Book now!
  • Insights

Digital Omnibus and the Proposed Amendments to the Data Act

I. Data Act

The Data Act strengthens user rights in relation to IoT and smart devices by enabling access to data generated through their use. Under Articles 4 and 5, users may request both raw and pre-processed data and may also request the direct transfer of such data to third parties, including independent repair or service providers. This framework is designed to promote interoperability, stimulate competition in aftermarket services, and ensure that users can benefit from alternative repair and maintenance options. Processed data—resulting from deeper analytics or interpretation—is generally excluded from mandatory sharing obligations, while raw and pre-processed data remain fully within the scope of the Regulation.

II. Consolidation and Simplification of the Legal Framework

One of the central objectives of the Digital Omnibus is to consolidate legislative acts into a single coherent framework, with the Data Act becoming the unified legal instrument governing all necessary aspects. Thus, the provisions of the Regulation on the Free Flow of Non-personal Data (Regulation (EU) 2018/1807), the Data Governance Act (Regulation (EU) 2022/868), and the Open Data Directive (Directive (EU) 2019/1024) are integrated into the Data Act, while the aforementioned regulation and directive will be repealed. This consolidation aims to create a single set of rules for the re-use of data held by public authorities, eliminating overlaps and occasional contradictions that have generated confusion in both the private sector and public sector.

This means the Data Act will centralise and regulate the legal regimes concerning:

  • the prohibition of data localisation requirements for non-personal data within the EU;
  • data intermediation services and data altruism organisations;
  • the re-use of public sector data and documents (including both open data and certain protected categories of data).

Another objective pursued by the Digital Omnibus is reducing complexity for data intermediaries. To stimulate the emerging market for data intermediation services, the mandatory notification regime has been transformed into a voluntary one. The key obligation to keep data intermediation services “legally separate” from other services is replaced by a lighter obligation of “functional separation,” accompanied by a set of conditions. The general list of obligations for such intermediaries has also been significantly simplified.

III. Key Amendments

The Omnibus introduces practical adjustments to several of the Data Act’s key provisions.

  • Stronger protection of trade secrets: The Data Act has been amended to allow data holders to refuse the disclosure of trade secrets to a user or third party when there is a high risk of unlawful acquisition, use, or disclosure to third countries or entities under their control, where legal protections are weaker than those within the European Union. This amendment is welcomed, and any refusal must be based on a case-by-case assessment.
  • Reshaping business-to-government (B2G) data sharing: The scope of data sharing from companies to the public sector has been significantly reduced. Where it originally covered “exceptional need,” it is now limited exclusively to public emergencies. Provisions enabling authorities to request data to prevent or mitigate threats to public security or health have been removed; such requests may now only be made when necessary to respond to a public emergency or to mitigate or support recovery from it. Furthermore, micro-enterprises and small businesses will be able to seek compensation for the costs generated by the obligation to provide data during public emergencies – acknowledging that these costs can be substantial for smaller actors. Large data holders will continue to provide such data without being able to request payment.
  • Exemptions for certain cloud services: A specific and lighter regime has been introduced for data processing services that are customised (non-standard services) and would not function without prior adaptation to the user’s needs, where such services are provided under contracts concluded before 12 September 2025. A similarly lighter regime applies to data processing services provided by SMEs and SMCs under contracts concluded before the same date. These providers are also permitted to include early-termination penalty clauses in fixed-term contracts.
  • Removal of obligations for smart contracts: The obligation for smart contract providers to comply with the essential requirements set out in Article 36 of the Act has been removed. This amendment is intended to foster innovation and lower existing barriers in this field, providing significantly more flexibility for businesses in this sector.

IV. What Do These Amendments Mean for Your Business?

The changes to the Data Act mark an initial shift towards greater pragmatism and proportionality. Integrating three distinct legal instruments into a single framework will eliminate much of the confusion and overlap that previously made the EU data rules difficult to navigate.

For EU businesses operating on global markets, strengthened trade secret protection is a welcome safeguard. If you are concerned about the risk of disclosing sensitive information to users in jurisdictions with weak protections, you will now have a clear legal basis to refuse access – provided that the associated risk can be convincingly demonstrated.

Nevertheless, many of the challenges posed by the broader European digital framework remain unresolved. Each business should evaluate whether the proposed amendments affect its current operations and closely monitor future developments.

The legislative proposals under the Digital Omnibus package will now proceed to the European Parliament and the Council for adoption. The Commission has also launched the second phase of its simplification agenda through a broad consultation on the “Digital Fitness Check,” open until 11 March 2026. This assessment will test the extent to which the regulatory framework meets its competitiveness objectives and will analyse the coherence and cumulative impact of EU digital rules.

The Digital Omnibus represents a significant step forward in EU digital policy, marking a transition from a complex legal environment toward one focused on simplification and consolidation. The amendments to the Data Act aim to create a more predictable and easier-to-navigate regulatory environment, particularly for SMEs and start-ups. The emphasis now lies on reducing administrative burdens, providing greater flexibility in emerging markets (such as data intermediation), and better protecting the EU’s strategic interests, including trade secrets and data security.

Our firm remains at your disposal for any legal assistance you may require.

Authors:
Ioana Chiper Zah
Tatiana Țapu

Share the Post:

Related Insights

Schedule your Corporate Legal Consultation

Hategan Attorneys offers comprehensive legal solutions tailored to your business needs, with specialized focus on technology-driven industries and emerging sectors. Our multidisciplinary approach combines technical excellence with deep understanding of the Romanian and regional business environment.

Contact us to schedule a consultation with our team.