Subscribe
The European Commission’s presentation of the Digital Omnibus marks the beginning of a structural review of the entire regulatory framework governing the Union’s digital space. The proponents intend for the new legislative package to serve as a unified framework for rules currently distributed across multiple regulations and directives, with the stated goal of reducing redundancies, conflicts of competence, and overlapping applications. This approach is accompanied by a streamlining project that addresses both key aspects of privacy regulation: the General Data Protection Regulation, and the complex system of rules on artificial intelligence introduced with the AI Act.
THE POSTPONEMENT OF AI REGULATIONS AND THE TENSION BETWEEN PROTECTION AND INDUSTRIAL INTERESTS
One of the most controversial elements of the Digital Omnibus concerns the postponement of the full application of the rules governing high-risk artificial intelligence systems. The AI Act, approved just over a year ago, had stipulated that these provisions would become binding in August 2026. The Commission has now proposed postponing this deadline to December 2027, a delay of over a year that affects crucial areas such as automated candidate selection, learning assessment, and credit granting. According to Brussels, this delay reflects the impossibility of ensuring consistent implementation in a context in which many Member States have not yet established the authorities necessary to enforce the regulation. The failure to designate competent bodies by the deadline, originally set for 2025, also inevitably hinders the establishment of conformity assessment structures, a crucial technical issue for the implementation of the AI Act.
THE ROLE OF THE DIGITAL OMNIBUS IN THE REORGANIZATION OF THE EUROPEAN REGULATORY SYSTEM
The Digital Omnibus does not constitute a set of new rules but represents an attempt to integrate and reorganize existing regulations. One of the most innovative aspects concerns the management of the interference between the GDPR and the AI Act. Currently, the two regulatory instruments interact in a way that is not always linear, particularly regarding the processing of personal data through automated systems. The Digital Omnibus will not introduce new obligations, but aims to clarify the distinction between the two legal regimes, especially regarding the role of companies’ legitimate interests in the processing of data used by artificial intelligence models. This approach, however, faces concerns from a segment of the European Parliament, particularly the center-left and left-wing groups, who criticize the omnibus process for the lack of public consultations and impact assessments traditionally required for structural changes to the regulation. This perspective raises questions about the protection of sensitive data, as a more limited definition would risk exposing certain information to fewer safeguards.
ITALY’S POSITION IN THE NEW EUROPEAN SCENARIO
Italy finds itself in a unique position in the context of the Digital Omnibus, both due to its institutional system and the impact the regulatory overhaul will have on supervisory authorities. The package envisages a review of the national governance model, with particular attention to the role of bodies such as the Communications Regulatory Authority and the Italian Data Protection Authority. The goal is to avoid duplication and conflicts between bodies with adjacent responsibilities, a problem that has often been highlighted by industry players in Italy. The adoption of the Digital Omnibus, expected no earlier than 2027, will require national legislative action to adapt the Personal Data Protection Code and other sector-specific regulations. The government is expected to issue at least two legislative decrees by the same date, in coordination with the Italian Data Protection Authority and after a thorough assessment of the regulatory impact. This process represents an opportunity to redefine the supervisory structure in Italy, but it also carries the risk of a complex transition period in which European and national regulations could temporarily overlap. The reorganization will have a significant impact on the Italian economic system. Companies will be required to update policies, contracts, and data management systems, with particular attention to sectors that employ AI systems. However, the decision to reduce burdens on small and medium-sized enterprises could encourage greater diffusion of advanced technological solutions, contributing to the modernization of the productive fabric.
A DELICATE TRANSITION BETWEEN RIGHTS, INNOVATION, AND INSTITUTIONS
The Digital Omnibus represents a turning point for European digital regulation. On the one hand, the need for simplification is evident and shared by most stakeholders; on the other, operational choices pose risks to the protection of citizens’ rights and the overall coherence of the regulatory architecture. The shift in AI regulations highlights profound tensions between the desire to protect individuals and the pressures of a rapidly evolving industrial sector. The future of privacy and artificial intelligence in Europe will largely depend on how this transformation is managed. The Digital Omnibus, more than a simple technical reform, is the test of the Union’s desire to build a digital model that remains faithful to its founding values while being open to the needs of an ever-evolving global economy.