Excerpt from Cyprus Mail Article, Published on January 18, 2026
The European Commission’s Digital Omnibus initiative is set to reshape how digital laws like the GDPR and the AI Act work together in Europe. The proposal aims to simplify the complex regulatory ecosystem without watering down key protections, although it has sparked debate around innovation and fundamental rights.
Presented on 19 November 2025 as part of the EU’s broader Digital Package, the Digital Omnibus proposes targeted amendments to core digital laws, including the EU General Data Protection Regulation (GDPR) and the AI Act. The goal is to reduce regulatory burdens that some stakeholders argue hinder competitiveness and innovation, especially compared to approaches outside the EU.
A major focus of the package is reconciling data protection with responsible artificial intelligence development. As digital technologies evolve, data has become central to AI value creation. The Digital Omnibus seeks to clarify when personal data — including sensitive categories — can be processed in AI development and operation, introducing strict safeguards to prevent misuse while enabling ethical AI practices.
Under current GDPR rules, processing special categories of data, such as biometric or health information, is generally prohibited unless specific exceptions apply. These limitations can create hurdles for AI systems that rely on large datasets. The Digital Omnibus would allow such processing when it’s necessary for AI development, subject to organisational and technical measures to protect data subjects.
This revised approach aims to support bias detection and AI testing while keeping privacy intact. For example, biometric data could be processed for identity verification only if that data remains exclusively controlled by the individual. At the same time, new provisions like proposed Article 88c would let organisations use “legitimate interest” as a lawful basis for certain AI data processing, provided privacy safeguards are met.
Critics of the Digital Omnibus warn that simplifying GDPR rules might weaken digital rights if not carefully balanced. Some civil society groups have raised concerns about potential rollbacks of protections, especially around sensitive personal data and accountability measures — although these voices argue for clearer enforcement rather than loosening standards.
To delve deeper into this topic, Visit Cyprus Mail.
