In November 2025, the European Commission proposed a sweeping regulatory overhaul dubbed the Digital Omnibus — a package designed to simplify several existing digital regulations across the bloc. Among its most controversial measures: delaying enforcement of stricter provisions of the EU AI Act until late 2027, relaxing rules on cookie consent prompts, and allowing companies to train AI using personal data under a broader “legitimate interest” legal basis rather than obtaining explicit consent. 

Supporters argue the changes are overdue — existing compliance burdens have slowed innovation, especially for startups and SMEs. By streamlining bureaucracy and granting more flexibility, Europe hopes to regain its edge in digital competitiveness. However, privacy advocates and civil-rights groups warn that the reforms represent a substantial rollback of citizens’ data protections. Critics describe the package as a “biggest attack on European digital rights in years,” arguing that it undermines core protections established under prior frameworks. 

The Digital Omnibus debate reveals a tension at the heart of digital policy: balancing regulatory safeguards for privacy and fairness with the desire to foster innovation and economic growth. As the world watches how the Omnibus evolves and is implemented, the outcome may influence how other regions — from North America to Asia — shape their own AI and data-governance frameworks.