizens by technology for AI training, according to Reuters. Changes that would allow companies like Google, Meta or OpenAI to use personal data from Europeans to train AI models.
Brussels proposes changes to the AI law to “extend certain simplifications granted to small and medium-sized enterprises (SMEs) and small and mid-cap companies, including “simplified technical documentation requirements”, which will “save at least €225 million per year”. It is also planned to increase compliance measures “so that more innovators can use flexible regulatory environments, including an EU-wide sandbox from 2028 and more testing in and strengthening the powers of the AI Office, as well as centralizing oversight of AI systems built on general-purpose models.”
The relaxation of rules relating to cookiesa wider use of data and the European Business Portfolio strategy – which gives access to a “single digital identity to simplify bureaucracy and make work easier in all EU Member States”, which “should unlock 150 billion euros in savings each year” – are also planned.
“We have all the ingredients in the EU to be successful. We have talent, infrastructure, a large internal single market. But our companies, especially startups and small businesses, are often harmed by a series of rigid rules”says Henna Virkkunen, European commissioner responsible for technology and digital sovereignty. “By reducing bureaucracy, simplifying EU laws, opening up access to data and introducing a common European Business Card, we are giving space for innovation to happen and be commercialized in Europe. This is being done the European way: ensuring that users’ fundamental rights remain fully protected.”
Privacy concerned?
This is not, however, the view of organizations focused on defending privacy. “Now all your data will be inserted into Meta, Google or Amazon algorithms”, declares, quoted by Reuters, Max Schrems, from noyb, the Irish Council for Civil Liberties. “This makes it easier for AI systems to know even the most intimate details and, consequently, manipulate people.”
Also Mario Mariniello, specialist in digital and competition policy in think thank Economic Bruegel, writes in an article on the organization’s official website that Digital Omnibus “could expand companies’ access to data, a vital issue for the development of AI, while providers of potentially high-risk AI applications may no longer be required to register their systems in a public EU database if they self-assess them as not being high-risk, making it more difficult to validate their assessments”.
Pointing out that the reform could “broaden the definition of ‘non-personal’ data, placing them outside the scope of personal data protection”, among other aspects, Mariniello declares that “the main beneficiaries of Omnibus, however, could be the large US technology companies, which already exercise a strong dominance over European users”. And he concludes: “Even if the absolute performance of European companies improves, the gap with the US in terms of AI could increase.”
The technology lobby group CCIA Europe, which includes Alphabet, Meta and Apple among its members, stated that the European Commission’s proposal is welcome, but added that “bolder action is still needed”. Statements similar to those made by the Association for Financial Markets in Europe.