The 2025 European Commission EU digital omnibus package: The Data Act

The Digital Omnibus Regulation Proposal introduces targeted amendments to Regulation (EU) 2023/2854 of 13 December 2023 on harmonised rules on fair access to and use of data (the “Data Act”). While the Proposal does not appear to reopen the Data Act’s core “connected product / related service” access architecture, it uses the Data Act as the main “home” for consolidating parts of the EU data acquis by reallocating (among other matters) specific “public sector information / re-use” and “data-sharing framework” provisions currently located in other instruments. The Proposal introduces structural amendments intended to consolidate, repeal, or reallocate provisions previously contained in other instruments, in order to address duplication and inconsistencies in legal obligations and enforcement arrangements. This consolidation is reflected expressly in the Digital Omnibus Proposal’s repeal list, which includes Regulation (EU) 2022/868 (Data Governance Act), Directive (EU) 2019/1024 (Open Data Directive), and Regulation (EU) 2018/1807 (Free Flow of Non-Personal Data Regulation), with operative provisions transferred to the Data Act via new Data Act Chapters VIIa, VIIb and VIIc, associated new Articles (including a set of new “32x” provisions), and Annex material.

Proposals most likely to be adopted and rationale

This Section addresses, in turn: (1) the repeal and reallocation of overlapping data access and use provisions into the Data Act; and (2) technical amendments intended to ensure internal coherence of the Data Act following those reallocations.

1. Repeal and reallocation of overlapping data access and use provisions

The Digital Omnibus Regulation Proposal introduces amendments to the Data Act which provide for the repeal of selected standalone provisions contained in other instruments within the EU data acquis, with their operative rules reallocated into the Data Act framework.

In particular, the Proposal amends the Data Act to incorporate provisions governing access to, and use of, data that were previously regulated through separate legislative instruments, while expressly repealing those standalone regimes through corresponding provisions in the Digital Omnibus Regulation. 

The Proposal provides for the repeal and consolidation of provisions currently contained in the Data Governance Act, the Open Data Directive, and the Free Flow of Non-Personal Data Regulation, with their operative rules redistributed within the Data Act framework, namely Regulation (EU) 2022/868 (the Data Governance Act), Directive (EU) 2019/1024 (the Open Data Directive), and Regulation (EU) 2018/1807 (the Free Flow of Non-Personal Data Regulation). In practice, these amendments are implemented by inserting new (and amended) provisions into the Data Act (which will also lead to re-numbering of the Data Act provisions), including: (i) a new Chapter VIIa integrating the Data Governance Act regimes on data intermediation services and data altruism; (ii) a new Chapter VIIc merging the “re-use of certain protected data / documents held by public sector bodies (and certain public undertakings)” regimes previously addressed in Chapter II of the Data Governance Act and the Open Data Directive; and (iii) a new Chapter VIIb inserting into the Data Act the EU-wide prohibition on data localisation requirements for non-personal data that currently sits in the Free Flow of Non-Personal Data Regulation.

The amendments do not alter the scope of the Data Act as set out in Articles 1 and 2, nor do they amend the categories of data holders, data users, or beneficiaries defined in Articles 3 to 7. However, they do expand the Data Act’s internal content by absorbing (and re-expressing) obligations that were previously located in those repealed instruments, so the point is best understood as: no change to the core access model, but the Data Act becomes the consolidated “single instrument” for these additional data governance and re-use regimes.

This element of the Proposal is likely to be adopted because it:

• preserves the substantive rights and obligations already laid down in Regulation (EU) 2023/2854. Where rules are moved from the repealed instruments, the stated objective is generally to preserve their practical effect, by translating them into Data Act drafting rather than re-designing them;
• addresses duplication arising from parallel data access regimes applying to the same datasets and actors; and
• is implemented through express repeal and reallocation provisions, thereby avoiding legal uncertainty as to the continuing application of the affected instruments.

By contrast, any repeal without clear transfer provisions is more likely to attract scrutiny on continuity and enforcement grounds.

2. Technical amendments ensuring internal coherence of the Data Act

The Proposal further introduces technical amendments to the Data Act intended to ensure internal coherence following the repeal and reallocation of external provisions.

These amendments include:

• adjustments to cross-references within the Data Act to reflect the removal of repealed instruments;
• clarification of definitions and scope provisions where concepts previously defined in external instruments are now governed exclusively by the Data Act; and
• alignment of enforcement and remedial provisions in Chapter VIII of the Data Act with the reallocated obligations. This includes aligning competent authority arrangements and procedures so that enforcement of the transferred provisions follows the Data Act’s enforcement mechanics rather than the repealed instrument’s legacy model.
• a targeted change on smart contracts: the Proposal removes the existing “essential requirements” compliance obligation for providers of smart contracts and instead links compliance to harmonised standards (via Commission standard-setting powers).

These measures are likely to be adopted because they are strictly consequential in nature and are necessary to ensure that the Data Act operates as a self-contained and internally consistent legal instrument following the structural changes introduced by the Omnibus Proposal.

Proposals more likely to be challenged, or rejected and rationale

This Section addresses, in turn: (i) scope and boundary issues arising from the reallocation of provisions into the Data Act; (ii) legal certainty and transitional issues created by the repeal of standalone instruments; and (iii) enforcement and competence questions arising from the consolidation of obligations within the Data Act. Separately, the Omnibus Proposal also lists Regulation (EU) 2019/1150 for repeal. To the extent any elements of that regime are not clearly re-homed into another instrument, similar continuity and legal-certainty issues may be raised in negotiations.

1. Scope and boundary issues arising from reallocation into the Data Act

The Proposal’s reallocation of provisions from other instruments within the EU data acquis into the Data Act raises questions as to the precise scope of application of the Data Act following consolidation.

In particular, concerns are likely to arise as to:

• whether the reallocated provisions apply to the same categories of data, data holders, and users as under the repealed instruments; and
• how overlaps with adjacent regimes, including the GDPR and sector-specific legislation, are to be resolved where the Data Act now functions as the sole source of the relevant obligation. In particular, the re-homed provisions will continue to operate “without prejudice” to applicable data protection and confidentiality rules where personal data or protected information is in scope, and the negotiations may seek to make that boundary explicit in recitals and/or operative text to reduce classification disputes.

This aspect of the Proposal is more likely to be challenged because there is a risk that insufficiently precise drafting alters the practical reach of existing obligations through consolidation alone. Member States and the European Parliament may therefore seek amendments clarifying that the reallocation does not expand or contract the substantive scope of the obligations concerned. This is especially likely for the new Chapter VIIc regime (public-sector re-use), where differences in definitions and scope between the Data Governance Act and the Open Data Directive may create edge-case disputes unless the carry-over intent is made explicit.

2. Legal certainty and transitional issues following repeal of standalone instruments

The Proposal expressly repeals selected standalone instruments within the EU data acquis and redistributes their operative provisions within the Data Act. While this approach provides formal legal clarity, it also gives rise to transitional issues.

In particular, the Proposal does not fully specify:

• how ongoing compliance activities initiated under the repealed instruments are to be treated following their repeal;
• whether implementing measures, guidance, or delegated acts adopted under the repealed instruments continue to apply, and if so on what legal basis; and
• how enforcement actions commenced prior to repeal are to be handled once the operative provisions are relocated into the Data Act. 

These issues are likely to prompt demands for clearer transitional provisions or savings clauses to ensure continuity and legal certainty during the shift to a consolidated Data Act framework.

3. Enforcement and competence issues arising from consolidation

The consolidation of obligations within the Data Act raises questions regarding enforcement competence and procedural alignment, particularly where the repealed instruments previously relied on different enforcement models or competent authorities.

Although the Proposal does not amend the enforcement framework set out in Chapter VIII of the Data Act, Member States may question:

• whether existing national enforcement structures are equipped to absorb the additional obligations now concentrated within the Data Act;
• how coordination is to be ensured where enforcement responsibilities were previously shared across different authorities; and
• whether additional national implementing measures are required to reflect the consolidated regime. This is particularly likely where the transferred provisions were historically administered by public-sector or information-governance bodies rather than the authority designated for Data Act supervision.

Given the sensitivity of enforcement allocation in EU legislation, this element of the Proposal is more likely to be narrowed or clarified through additional drafting to confirm that consolidation does not, of itself, alter enforcement competence or procedural safeguards. This point is likely to be most contested for the new Chapter VIIc (public-sector re-use) regime, because it may require coordination between existing “open data / public-sector information” authorities and the Data Act competent authority model.