On 19 November 2025, the European Commission (the Commission) presented the first official proposal for the Digital Omnibus legislative package[1], whose main objective is to modernise and clarify European digital law. The Digital Omnibus is currently in the proposal stage.
Background
In our previous article, we focused on how Digital Omnibus affects personal data protection under the GDPR[2], including the first signs of deregulation in the area of personal data protection. You can find the article here: Digital Omnibus: proposed changes to the GDPR in the EU’s digital era.
In this article, we will now focus on how the Digital Omnibus affects the regulation of the data economy under the Data Act[3] and related data regulation.
How does Digital Omnibus affect the Data Act and related regulations?
The proposed amendments to the Data Act within the Digital Omnibus package aim to simplify and clarify the legal environment, strengthen the competitiveness of European businesses, and reduce their administrative and regulatory burden. These amendments respond to practical experience with the implementation of European data legislation to date and to the need to ensure greater internal consistency and clarity.
The initiative aims to create a unified, coherent, and technology-neutral legal framework for the European data economy that better responds to the dynamic development of digital services, cloud infrastructures, and data ecosystems. In addition to removing outdated or duplicative provisions, the Digital Omnibus also includes substantive and procedural changes designed to contribute to a more efficient functioning of the data market, to strengthen legal certainty, and to ensure uniform application of the rules across Member States.
Consolidation of European data legislation
Three key pieces of legislation are to be newly integrated into the Data Act: the Data Governance Act[4] the Open Data Directive[5] , and the Free Flow of Non-Personal Data Regulation[6]. The aim of this consolidation is to create a comprehensive and coherent code that will uniformly regulate the sharing, access, and free movement of data within the European Union.
Protection of trade secrets
In this part of the proposal, the Digital Omnibus strengthens the protection of trade secrets by allowing mandatory data sharing to be refused if there is a risk of unauthorized access from third countries without an adequate level of protection or if sharing could jeopardize trade secrets. The aim is to strengthen defences against extraterritorial legal regimes and increase data security within the EU.
Narrow definition of B2G data sharing
Data sharing with public authorities is now limited to periods and situations of public emergency, or to activities related to recovery and mitigation of damage. This gives businesses greater certainty about when and to what extent they may be required to provide their data to public institutions.
Cloud services
The proposal also introduces more flexible rules for cloud service providers, including relief for tailor-made services, simplification of switching between providers (cloud switching), and mitigation of obligations for small and medium-sized enterprises and mid-cap companies.
Data intermediaries
Requirements in the area of data intermediation are being relaxed. The obligation to perform data intermediation through a separate legal entity is being abolished, and mandatory notification of the provider is becoming voluntary. The aim is to reduce the administrative burden and remove barriers to entry for smaller data service providers.
Open and protected public sector data
The Digital Omnibus introduces uniform procedures for accessing both open and protected public sector data and allows for higher fees to be set for very large companies, particularly gatekeepers, in order to ensure fair market conditions. Protected data should only be made available through secure data environments, with strict licensing conditions and significant restrictions on its further free use.
European Data Innovation Board (EDIB)
The European Data Innovation Board (EDIB) is gaining an expanded mandate under the Digital Omnibus. Under the amended Data Act, it will now serve as a central coordinating body, harmonizing interpretation and practice in Member States, issuing methodological guidelines, and promoting interoperability and the development of European data spaces. The EDIB is thus moving from their original advisory role to formally coordinating the implementation of the Data Act and overseeing the harmonization of procedures across sectors and Member States.
Free flow of non-personal data within the EU
The new Chapter VIIb of the Data Act, entitled “Free flow of non-personal data in the Union”, codifies and strengthens the prohibition of unjustified localisation of non-personal data, which was previously regulated by the now partially obsolete Regulation on the free flow of non-personal data[7]. The Digital Omnibus explicitly proposes that requirements for the localisation of non-personal data within the EU be prohibited unless they are duly justified by the protection of public security, are proportionate, or directly result from EU law. Under this regime, Member States would also have to notify the Commission of any proposal for a new or amended localisation obligation in order to avoid disrupting the single digital market.
Conclusion
The Digital Omnibus represents a comprehensive and conceptual revision of European digital legislation, which, once adopted, will fundamentally influence the shape of personal data protection and the data economy. Although so far it is only a legislative proposal, it is already clear that it brings ambitious changes aimed at greater uniformity, technical relevance, and a reduction in administrative burdens.
Although the Commission frames the proposal as a “technical” amendment to existing regulations, in practice it is an intervention that fundamentally changes the balance between supporting the data economy, protecting the rights of data subjects, and the position of data holders in the market.
For companies operating in the EU, this presents a twofold challenge. On the one hand, a reduction in the regulatory burden can be expected, in particular thanks to the de facto consolidation of digital economy regulations into the Data Act, the clarification of rules for B2G access, targeted exemptions in the area of cloud services, and the relaxation of the data intermediation regime. On the other hand, the Digital Omnibus also introduces new requirements and strategic decisions, for example in the area of trade secret protection in international data sharing, setting prices and licensing conditions for access to public data, or participation in data spaces managed through EDIB.
Given that Digital Omnibus is currently only at the legislative proposal stage and will be further discussed by the European Parliament and the Council, further amendments to its wording can be expected. If the proposal is ultimately adopted, the Digital Omnibus will enter into force on the third day after its publication in the Official Journal of the EU. However, some provisions will have deferred application, mainly due to the necessary legislative, technical, and administrative preparations.
For organizations that have already implemented the Data Act and related regulations or are still assessing their impact, it will be crucial to continuously monitor the development of the text, analyse possible scenarios, and adapt internal processes, contractual documentation, and technical solutions in a timely manner. Digital Omnibus may thus become not only an opportunity to relieve some of the compliance burden, but also an impetus to revise data strategy and the way in which companies in the EU work with data in the long term.
If you have any questions regarding changes under the Digital Omnibus, Data Act, GDPR, or other areas of EU regulation and compliance, we at PEYTON legal are at your disposal.
[1] Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2016/679, (EU) 2018/1724, (EU) 2018/1725, (EU) 2023/2854 and Directives 2002/58/EC, (EU) 2022/2555 and (EU) 2022/2557 as regards the simplification of the digital legislative framework, and repealing Regulations (EU) 2018/1807, (EU) 2019/1150, (EU) 2022/868, and Directive (EU) 2019/1024 (Digital Omnibus).
[2] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR).
[3] Regulation (EU) 2023/2854 of the European Parliament and of the Council of December 13, 2023 on harmonized rules for access to and use of data (Data Act).
[4] Regulation (EU) 2022/868 of the European Parliament and of the Council of May 30, 2022 on European data governance and amending Regulation (EU) 2018/1724.
[5] Directive (EU) 2019/1024 of the European Parliament and of the Council of June 20, 2019 on open data and the re-use of public sector information (revised).
[6] Regulation (EU) 2018/1807 of the European Parliament and of the Council of November 14, 2018, on a framework for the free flow of non-personal data in the European Union.
[7] Regulation (EU) 2018/1807 of the European Parliament and of the Council of November 14, 2018, on a framework for the free flow of non-personal data in the European Union.
Mgr. Jakub Málek, managing partner – malek@plegal.cz
JUDr. Tereza Pechová, junior lawyer – pechova@plegal.cz
Anna Němcová, legal assistant – nemcova@plegal.cz
11. 12. 2025