On the 20th of January 2026, the EDPB and EDPS opened the new year by placing the Digital Omnibus on AI, which was presented by the European Commission on the 19th of December 2025. The EU Commission’s proposal seeks to amend Regulation 1689/2024 (the “AI Act” or “AIA”) through targeted simplification measures to ease implementation burdens, particularly for SMEs and small mid‑caps (SMCs), without altering the Act’s overall architecture.
As emphasised in both the Commissioner’s public announcement and the official document, the proposal aims to resolve early operational challenges by streamlining compliance pathways. Yet simplification, while welcome, cannot come at the expense of individuals’ rights and freedoms, especially when it concerns the processing of personal data. It is precisely on this balance, simplification without deregulation, that the EDPB and EDPS focused their Joint Opinion.
Their analysis highlights several areas where the proposed amendments intersect with core data‑protection guarantees and therefore require careful analysis:
- Processing of sensitive data for bias detection (new Art. 4a): the supervisory authorities stress the need for strict safeguards when allowing the use of special‑category data, even for legitimate bias‑mitigation purposes.
- Registration and documentation (Art. 6(3)): any reduction of administrative burdens must preserve the traceability and accountability mechanisms that underpin the AIA’s risk‑based approach.
- EU‑level regulatory sandboxes (Art. 57(3a)): while cross‑border sandboxes can foster innovation, they must operate within a clear governance framework ensuring consistent data‑protection standards across Member States.
- Supervision and reinforcement by the AI Office (art. 75): the Opinion calls for reinforced guarantees of independence, transparency, and coordination between the AI Office and data‑protection authorities.
- Powers of authorities/bodies protecting fundamental rights and cooperation with MSA (art. 77): effective enforcement requires structured, timely, and reciprocal cooperation between fundamental‑rights bodies and market‑surveillance authorities.
- AI literacy (Art. 4): the authorities welcome the emphasis on literacy but underline that awareness‑raising must not dilute the responsibilities of providers and deployers.
- Implementation timeline of high-risk rules: any acceleration or simplification of deadlines must remain compatible with the technical and organisational measures necessary to ensure safe deployment.
Taken together, these points reflect a consistent message: regulatory simplification is possible, but only if it preserves the substantive guarantees at the heart of EU fundamental‑rights protection. The Joint Opinion, therefore, positions itself not against the Digital Omnibus but as a safeguard ensuring that the pursuit of efficiency does not erode the normative commitments embedded in the AI Act.
To read the full document, click on the link
