On 19 November 2025, the European Commission published its proposed Digital Omnibus Package, a reform aimed at overhauling significant parts of the European Union’s digital regulatory framework.
The package is presented as a simplification of the rules on data, cybersecurity and AI and aims to help businesses innovate, scale and save on administrative costs associated with compliance with European Union digital and AI laws. See our quick overview of the proposed changes across the entire package here.
Within the proposals, the European Commission aims to introduce sweeping and significant changes to the Artificial Intelligence Act (AI Act) and General Data Protection Regulation (GDPR), including:
- AI Act: Revised compliance timelines for high-risk AI, extended support to small-mid caps, changes to AI literacy and bias detection obligations, expanded sandboxing and real-world testing, and centralised oversight of certain AI systems; and
- GDPR: Clarified definition of personal data, express provisions on AI-related processing and scientific research processing, exemptions for data subject rights requests, streamlined transparency rules, updated breach notification thresholds, revised DPIA requirements, and integrated cookie rules.
To help organisations navigate these potential changes, the overview tables below highlight the key proposed amendments to each piece of legislation and the predicted practical implications (based on the current texts) for your organisation, if these changes are implemented.
Download the summaries below.
EU Digital Omnibus Proposal – Key AI Proposals
EU Digital Omnibus – Key GDPR Proposals
Want to Learn More?
If your organisation is navigating this complex digital landscape or preparing for upcoming AI, data, or cybersecurity obligations, contact Leo Moore, Barry Scannell, Rachel Hayes or your usual William Fry contact to start a conversation about how to turn Europe’s digital and AI regulatory regime into a strategic opportunity.
Contributed by Kevin White, Caroline Keaveny, Daniel Gannon
