Ireland's Digital Future – How EU Omnibus Reforms Will Reshape the Competitive Landscape

The European Commission's two draft Digital Omnibus Regulations (EU Regulation 2025/0360 and 2025/0359), published on 19 November 2025, mark a fundamental shift in the EU’s approach to digital regulation. Their aim is clear: to foster competition through innovation and efficiency while simplifying compliance for businesses. For Ireland, these reforms present both significant opportunities and legislative challenges that will require careful navigation by Government.

EU Regulation 2025/0360 proposes to consolidate multiple data-related regulations into a single legislative framework, reducing the complexity which businesses currently face when managing overlapping requirements. Key amendments impact the GDPR, the ePrivacy Directive, the Data Act, and NIS2, while the Platform-to-Business Regulation will be repealed, as its objectives are now addressed by the Digital Markets Act and Digital Services Act. The overarching objective of this proposed regulation is to ensure legal certainty, mitigate compliance costs, and consolidate existing regulatory instruments into a unified and coherent legislative framework.

Among the most notable GDPR changes are streamlined rules on cookies, a more subjective approach to defining “personal data”, and additional exemptions for processing special category data, particularly for biometric verification and AI development (eg, bias detection and correction). The proposals also confirm that personal data may be processed for AI model training purposes on the basis of legitimate interests under the GDPR. Other changes include raising the threshold for reporting personal data breaches to authorities (to be limited to incidents posing “high risk”), extending the reporting window from 72 to 96 hours, and allowing controllers to refuse or charge reasonable fees for abusive data subject requests, often seen in contentious employment disputes. Additionally, the Commission proposes a single incident reporting platform for cybersecurity breaches, enabling organisations to fulfil obligations under all applicable EU legislation (eg, NIS2, GDPR, DORA) through one single-entry reporting point.

These modifications reflect the EU’s efforts to rationalise data protection requirements and reduce administrative burdens, while safeguarding fundamental privacy rights. The changes to regulatory reporting will particularly benefit multinational companies and financial services firms operating across multiple EU jurisdictions - something which will be of interest to many AmCham members.

Meanwhile, EU Regulation 2025/0359 focuses on amending the AI Act to cut compliance costs and support start-up growth, addressing concerns that regulatory complexity has hindered innovation in Ireland and across the EU. Proposed delays of up to 16 months for the application of obligations related to high-risk AI systems will provide businesses with breathing space to align with technical standards and access support tools. SMEs will also benefit from reduced penalties and simplified documentation requirements.

While the timeline for adoption of these draft Regulations remains uncertain, trilogue negotiations are expected in the coming months. This coincides with Ireland assuming the Presidency of the Council of the European Union for the eighth time on 1 July 2026, giving Ireland a pivotal role in shaping the EU’s digital future.

Matheson is at the forefront in advising clients on complex regulatory change. Our Technology and Innovation Group’s expertise in data protection, AI regulation, online safety, cybersecurity, and commercial law is helping businesses anticipate and adapt to evolving EU frameworks. As Ireland prepares to play a leading role in shaping these reforms, Matheson is already preparing organisations for the challenges and opportunities ahead, ensuring compliance, mitigating risk, and unlocking innovation in a rapidly changing digital landscape.