EU AI Omnibus - ICC’s position 

On 19 November, the European Commission presented its proposal for a Digital Omnibus, a package intended to simplify and streamline the EU’s complex digital rulebook. The initiative is structured around two parallel components: an AI Omnibus focused on targeted adjustments to the AI Act, and a broader Digital Rulebook Omnibus, elements of the EU’s wider digital rulebook. 

Over the past few years, the European Union has developed an ambitious and far- reaching digital regulatory framework. Various instruments, including the Artificial Intelligence Act, the General Data Protection Regulation, the Digital Services Act, the Data Act, and the Data Governance Act, have reshaped the legal landscape, aiming to increase transparency and accountability while fostering trust in digital technologies. At the same time, the cumulative effect of this legislation has been a dense, and at times fragmented, compliance environment. Complexity, overlap, and growing implementation challenges are faced by businesses operating across the Single Market. Navigating overlapping compliance timelines, delegated acts, guidance, and technical standards has proven particularly demanding for companies of all sizes. 

The Digital Omnibus is presented as a response to these concerns. The goal is not to reopen political compromises, but to deliver targeted, practical corrections that make existing rules workable and predictable. From ICC’s perspective, this is both necessary and timely. 

The stakes for businesses are high. The Omnibus affects compliance costs, legal certainty, cross-border data flows, and innovation. Even technical amendments can influence operational planning, product design, investment choices, and global deployment strategies. The key question for globally operating companies is whether the proposed adjustments will genuinely reduce fragmentation and administrative burden, or whether they risk creating new forms of regulatory divergence that complicate cross-border operations. 

The problem today is no longer the absence of regulation, but rather gaps, distortions, and inconsistencies in implementation. 

One of the main concerns is the rollout of the AI Act. Many essential guidelines and harmonised standards are still pending, with some expected only shortly before obligations take effect. This leaves companies in the difficult position of preparing for compliance without the technical clarity or operational tools they need. At the same time, rapid policy reactions to the rise of large language models have introduced adjustments that risk moving the Act away from its original technology- neutral and risk-based design. Maintaining this foundational structure is critical to preserving legal certainty across sectors and along the AI value chain. 

More broadly, implementation challenges across the EU digital framework highlight the need for corrections. Under the GDPR, enforcement has become increasingly expansive and uneven, with over 40 data protection authorities interpreting obligations differently. Key concepts are sometimes applied so broadly that compliance extends beyond the regulation’s intended scope. Without clearer limits, there is a risk that almost all data is treated as sensitive by default, which undermines proportionality and complicates legitimate uses like bias detection or AI system improvement.Structural inconsistencies also complicate compliance. The split between GDPR and ePrivacy has created parallel rules for cookies and device access, while traffic data is treated differently under the ePrivacy Directive and the Data Act, particularly in IoT contexts. This again creates a fragmented approach with operational gaps, conflicting obligations, and duplicative requirements, driving legal uncertainty and higher costs, in particular for SMEs and mid-sized companies operating across borders. 

In today’s fast-evolving digital landscape, ICC sees the Digital Omnibus as a golden opportunity to bring coherence and proportionality back to European digital regulation, to make life simpler for businesses. 

When it comes to Artificial Intelligence, timing matters. High-risk AI rules should only be rolled out once harmonized standards, clear guidance, and practical compliance tools are ready. A temporary pause on some obligations would give companies legal certainty and prevent fragmented application across Member States. Realistic transition period, especially for one-stop-shop provisions, will help businesses implement new rules smoothly without unnecessary hurdles. 

ICC also calls for stronger, coordinated oversight under the AI Act. A central role for the EU AI Office, paired with simplified interfaces with national authorities, would reduce regulatory fragmentation and ensure consistent, predictable enforcement, which would benefit both businesses and consumers. 

Proportionality in GDPR enforcement is equally crucial. Clear definitions of “personal data” and a focus on intentional rather than hypothetical risks for sensitive data will reduce administrative burdens without compromising protection, making compliance more practical for companies of all sizes. 

Finally, ICC supports a unified approach to cookies and device access, aligned with the GDPR, eliminating the current patchwork with ePrivacy rules, to ensure one singular, consistent framework for handling traffic and IoT data, thereby reducing complexity and enhancing predictability for businesses operating across Europe. 

The guiding principle behind ICC’s position is clear: EU digital regulation must align with global standards and support seamless cross-border data flows. AI innovation and deployment rely on trusted international data transfers, so any adjustments under the Digital Omnibus should preserve the free flow of data, build trust, and avoid EU-specific technical divergences or localization requirements that fragment markets and drive up costs. 

ICC emphasizes that the Omnibus should focus on practical solutions to real-world implementation challenges, ensuring that existing rules are workable, coherent, and enforceable. Done right, this approach will support innovation, enhance competitiveness, and accelerate the adoption of digital technologies across Europe, while delivering tangible benefits for businesses.