{"id":19964,"date":"2026-02-09T08:00:05","date_gmt":"2026-02-09T08:00:05","guid":{"rendered":"https:\/\/letslaw.es\/reglamento-omnibus-digital\/"},"modified":"2026-02-09T12:00:28","modified_gmt":"2026-02-09T12:00:28","slug":"digital-omnibus-regulation","status":"publish","type":"post","link":"https:\/\/letslaw.es\/en\/digital-omnibus-regulation\/","title":{"rendered":"Digital Omnibus Regulation: the Commission\u2019s proposal to streamline the EU digital framework"},"content":{"rendered":"<p>In recent years, the EU digital framework has been built through a succession of regulations and directives that, in practice, sometimes overlap or duplicate one another. With the so-called \u201cDigital Omnibus Package\u201d, the European Commission is not proposing a single new overarching instrument; rather, it is seeking a \u201ctechnical tune-up\u201d: to simplify, align existing pieces and reduce compliance friction (\u201cA simpler and faster Europe\u201d). <strong>On 19 November 2025, it tabled two proposals<\/strong> (one general and one focused on AI) which have now entered the negotiation phase and may change during the legislative process.<\/p>\n<p>The Commission\u2019s official narrative is clear: \u201c(\u2026) to provide immediate relief to businesses, public administrations and citizens alike, and to boost competitiveness.\u201d<\/p>\n<h2>Which laws are included in the Omnibus Package?<\/h2>\n<p>By way of context, this package is structured around two proposals:<\/p>\n<ul>\n<li>The first is the general <strong>Digital Omnibus<\/strong> proposal, which seeks to introduce technical amendments across a broad set of digital legislation and, in addition, to repeal instruments that the Commission considers to have been superseded by more recent frameworks. Under that first proposal, key instruments would be affected, including, among others, the <strong>GDPR, the ePrivacy Directive, <a title=\"NIS2\" href=\"https:\/\/letslaw.es\/en\/directive-nis2-impact\/\">NIS2<\/a> and the Data Act<\/strong>, together with a set of adjustments also aimed at bringing greater order to the \u201cdata economy\u201d and the cybersecurity landscape.<\/li>\n<li>The second proposal is the <strong>Digital Omnibus on AI<\/strong>, which amends the <a title=\"Artificial Intelligence Act\" href=\"https:\/\/letslaw.es\/en\/ai-regulation-key-insights\/\"><strong>Artificial Intelligence Act<\/strong><\/a> (AI Act) with the aim of facilitating a \u201csmooth\u201d and proportionate implementation (e.g., by adjusting timelines and simplifying certain obligations for specific undertakings).<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>In parallel, and as part of the same simplification drive, the Commission has linked these initiatives to other levers, such as the proposal on <strong>European Business Wallets<\/strong> and a review exercise (\u201cfitness check\u201d) of the EU digital rulebook to assess its cumulative impact.<\/p>\n<p>In other words, this is not a single regulation intended to replace everything that came before, but rather a c<strong>ross-cutting intervention designed to adjust several instruments at once<\/strong>.<\/p>\n<h2>Developments affecting digital content and digital services<\/h2>\n<p>Although this Omnibus is not a \u201cconsumer law reform\u201d concerning digital content, it does have a direct impact on how apps, SaaS, eCommerce and data-driven services operate, because it addresses three areas that shape product and operations: <strong>privacy<\/strong>\/trackers, <strong>data<\/strong> (Data Act) and <strong>cybersecurity<\/strong> (incidents).<\/p>\n<h3>Privacy<\/h3>\n<p>In the area of privacy, one of the most relevant strands is the attempt to recalibrate the <strong>relationship between the GDPR and ePrivacy<\/strong>, by moving into the GDPR part of the regime applicable to tracking technologies. If this approach prevails, the most visible impact should be felt in how preferences and consent are managed: less repetition and greater standardisation, with more reliance on browser-level signals or settings.<\/p>\n<p>In any event, given that this is a proposal, caution is warranted: the real scope will depend on the final text and on how exceptions, evidentiary requirements and control mechanisms are defined.<\/p>\n<h3>Data<\/h3>\n<p>As regards data, the proposal seeks to reduce fragmentation by <strong>consolidating rules around the Data Act<\/strong>. The Digital Omnibus envisages integrating into the Data Act and repealing instruments such as the Regulation on the free flow of non-personal data (2018\/1807), the Data Governance Act (2022\/868) and the Open Data Directive (2019\/1024), moving towards a single framework for the re-use of public-sector data and certain protected categories.<\/p>\n<p>It also refers to improvements in \u201cswitching\u201d (provider switching\/portability in data processing services such as cloud) and to relief measures for SMEs and \u201csmall mid-caps\u201d with respect to certain requirements. In day-to-day terms, this translates into reviewing cloud contracts, portability clauses and exit policies.<\/p>\n<h3>Cybersecurity<\/h3>\n<p>In cybersecurity and incident management, the proposal introduces two measures with significant operational impact. The first is the \u201c<strong>single entry point<\/strong>\u201d: a single mechanism for channelling notifications where multiple obligations converge (GDPR, NIS2, DORA or others).<\/p>\n<p>The second is a <strong>timing adjustment<\/strong>: it proposes extending the GDPR deadline for notifying personal data breaches from 72 to 96 hours. For security and legal teams, this requires revisiting internal procedures (who decides, what is reported, to whom, and under what thresholds), but it may reduce duplication if the \u201csingle point\u201d is implemented effectively.<\/p>\n<h3>Artificial intelligence<\/h3>\n<p>Finally, in AI (under the \u201cAI Omnibus\u201d proposal), the initiative is twofold: on the one hand, adjustments to the timetable and \u201ctriggers\u201d for the applicability\/enforceability of obligations relating to high-risk systems; on the other, simplifications and refinements such as the promotion of sandboxes, the extension of certain facilitations to \u201cmid-caps\u201d, and specific rules on the processing of special categories of data where necessary to detect or correct bias, subject to safeguards.<\/p>\n<h2>Right to information in marketplaces and third-party platforms<\/h2>\n<p>From a marketplace perspective, the \u201cangle\u201d of this Omnibus is not so much the consumer\u2019s right to information (which sits in other layers, such as the DSA, consumer law or advertising rules), but rather transparency and the framework applicable to intermediation where a platform connects third parties (sellers, suppliers, partners) with users.<\/p>\n<p>It is useful to distinguish between two planes: <strong>information and transparency vis-\u00e0-vis consumers<\/strong> (governed mainly by consumer law and, in the digital environment, also by the DSA) and <strong>transparency vis-\u00e0-vis professional users operating within the platform<\/strong> (sellers, partners, suppliers). The Omnibus primarily affects this second plane.<\/p>\n<p>The most relevant element here is the proposal to <strong>repeal the P2B Regulation<\/strong> (transparency for business users of online intermediation services), on the basis that part of its function has been absorbed by more recent platform-related frameworks.<\/p>\n<p>What does this mean for a \u201creal\u201d marketplace? It means the debate is no longer whether there are information obligations, but rather where they sit and how compliance is evidenced. Even if P2B were to disappear in its current form, the regulatory trajectory continues to push platforms to explain their rules more clearly: conditions for access and continued use, contractual changes, material decision-making criteria (for example, ranking\/positioning), and complaint and dispute-management mechanisms.<\/p>\n<p>The practical advice is conservative: review third-party T&amp;Cs and the internal documentation describing \u201chow the platform decides\u201d (to defend decisions and respond to complaints), while avoiding the design of compliance as a single-instrument checklist, because the perimeter may shift during the legislative process.<\/p>\n<div class=\"cyp_post_formulario\"><h2>Contact Us<\/h2>\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f3074-o1\" lang=\"es-ES\" dir=\"ltr\" data-wpcf7-id=\"3074\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/en\/wp-json\/wp\/v2\/posts\/19964#wpcf7-f3074-o1\" method=\"post\" class=\"wpcf7-form init wpcf7-acceptance-as-validation\" aria-label=\"Formulario de contacto\" novalidate=\"novalidate\" data-status=\"init\">\n<fieldset class=\"hidden-fields-container\"><input type=\"hidden\" name=\"_wpcf7\" value=\"3074\" \/><input type=\"hidden\" name=\"_wpcf7_version\" value=\"6.1.5\" \/><input type=\"hidden\" name=\"_wpcf7_locale\" value=\"es_ES\" \/><input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f3074-o1\" \/><input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/><input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/><input type=\"hidden\" name=\"_wpcf7_recaptcha_response\" value=\"\" \/>\n<\/fieldset>\n<div class=\"campo_nombre\" style=\"width:100%\"> <span class=\"wpcf7-form-control-wrap\" data-name=\"your-name\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required datos-contacto2\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Name\" value=\"\" type=\"text\" name=\"your-name\" \/><\/span><\/div>\n<div class=\"campo_telefono\" style=\"width:100%\"> <span class=\"wpcf7-form-control-wrap\" data-name=\"your-phone\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-tel wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-tel datos-contacto2\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Phone\" value=\"\" type=\"tel\" name=\"your-phone\" \/><\/span><\/div>\n<div class=\"campo_email\" style=\"width:100%\"> <span class=\"wpcf7-form-control-wrap\" data-name=\"your-email\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email datos-contacto2\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Email\" value=\"\" type=\"email\" name=\"your-email\" \/><\/span><\/div>\n<div class=\"campo_asunto\" style=\"width:100%\"> <span class=\"wpcf7-form-control-wrap\" data-name=\"your-asunto\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required datos-contacto2\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Subject\" value=\"\" type=\"text\" name=\"your-asunto\" \/><\/span><\/div>\n<div class=\"campo_mensaje\" style=\"width:100%\"> <span class=\"wpcf7-form-control-wrap\" data-name=\"your-mensaje\"><textarea cols=\"40\" rows=\"10\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea wpcf7-validates-as-required datos-contacto2\" aria-required=\"true\" aria-invalid=\"false\" placeholder=\"Message\" name=\"your-mensaje\"><\/textarea><\/span><\/div>\n<input class=\"wpcf7-form-control wpcf7-hidden\" value=\"\" type=\"hidden\" name=\"cyp_form_url\" \/>\n<input class=\"wpcf7-form-control wpcf7-hidden\" value=\"cyp_zonaweb\" type=\"hidden\" name=\"zonaweb\" \/>\n<span class=\"wpcf7-form-control-wrap recaptcha\" data-name=\"recaptcha\"><span data-sitekey=\"6LfbCuUpAAAAAGu5f0__hms_y9Kscc_NCNdDGnEJ\" class=\"wpcf7-form-control wpcf7-recaptcha g-recaptcha\"><\/span>\r\n<noscript>\r\n\t<div class=\"grecaptcha-noscript\">\r\n\t\t<iframe loading=\"lazy\" src=\"https:\/\/www.google.com\/recaptcha\/api\/fallback?k=6LfbCuUpAAAAAGu5f0__hms_y9Kscc_NCNdDGnEJ\" frameborder=\"0\" scrolling=\"no\" width=\"310\" height=\"430\">\r\n\t\t<\/iframe>\r\n\t\t<textarea name=\"g-recaptcha-response\" rows=\"3\" cols=\"40\" placeholder=\"Aqu\u00ed la respuesta de reCAPTCHA\">\r\n\t\t<\/textarea>\r\n\t<\/div>\r\n<\/noscript>\r\n<\/span>\n<div style=\"width:100%\">\n<p class=\"form-input-check\" style=\"color:#444444 !important;padding:0px !important;margin:0px !important;font-size:12px !important;margin-bottom:15px !important\">\nBy clicking on \"Send\" you accept our <a href=\"https:\/\/letslaw.es\/en\/privacy-policy\/\" target=\"_blank\">Privacy Policy<\/a> - <a href=\"javascript:\/\/\" class=\"cyp_legal_popup_ingles\">+ Info<\/a>\n<\/p>\n<p class=\"form-input-check\" style=\"color:#444444 !important;padding:0px !important;margin:0px !important;font-size:12px !important\">\n<span class=\"wpcf7-form-control-wrap\" data-name=\"checkbox-173\"><span class=\"wpcf7-form-control wpcf7-checkbox wpcf7-exclusive-checkbox\"><span class=\"wpcf7-list-item first last\"><label><input type=\"checkbox\" name=\"checkbox-173\" value=\"\" \/><span class=\"wpcf7-list-item-label\"><\/span><\/label><\/span><\/span><\/span> I agree to receive outlined commercial communications from LETSLAW, S.L. in accordance with the provisions of our <a href=\"https:\/\/letslaw.es\/en\/privacy-policy\/\" target=\"_blank\">Privacy Policy<\/a> - <a href=\"javascript:\/\/\" class=\"cyp_legal_popup\">+ Info<\/a>\n<\/p>\n<\/div>\n<div class=\"vc_col-sm-12 botton-datos-contacto\"><input class=\"wpcf7-form-control wpcf7-submit has-spinner\" type=\"submit\" value=\"Send\" \/><\/div><input type='hidden' class='wpcf7-pum' value='{\"closepopup\":false,\"closedelay\":0,\"openpopup\":false,\"openpopup_id\":0}' \/><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<\/form>\n<\/div>\n<div>","protected":false},"excerpt":{"rendered":"<p>Digital Omnibus Regulation: we tell you which laws are included in the Omnibus Package and the changes that are being considered.<\/p>\n","protected":false},"author":2,"featured_media":19966,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[258],"tags":[],"class_list":["post-19964","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-digital-law"],"_links":{"self":[{"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/posts\/19964","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/comments?post=19964"}],"version-history":[{"count":4,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/posts\/19964\/revisions"}],"predecessor-version":[{"id":19970,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/posts\/19964\/revisions\/19970"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/media\/19966"}],"wp:attachment":[{"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/media?parent=19964"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/categories?post=19964"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/letslaw.es\/en\/wp-json\/wp\/v2\/tags?post=19964"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}