On 19 November 2025, the European Commission published two legislative proposals – the Digital Omnibus on AI Regulation Proposal and the broader Digital Omnibus Regulation Proposal (“Proposals”) – as part of a wider initiative to simplify and streamline the EU’s digital regulatory framework. Together, the Proposals introduce targeted but significant amendments across a broad range of instruments, including the EU AI Act (Regulation (EU) 2024/1689), the GDPR (Regulation (EU) 2016/679), the ePrivacy Directive (2002/58/EC), the NIS2 Directive ((EU) 2022/2555), and the EU Data Act (Regulation (EU) 2023/2854).

For pharmaceutical and MedTech companies, the Proposals could have wide-ranging practical implications – spanning AI conformity assessment pathways for medical devices and in vitro diagnostic devices (“IVDs”), the legal basis for health data use in AI development, trade secret protections in international data access scenarios, biometric authentication, data breach notification, and the scope of automated decision-making rules, among others.

The European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) set out their views in Joint Opinions, expressing support for certain simplification objectives while raising significant reservations on key provisions – most notably the proposed narrowing of the definition of personal data, and the risk that administrative simplification could dilute fundamental rights protections.

The Proposals are now in the hands of the EU co-legislators, and early negotiating positions are beginning to emerge. Trilogue negotiations are expected to be contentious, and many provisions may be substantially revised before adoption. For a comprehensive analysis of the proposed reforms, the views of the EDPB and EDPS, and the practical implications for pharmaceutical and MedTech companies, please refer to our detailed advisory.