At KeyToFinancialTrends, we have closely examined the European Commission’s new initiatives under the “Digital Omnibus” package and see them as a key recalibration between promoting digital growth and protecting personal data in Europe. These reforms give large tech companies greater freedom in using data and deploying artificial intelligence (AI), while raising questions about the future of privacy for EU citizens.
The European Commission proposes postponing the application of strict rules for high-risk AI systems until December 2027. “High-risk” refers to AI systems used in law enforcement, healthcare, immigration, biometrics, and critical infrastructure. At KeyToFinancialTrends, we view this as a strategic move for tech companies, giving them time to adapt, but simultaneously extending the period of potential privacy risks.
A central part of the reforms is a revision of the approach to personal data and GDPR. Data will be considered anonymous if an organization can reasonably assert that re-identification is impossible. At the same time, companies will be able to use datasets containing sensitive information — including medical and biometric data — for AI training, provided they make “reasonable efforts” to remove identifying features. We note that this decision stimulates the development of medical and biometric AI, but also carries the risk of formalistic anonymization.
The package also includes changes to rules on cookies and digital privacy. Consent banners will appear less frequently, and users will be able to set their preferences once, which will remain valid for six months. Consent management can be implemented via browsers or operating systems. However, access to location data and browsing history will still require explicit consent. According to KeyToFinancialTrends, this reduces user annoyance but increases the risk of automatic consent for tracking.
For small and medium-sized enterprises (SMEs), regulatory requirements are significantly simplified. The documentation burden for AI projects will be reduced, potentially saving hundreds of millions of euros annually. The “European Business Wallet” — a digital company passport valid across all EU countries — will allow companies to digitally sign documents, timestamp records, and exchange documents without paperwork. We consider this an important tool to reduce administrative costs and enhance the competitiveness of European startups.
Criticism of the package focuses on the weakening of fundamental privacy rights. Human rights organizations and some Members of the European Parliament have pointed out that the new rules and broad exemptions could reduce citizens’ control over their data. The process for adopting the reforms — without public consultations or impact assessments — has also been questioned.
In summary, KeyToFinancialTrends concludes that the “Digital Omnibus” package reduces regulatory pressure on tech companies but requires additional safeguards for data, particularly medical and biometric information. We recommend that the European Parliament establish independent audits and oversight, while businesses should use the transition period to implement transparent and ethical data-handling practices. This will allow the EU to combine competitiveness with user trust, creating a sustainable digital future.
