Digital Omnibus – proposals from the perspective of the Data Act

An omnibus law typically refers to a legislative proposal containing amendments to several different pieces of legislation at once. Although there is no universally accepted definition, omnibus packages generally include topics that are both related and broad in scope. 

The newly published Digital Omnibus package includes proposed amendments to several different digital‑related regulations. The package is divided into two parts: The first part focuses on various data‑related and personal‑data‑related regulations. The second focuses exclusively on the AI Act. The purpose of the split may be to ensure that the more urgent amendments — those concerning the AI Act — can be handled as quickly as possible. 

Merging data‑related regulations  

The Data Governance Act (EU) 2022/868, regulation (EU) 2018/1807 on a framework for the free flow of non-personal data, and the Open Data Directive (EU) 2019/1024 would be merged into the Data Act. This would repeal the old instruments and incorporate the remaining relevant provisions into a single, significantly expanded Data Act. The outcome would be a single regulatory framework for Europe’s data economy. 

A unified framework for the re‑use of public‑sector data would be created, combining rules for open and protected data, such as trade secrets, statistical confidentiality, copyright, and personal data, in a new chapter of the Data Act. 

Although the substantive rules for data re‑use would remain largely unchanged, the proposal introduces the possibility of imposing stricter conditions and higher licensing fees on very large operators, particularly gatekeeper companies designated under the Digital Markets Act. 

In practice, the existing regulations have had modest impact on European businesses: their scope has been narrow and they are not widely known. The proposal does simplify the regulatory environment by consolidating related rules into one place. 

The Data Governance Act introduced two concepts that have so far seen limited practical uptake: data intermediation services, and data altruism. The mandatory notification requirement for data intermediation services would be replaced with voluntary registration in an EU‑wide registry. Data‑altruism requirements would be eased, reducing reporting and transparency obligations and removing the planned “rulebook.” 

To date, these new concepts have scarcely appeared in day‑to‑day business: only about thirty data intermediation services have been registered across Europe, and data altruism has remained mostly an ideological curiosity.  

Protection of trade secrets  

The proposed amendments to the Data Act reflect stakeholders’ concerns about the disclosure of trade secrets. New grounds would be added to allow refusing to share data in cases where sharing would unlawfully disclose a trade secret to a third party located in a non‑EU country offering weaker protection. This would require written justification and notification to authorities. 

A full analysis of a third country’s trade‑secret protection would not be required; various factors could be considered, including insufficient legal guarantees, weak enforcement, or previous breaches. The refusal must still be based on a case‑by‑case assessment, mirroring procedures already found in the current Data Act.  

The amendment is a step in the right direction. That said, the “trade‑secret handbrake” built into the Data Act remains relatively weak. In practice, the only reliable way to protect trade secrets related to devices or services is simply not to collect data that could reveal them. 

Amendments concerning data processing services  

The proposal introduces reliefs for data processing service providers, especially SMEs and “small mid‑cap” companies. Contracts for data processing services concluded before 12 September 2025 would not need to be amended to comply with the Data Act. Providers of customized PaaS and SaaS services would also receive relief for contracts concluded before that date. 

For fixed‑term cloud service contracts, rules on early‑termination fees would be clarified as long as such fees do not hinder switching providers. While this principle already existed, it appeared only in the recitals of the original Data Act. 

Other amendments  

Public‑sector access to private‑sector data would be restricted. The existing ground of “exceptional need” would be removed, leaving only “public emergencies” and related mitigation and restoration activities as valid reasons to require data disclosure. SMEs could also request compensation for the costs of such disclosure. 

All smart‑contract regulation would be removed to support innovation and avoid imposing overly strict requirements. In practice, smart contracts have gained little traction so far. 

The proposal establishes rules for the European Data Innovation Board (EDIB), which will help member states ensure consistent interpretation of the Data Act. 

The amendments are intended to be handled through an accelerated legislative process and will now proceed to negotiations and approval by the European Parliament and the Council. If the process runs smoothly, the changes could apply as early as early 2027. Spring 2026 will show how the proposals are received and what kind of debate – or disputes – will follow.  

The primary goal of the Digital Omnibus is to reduce the compliance‑related administrative burden and implementation costs, particularly for SMEs. The proposed changes are likely to be welcomed, although opinions may differ on whether they go far enough. The package does not propose major overhauls; companies still face substantial work to comply with regulatory requirements. 

Our data‑economy expert team is ready to support you with all matters related to the Data Act and other digital regulation. 

This article is part of a series focusing on the Data Act, examining individual topics from a practical angle. Previous articles in the series include: