de l'IA / Digital omnibus on IA / EDPB / EDS / Evaluation de l'IA / IA

EU’s Digital Omnibus on AI: EDPB-EDPS Insights

Posted by

EDPB-EDPS JOINT OPINION 1/2026

 Proposal for a Regulation as regards the simplification of the implementation of harmonized rules on artificial intelligence (Digital Omnibus on AI)

Eléonore Scaramozzino, Avocate Constellation Avocats

On 19 November 2025, the European Commission issued a Proposal for a Regulation of the European Parliament and of the Council amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI) (hereafter, ‘the Proposal’). On 25 November 2025, the Commission formally consulted the European Data Protection Board and the European Data (EDPB) and the Protection Supervisor (EDPS)  in accordance with Article 42(2) of Regulation (EU) 2018/1725. The EDPB and the EDPS adopted a joint opinion on 20 January 2026.

In this opinion, the EDPB and the EDPS:

  • support the Proposal’s general objective to address certain implementation challenges of Regulation (EU) 2024/1689 (the ‘AI Act’), with a view to the effective application of the relevant rules ;
  • support in principle the proposed extension of the legal basis allowing the exceptional processing of special categories of personal data for purposes of bias detection and correction. At the same time, to avoid potential abuse, the cases where providers and deployers would be able to rely on this legal ground in the context of non-high risk AI systems and models should be clearly circumscribed and limited to cases where the risk of adverse effects caused by such bias is sufficiently serious;
  • recommend maintaining the standard of strict necessity currently applying for the processing of special categories of personal data for bias detection and correction in relation to high-risk AI systems ( article 10 (5), Article 10(2) (f)  and (g) AI Act);
  • support the general aim of the Proposal to ease administrative burdens for operators ;
  • recommend maintaining the obligation for providers to register AI systems in the EU database for high-risk systems also in the cases where the provider has concluded the system is – despite being referred to in Annex III (Article 6(3)) AI Act – not high risk.
  • support the creation of EU-level AI regulatory sandboxes to promote innovation and help small and medium-sized enterprises (‘SMEs’) across the EEA (new article 57 (3a) AIA);
  • suggest improvements to ensure better legal certainty:
  • competent Data Protection Authorities (DPAs) should be involved in the operation and supervision of the corresponding data processing carried out in these sandboxes, in line with Regulation (EU) 2016/679 (‘the GDPR’);
    •  the competence of DPAs in these sandboxes and its interplay with the GDPR cooperation mechanism should be clarified;
    • the EDPB should have
      • (1) an advisory role to ensure consistency on data protection aspects, specifically in cases where several DPAs would be concerned by the EU-level AI sandbox, and
      • (2) the status of observer at the European Artificial Intelligence Board.
  • welcome the introduction of the requirement for active cooperation between the AI Office and authorities involved in the application of AI Act for the supervision of AI systems based on a general-purpose AI model, where the provider of the model is also the provider of the system (particularly where there are risks to the fundamental rights to privacy and data protection).
  • recommend to clearly delimitate the types of general-purpose AI models that would trigger the exclusive competence of the AI Office, to ensure effective supervision of such AI systems.
  • support the goal of streamlining cooperation between fundamental rights authorities or bodies (‘FRABs’) and market surveillance authorities (‘MSAs’) The central point of contact to increase efficiency is welcomed ;
  • BUT recommend:
    • clarifying the role of the MSAs as administrative points of contact for the execution and transmission of requests to providers and deployers; 
    • ensuring that the proposed change does not affect the independence and powers of DPAs; 
    • adding details to the Proposal, such as requiring MSAs to provide the information requested by FRABs without undue delay
    • further clarifying the new obligation for cooperation and mutual assistance between MSAs and FRABs, particularly for cross-border cases.
  • consider that AI systems providers and deployers should not be released from their obligation to ensure that their staff have a sufficient level of AI literacy, as it helps raising ethical and social awareness on AI benefits and risks :
    • If this new obligation to foster AI literacy is maintained, it should apply in addition to the current obligation applying to AI systems providers and deployers, instead of replacing it.
  • express concerns on proposed postponement of the application of a number of core provisionsof AI Act (According to the Proposal, the cut-off date would be changed from 2 August 2026 to 2 December 2027 for high-risk AI systems in Annex III, and 2 August 2028 as regards high-risk AI systems in Annex I.) in particular about the potential impact on the protection of fundamental rights in the fast-evolving AI landscape :
    • invite the co-legislators to consider whether it would be appropriate and feasible to maintain the current timeline for certain obligations, e.g. on transparency ;
    • if the proposed delay is adopted, call for concerted actions in order to minimize the delay to the extent possible.
DIGITAL OMNIBUS PACKAGE opinion EDPBTélécharger

Laisser un commentaire