Position Paper on the Digital Omnibus

Key recommendations

1. Deliver clear, consistent and predictable rules across the data acquis. The Omnibus should remove fragmentation by ensuring uniform definitions, roles and supervisory practices under the Data Act, so businesses can rely on one coherent framework across the Single Market.
2. Modernise cookie and tracking rules through a risk‑based, practical model (Art.88a & 88b GDPR). Europe needs rules that address consent fatigue, support innovation while upholding consumer rights. This requires:

• Introducing a truly risk‑based approach to cookies and tracking, allowing low-risk and essential processing to take place without unnecessary consent requirements, and recognising the role of privacy-enhancing technologies (PETs);
• Avoiding mandatory browser‑level automated and machine-readable consent indications, which risk creating new gatekeepers, and
• Rejecting rigid rules such as the six‑month ban on renewed consent, and instead promoting flexible and proportionate approaches to reducing consent fatigue

3. Deliver meaningful GDPR simplification and reduce compliance burdens, particularly for SMEs.

The Omnibus should ensure effective and risk-based simplification. This includes clarifying that information is not personal data where an individual cannot reasonably be identified, as providing clear guidance on anonymisation and the proportionate treatment of low-risk data.

4. An effective EU level Single-Entry Point (SEP) for cybersecurity incident reporting. The SEP must become a true “report once” system, with harmonised thresholds and templates, to provide full interoperability with national regulatory authorities, and clear allocation of responsibilities so businesses can operate with certainty and comply efficiently across GDPR, NIS2, DORA, CRA and CER.
   
   

 Retail and wholesale are essential enablers of Europe’s digital transformation, generating around 10% of EU GDP and accounting for one in three European companies, the vast majority of which are SMEs. As the main interface with consumers and a major deployer of digital tools across supply chains and operations, the sector plays a decisive role in ensuring that EU digital legislation delivers practical impact on the ground. A predictable and coherent regulatory environment is therefore critical to enable investments and maintain EU’s global competitiveness in an increasingly digital and competitive market.

The Digital Omnibus offers an opportunity to simplify, streamline and future‑proof the EU’s digital rulebook so that businesses, particularly SMEs, can focus on innovation, security and competitiveness rather than navigating duplicative or inconsistent requirements.

Please read the full text of the position paper below.