Italian Parliament’s Observations on the EU Digital Omnibus Package

On 24 February 2026, the 14th commission of the Italian Chamber of Deputies (Camera dei Deputati) approved a document concerning the Omnibus Package (and the proposal for the establishment of European Business Wallets). The document’s primary purpose is to confirm that the Italian Parliament fulfilled its role under the subsidiarity control mechanism, and that no issues were identified on that matter. However, it also includes observations regarding the content of the proposed regulations.

It is important to note that these observations are based on the two original texts of the European Commission’s proposals of the so-called Digital Omnibus (Digital Omnibus on data and Digital Omnibus on AI). This is important to keep in mind, as the legislative process has since advanced: both the European Parliament and the Council of the EU have adopted their official positions, introducing amendments to the original text, and are now prepared to begin institutional negotiations (you can follow the evolution of the Omnibus Package legislative process here).  

1. Opening remarks

First, the Italian MPs affirm in their document that they support the objectives set by the European Commission in the Omnibus Package, particularly those aimed at simplifying rules related to AI and data. However, they emphasize that this simplification process should prioritize reducing the competitive disadvantage faced by the European Union in comparison to its main international competitors, such as the United States and China. 

Having said that, the Italian MPs endorsed certain aspects of the regulatory proposals while criticizing others. In particular, the document welcomes the single-entry-point mechanism, a provision in the Omnibus Package designed to streamline cybersecurity reporting. This mechanism allows companies to fulfill multiple mandatory reporting obligations under various EU laws through a unified process.  

Secondly, it is also praised the proposal to centralize, under the AI Office, the monitoring and supervision of certain AI systems. While the Italian MPs praised this centralization, they stressed that it is beneficial only if Member States retain a significant role in the governance of the AI Regulation and that the approach must remain consistent with the principle of sincere cooperation and the multilevel structure of European digital governance.  

However, beyond methodological observations regarding how the European Commission justified the need for intervention, and how the impact assessments were conducted, the Italian MPs also examine the substance of the proposals.  

2. Observations about the Omnibus on data (Digital Omnibus) 

 Regarding the Digital Omnibus, the document by the Italian parliament focuses particularly on the proposed amendments to the GDPR, contained by Article 3 of the proposal. It highlights that some of these changes risk introducing ambiguities and interpretative challenges for the regulation.  

They first analyze the proposed change to Article 4 of the GDPR, which would revise the definition of personal data by introducing a more subjective interpretation. Specifically, the amendment states that:  “information relating to a natural person is not necessarily personal data for every other person or entity, merely because another entity can identify that natural person […]”.  This amendment has become a focal point in the debate surrounding the Digital Omnibus, with multiple stakeholders, including the EDPB and EDPS, in their joint opinion of February 2026, raising concerns about its potential implications. The Italian MPs also raised concerns, warning that the proposed change could introduce ambiguities and legal uncertainty.

With respect to the proposed amendments to Article 9 of the GDPR, which prohibit the processing of special categories of personal data, besides some exceptions, the Omnibus proposal seeks to add a new exception, allowing the processing of such data in the context of developing and operating AI systems, subject to certain conditions. Additionally, tough, it introduces a provision stating that if removing these data in the context of AI development or operation requires disproportionate effort, the data controller, rather than deleting the data, may instead protect it “without undue delay from being used to produce outputs, from being disclosed, or otherwise made available to third parties”. While the Italian MPs acknowledge that this approach may be driven by operational practicality, they express concern that it could create ambiguity in its application. To mitigate this risk, they recommend establishing clear and objective criteria for defining what constitutes “disproportionate effort.” This, they affirm, would prevent inconsistent interpretations and ensure uniform implementation of the legislation. 

The Italian Parliament’s document also criticizes the newly proposed Article 41a¹, which the Digital Omnibus seeks to add to the GDPR. This provision would grant the European Commission the power to adopt implementing acts specifying the means and criteria for determining whether pseudonymized data should be considered personal data. In this regard, the Italian MPs explicitly reference the concerns raised by the EDPB and EDPS in their joint opinion of 11 February 2026, where the two bodies highlighted potential issues with the provision and recommended its removal from the proposal.  

The Italian MPs also express reservations about other articles proposed for addition to the GDPR by the Digital Omnibus, specifically Articles 88a, 88b, and 88c²:  

• Article 88a would regulate the storage of personal data on a natural person’s terminal equipment, permitting it only with the individual’s consent. However, it also introduces exceptions under which such storage would be allowed without consent. The criticism from the members of the Camera dei Deputati is that these exceptions are overly broad and vague.  The same article states that the natural person should be able to refuse to deny their consent with a single click. However, the Italian Parliament’s document raises doubts about the technical feasibility of implementing such a requirement.  

• Article 88b also raises concerns about technical feasibility. The proposed provision requires controllers to ensure that their online interfaces enable data subjects to grant consent, decline consent requests, and exercise the right to object through automated and machine-readable means. The Italian MPs, question the feasibility of this requirement, arguing that it may not be technically achievable in all digital environments. 

• Article 88c states that, under given conditions, legitimate interest can be a legal basis for the development and operation of an AI system. However, it also permits national laws to explicitly require consent instead. The Italian MPs express skepticism about this provision, warning that it could lead to discrepancies among Member States. They fear this may result in divergent applications, legal uncertainty, and incomplete harmonization across the EU.  Moreover, the Italian MPs emphasize that when assessing the suitability of legitimate interest as a lawful basis for processing, data controllers must explicitly consider the broader social interest as well.  

3. Observations about the Digital Omnibus on AI  

Regarding the Digital Omnibus on AI, the Italian MPs recommend that, during the interinstitutional negotiations, the EU institutions consider extending the six-month transition period provided for in Article 1(30) of the proposal. This extension would apply to the requirements for detecting and labelling synthetic content under Article 50(2) of the AI Regulation, specifically for providers of AI systems placed on the market before 2 August 2026. Originally, the European Commission’s proposal set the 2nd of February 2027 as the compliance deadline for Article 50(2) of the AI Act. However, the European Parliament, in its official position adopted in plenary on 26 March 2026, has already proposed advancing this deadline to 2 November 2026. The final outcome of the interinstitutional negotiations on this deadline remains uncertain, but the European Parliament appears to be aligning with the Italian Parliament’s preferences on this matter.  

The Italian MPs also proposed amending Article 1(31) of the AI proposal to enhance legal certainty regarding the obligations related to high-risk AI systems. Their suggestion involves establishing a uniform fixed date and limiting the European Commission’s discretion in determining the availability of support measures for compliance with these standards. Notably, both the European Parliament and the Council of the EU, in their respective positions ahead of the interinstitutional negotiations, have addressed this point. It is expected to be a key topic during the upcoming negotiations. 

These are the key observations made by the 14th Committee of the Italian Camera dei Deputati on the Omnibus Package. At MediaLaws, we are closely monitoring developments related to the Digital Omnibus package. We have established a dedicated Law Tracker for this purpose, which we update regularly. To consult it, please visit this  link.  

Footnotes: