top of page
Search

European Union’s Digital Omnibus Package Heats Up the Debate on Human Rights Protection

  • Human Rights Research Center
  • 3 hours ago
  • 6 min read

Author: Ana Budeanu

April 9, 2026


HRRC acknowledges the efforts of the European Union to establish a more cohesive set of digital rules across its territory, but emphasises that any policy must adhere to the principles found in the international human rights body of laws.

The Digital Omnibus Package Might Diminish EU Citizens Rights [Image source: 2b advice]
The Digital Omnibus Package Might Diminish EU Citizens Rights [Image source: 2b advice]

The European Union (EU) Digital Omnibus Package has member states and human rights organizations in the EU debating whether this set of legislative acts is a good choice for EU citizens, especially those in vulnerable groups such as people with disabilities or members of LGBTQIA+, as they seem more likely to diminish already established rules that protect privacy, prevent discrimination, and ensure accountability in digital systems.


To date, the European Commission has introduced the “Digital Package,” a comprehensive regulatory framework encompassing both the Digital Omnibus Regulation and the parallel Digital Omnibus on Artificial Intelligence Regulation.


The EU’s digital regulatory construction is currently undergoing a significant change through the Digital Omnibus Package, which has two main acts: the Digital Omnibus on AI and the Digital Omnibus Regulation. The package is intended to help the EU’s digital economy and lessen administrative pressures on businesses by creating a more cohesive set of rules for everything which takes place online, from purely business transactions to communications, aiming to resolve legal uncertainties within the complex web of the General Data Protection Regulation (GDPR), the Data Act, and the ePrivacy Directive.


The more important of the two acts is the EU Digital Omnibus on AI proposal, a legislative initiative seeking to simplify and modernize the existing regulations for data protection, artificial intelligence, and cybersecurity within broader online activities, including business, education or recruitment.

The starting point for these new sets of rules stems from the growing concern that the digital regulations across the EU’s territory have become increasingly fragmented, with multiple intersecting legislative acts resulting in complex actions for companies. The initiative seeks to simplify and modernize the digital regulations in order to make administrative regulations more direct, while maintaining a high level of protection for fundamental rights, including data protection, consumer rights, and the protections afforded to the natural person.


The Digital Omnibus on AI proposal additionally aligns with the European Commission's broader strategic agenda to foster competitiveness, innovation, and growth within the EU’s economy.


Advocacy groups say that these sets of laws seem to favour the lobby done by technology companies that could further broaden data collection methodologies and reinforce business models based on actively recording people across EU’s territory. While the main purpose of the Digital Omnibus Package is to simplify rules and to bridge and connect the legislative acts from GDPR and AI Act, in practice, it removes main principles from these laws and enables companies to control private data without being open or responsible for it.


Advocacy organizations suggest that the "simplification" process effectively serves as a deregulation initiative likely to benefit commercial interests, as companies in the technology sector could gain extensive access to private data, especially with the rise of AI usage. GDPR functions as the definitive legal main set of laws for the protection of personal data, establishing how organizations collect, process, and secure information. However, the European Commission's proposed legislative amendments include a substantive redefinition of personal data, a move that could significantly weaken established protections. There is growing concern that these changes will enable the biggest companies in technology to broaden their data collection for AI training and operation.


Furthermore, these regulatory reforms significantly diminish the capacity of individuals to exercise their right of access—a fundamental right that facilitates openness regarding the nature and processing of personal information. 


In conclusion, these developments threaten to create systemic vulnerabilities within the EU’s main data protection set of regulations, facilitating the accelerated collection and manipulation of data by both corporate and independent organizations. This change would make it increasingly difficult for data subjects to monitor, let alone contest, the exploitation of their information.


While the EU AI Act represents a landmark global initiative designed to protect individuals against the problematic impacts of artificial intelligence, its core mandate is currently threatened by the proposed Digital Omnibus on AI revisions. These amendments risk compromising and obstructing the enforcement of established rules, particularly for high-risk systems that present the most profound hazards to the health, safety, and fundamental rights of European citizens, including biometrics, AI use in law enforcement and employment management. By removing the mandate for companies to publish the risk assessments, these changes grant technology firms the power to define their systems' risk profiles, thereby fundamentally protecting them from external scrutiny and being challenged on their decision or actions.


For a normal person, it might seem that AI use is simple and lacks risks, especially when there are national laws to regulate it. But these laws can be used against various groups of people, especially vulnerable groups that find themselves at the margins of society when state rules are made. There are many examples of legal uses of AI that violate human rights as Amnesty International has documented how, in Hungary facial recognition technology targeted peaceful assemblies such as the Pride Marches in Budapest and Pecs, how AI was used to surveil the movements of refugees and migrants, and how the fraud detection algorithms integrated into the "digital welfare state" have discriminated against vulnerable groups including ethnic minorities, low-income demographics, and displaced persons across several EU member states, including Denmark, France, Sweden, and the Netherlands. Despite its gaps, existing digital rights regulations within the EU provide indispensable protections against such systemic violations as they abide human rights more than some national regulations.


The European Commission’s legislative proposals are not definitive, as there will be further negotiations with both the European Council and the European Parliament, which  are beginning to resist the most problematic provisions within the AI Omnibus.


Glossary


  • Accountability: The legal and ethical obligation of organizations (and AI systems) to take responsibility for their actions, decisions, and impacts.

  • Administrative: Relating to the management, implementation, and enforcement of laws by executive agencies (like the European Commission) rather than the courts.

  • Advocacy: The act of supporting or recommending a particular cause, policy, or group to influence public opinion or legislation.

  • Artificial Intelligence: Systems designed to operate with varying levels of autonomy that can, for explicit or implicit objectives, generate outputs such as predictions, recommendations, or decisions.

  • Biometrics: Personal data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person, which includes facial images, or iris scans that allow or confirm the unique identification of that person.

  • Consumer Rights: The body of law that protects the public from unfair trade practices, unsafe products, or deceptive digital marketing.

  • Cybersecurity: The practice of protecting systems, networks, and programs from digital attacks, damage, or unauthorized access.

  • Data Act: The EU regulation focused on who can use and access data generated in the EU across all economic sectors.

  • Deployment: The act of moving a digital system or AI model into a live, operational environment for use.

  • Deregulation: The process of removing or simplifying regulations to reduce the compliance burden on businesses. 

  • Digital Governance: The rules, practices, and processes used to manage digital technologies and data flows.

  • Digital Omnibus Package: A 2025/2026 EU initiative to simplify and harmonize various digital laws (GDPR, AI Act, Data Act) into a single rulebook.

  • Digital Systems: The hardware and software infrastructure that processes data and performs digital tasks.

  • Digital Welfare State: A system where government social services and benefits are managed and delivered primarily through digital algorithms.

  • Discrimination: Unfair or prejudicial treatment of people and groups based on characteristics such as race, gender, disability, or age.

  • Displaced Persons: People forced to leave their home or country, often due to war, persecution, or natural disaster.

  • E-Privacy Directive: The "Cookie Law" (Directive 2002/58/EC) that regulates data protection and privacy in electronic communications.

  • Enforcement: The process of ensuring compliance with laws through penalties, audits, or legal action.

  • Ethnic Minorities: Groups of people who share a common cultural or national tradition different from the majority population.

  • European Commission: The executive branch of the European Union responsible for proposing legislation and enforcing EU laws.

  • Facial Recognition: A category of biometric software that maps facial features to identify or verify an individual.

  • Fraud Detection Algorithms: Automated systems designed to identify patterns of suspicious behavior to prevent financial or identity theft..

  • Lobby: To seek to influence a politician or public official on a particular issue or piece of legislation.

  • Methodology: The specific system of methods and rules used to perform a task, such as an AI's logic or a sustainability audit.

  • Natural Person: A human being, as distinguished from a "legal person" (like a corporation or organization).

  • Provisions: Specific clauses or sections within a legal document that state particular requirements or rules.

  • Systemic Violations: Rights abuses that are built into the structure of an organization or system rather than being isolated incidents.


References


  1. https://news.fundsforngos.org/2026/04/06/eu-digital-omnibus-plans-raise-concerns-over-ai-privacy-and-human-rights/

  2. https://www.euronews.com/next/2026/04/06/500-billion-worth-european-data-economy-troubles-continue 

  3. https://www.amnesty.org/en/latest/news/2026/04/eu-simplification-laws/ 

  4. https://www.taylorwessing.com/de/insights-and-events/insights/2026/03/ai-act-and-digital-omnibus-integration-of-ai-and-health-data-2026 

  5. https://www.techpolicy.press/how-europes-digital-omnibus-could-gut-privacy-protections/ 

  6. https://knowledge.dlapiper.com/dlapiperknowledge/globalemploymentlatestdevelopments/2026/eu-council-approves-omnibus-i-directive

  7. https://www.techpolicy.press/eus-ai-act-delays-let-highrisk-systems-dodge-oversight/ 

  8. https://www.lewissilkin.com/insights/2026/04/01/the-latest-on-the-digital-omnibus-on-ai-102momk

  9. http://globalpolicywatch.com/2026/03/meps-adopt-joint-position-on-proposed-digital-omnibus-on-ai/#:~:text=6(4)%20Registration%20requirements.,under%20Article%206(3).

  10. https://www.onetrust.com/blog/how-the-eu-digital-omnibus-reshapes-ai-act-timelines-and-governance-in-2026/ 

  11. https://www.mlex.com/mlex/articles/2457582/eu-countries-give-digital-omnibus-broad-backing-but-diverge-on-ai-and-data-rules 

  12. https://www.edpb.europa.eu/news/news/2026/digital-omnibus-edpb-and-edps-support-simplification-and-competitiveness-while_en#:~:text=%E2%80%9CWe%20strongly%20urge%20the%20co,the%20concept%20of%20personal%20data.

  13. https://www.addleshawgoddard.com/en/insights/insights-briefings/2026/technology/eu-digital-omnibus-ai-update-council-parliament-agreed-positions/

  14. https://www.pymnts.com/cpi-posts/digital-omnibus-what-would-it-mean-for-competition-and-privacy-in-advertising/

  15. https://www.techpolicy.press/europe-is-looking-to-water-down-ai-protections-it-should-reinforce-them/

  16. https://the-platform-law.com/2026/03/09/digital-omnibus-what-would-it-mean-for-competition-and-privacy-in-advertising/ 

  17. https://digital-strategy.ec.europa.eu/en/library/digital-omnibus-regulation-proposal

  18. https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai#:~:text=Certain%20AI%20use%2Dcases%20utilised,to%20retroactively%20identify%20a%20shoplifter 

  19. https://www.amnesty.org/en/documents/POL30/0290/2025/en/

  20. https://www.amnesty.eu/wp-content/uploads/2025/10/Banning-the-Rainbow-%E2%80%93PecsPrideBan_briefing_26Sep2025.pdf

  21. https://www.amnesty.org/en/documents/eur27/9273/2025/en/

​Address:

2000 Duke Street, Suite 300, Alexandria, VA 22314, USA

​​Email us:

info@humanrightsresearch.org

Tax exempt 501(c)(3)

EIN: 87-1306523

© 2026 HRRC

bottom of page