Privacy & Information Security Law Blog

On January 21, 2026, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a Joint Opinion in response to the European Commission’s Proposal for the ‘Digital Omnibus on AI’ (the “Joint Opinion”). The proposal put forward within the Digital Omnibus aims to facilitate the effective application of harmonized rules under the EU AI Act (the “AI Act”) by streamlining administrative processes for organizations deploying artificial intelligence (“AI”) systems across the EU (the “Proposal”).

The Joint Opinion reflects broad support for the European Commission’s efforts to address practical challenges facing organizations under the AI Act. While the EDPB and EDPS recognize the need for administrative simplification, they emphasize that any such efforts must not come at the expense of fundamental rights protections.

In the Joint Opinion, the EDPB and EDPS highlighted various specific concerns regarding the Proposal, making a number of recommendations, including:

• Processing Special Categories of Data: The proposed extension allowing providers and deployers of AI systems to process sensitive personal data (such as ethnicity or health information) for bias detection and correction should be limited to situations where the risk of harm from bias is serious, and only if appropriate safeguards are in place.
• Registration of High-Risk AI Systems: The proposed removal of the obligation to register AI systems, even if providers claim they are ‘non-high risk,’ is discouraged. The EDPB and EDPS warn that this could reduce accountability and incentivize organizations to avoid public scrutiny by classifying systems as lower risk.
• Supervision of Regulatory Sandboxes: While regulatory sandboxes to promote innovation are welcomed, the EDPB and EDPS recommend that competent Data Protection Authorities should be directly involved in the supervision and enforcement of the data processing within these sandboxes. The Joint Opinion also recommends that the AI Act be amended to grant the EDPB an advisory role and the status of observer at the European Artificial Intelligence Board to ensure consistency in relation to EU-level sandboxes.
• Role of the AI Office: The role of the AI Office in supervising AI systems, especially those based on general-purpose models, must be clearly defined and should not overlap with the independent oversight of AI systems used by EU institutions, which is the responsibility of the EDPS.
• Market Surveillance Authorities’ Role: The function of Market Surveillance Authorities should be clarified as administrative points of contact, ensuring their new roles do not impact the independence or powers of Data Protection Authorities.
• AI Literacy Responsibilities: Providers and deployers of AI must continue to ensure their staff possess adequate AI literacy. Any new obligations placed on the European Commission or Member States to foster AI literacy should support, not replace, these responsibilities.
• Postponement of High-Risk AI Provisions: The Joint Opinion expresses concern about proposed delays to implementing essential requirements for high-risk AI systems. The EDPB and EDPS urge lawmakers to minimize these delays, especially for key obligations like transparency requirements, given the fast pace of AI development.

Read the press release here. Read the Joint Opinion here.