The Digital Omnibus is a key step towards simplifying the European digital regulatory framework and making it more coherent, but to be truly effective it will have to ensure greater legal certainty and rules proportionate to the needs of businesses. This is the central message of the position paper with which Confindustria intervenes on the package presented by the Commission 19 November 2025, indicating a series of targeted corrective measures to strengthen competitiveness and support innovation in the industrial system.

The general approach is, in general, positive: the goal of harmonising often fragmented regulations and reducing red tape is considered essential, especially at a time of strong global competition. However, without timely interventions, the risk is that regulatory complexity will continue to be an obstacle for businesses, particularly in the adoption of advanced technologies.

Artificial intelligence, more clarity on rules and timing to foster adoption

On the AI front, the initiative to simplify the application of the’AI Act is positive, but requires more commitment to clear rules and realistic timeframes for compliance. More clarity is needed in the interpretation of the principles and a stronger commitment of the European Commission in defining operational guidelines. Despite Parliament's proposals on the’Annex I are positive, there are still some critical issues, especially in the wording of the Machinery Regulation article, which risk generating overlaps and application uncertainties. The aim is to build a stable and predictable framework that can help achieve the intentions of the regulation without slowing down the adoption of AI in companies.

Cybersecurity, real European harmonisation on obligations and reporting needed

When it comes to cyber security, the priority is true harmonisation at European level. The proposal for a single incident reporting platform is a proposal that deserves attention, but it is not enough without uniform rules on thresholds, timing and reporting. Common criteria for identifying significant incidents and aligning reporting timeframes must be introduced, as well as ensuring greater consistency between different regulations, including the Cyber Resilience Act. Also central is the mutual recognition of certifications between national authorities, which is essential to reduce costs and operational complexity.

Personal data protection, useful simplifications but knots remain over consent and enforcement

The changes to the GDPR are positive because they intervene on aspects that have generated interpretative uncertainties over the years. Among the most relevant points are the clarification of the notion of personal data and the recognition of legitimate interest as a legal basis for some applications related to artificial intelligence. The simplifications on data breach notification obligations, impact assessment and disclosure are also relevant. A number of critical issues remain open, including the need to review consent mechanisms based on automated signals, especially in the context of online tracking, and to better clarify some operational relationships between actors involved in data processing.

Data Act, data sharing to be calibrated to protect industry and innovation

On Data Act there is a need for a more calibrated approach to data sharing. The goal of promoting the data economy is shared, but a legal distinction needs to be made between B2C and B2B contexts, where data are often an integral part of production processes. We need graduated and risk-based access models, tools to ensure traceability of data use and specific measures to protect trade secrets. It is also necessary to avoid retroactive effects on contractual obligations and to define interoperability standards through shared processes with industry.

Overall, the challenge is not only to simplify regulations, but to make them truly applicable and consistent with production needs. This is a crucial step to support the technological development of companies and strengthen the competitiveness of Italian industry in the international context.