The European Union is preparing to roll back portions of its landmark digital regulations as part of a broader effort to simplify compliance for businesses and boost competitiveness against U.S. and Chinese tech rivals. On November 19, 2025, the European Commission unveiled the “Digital Omnibus”, a comprehensive package of reforms targeting the AI Act, General Data Protection Regulation (GDPR), and ePrivacy rules.
Key Changes to AI Regulation
The proposed amendments introduce several significant modifications to how AI systems are regulated across the EU. Most notably, companies deploying high-risk AI systems will receive a one-year grace period before fines and compliance obligations take effect, providing existing AI developers time to adjust their operations. The EU also plans to expand companies’ access to regulatory sandboxes, virtual testing environments where firms can experiment with new AI systems before public release.
Additionally, companies will be exempt from registering AI systems in an EU database for high-risk applications if used only for narrow or procedural tasks. Civil society groups have raised concerns that the removal of registration requirements could allow providers to unilaterally reclassify high-risk systems as lower-risk without public notification.
Privacy Law Updates
Changes to data privacy protections include streamlining cookie consent mechanisms. Under the revised GDPR, consumers would gain the ability to accept cookies with one click, and preferences could be centrally saved in a browser or operating system, reducing repetitive configuration across websites.
More controversially, the EU proposes narrowing the definition of personal data and allowing companies to process such data to train AI models “for purposes of a legitimate interest,” without explicit consent. This change would enable AI developers to process sensitive categories of data, including political views, religion, and health information.
Business Impact and Cost Savings
The European Commission estimates that these legislative updates could save up to €5 billion in administrative costs for businesses by 2029. The package also includes proposals for modifications to the Data Act and the creation of a European Business Wallet to further ease cross-border business operations.
Strong Criticism from Privacy Advocates
The proposals have drawn fierce backlash from digital rights organizations. An open letter from 127 civil organizations called the amendments “the biggest rollback of digital fundamental rights in EU history,” and online privacy activist Max Schrems warned the proposals “would be a massive downgrading of Europeans’ privacy”.
Critics argue that the changes favor Big Tech and the Trump administration, though supporters suggest they seek to create “simpler, more predictable rules that reduce friction for innovators while keeping core EU safeguards intact.”
Next Steps
The proposals must still be approved by EU member states and the European Parliament before implementation. Lawmaker Brando Benifei, who led negotiations on AI rules, stated that the European Parliament must continue defending European citizens’ digital rights, signaling potential legislative challenges ahead.
Photo by TheDigitalArtist on Pixabay