EU
European Union | Regulatory Framework Status: adopted
Effective: N/A
moderate

EDPB–EDPS Joint Opinion 1/2026 on “Digital Omnibus on AI” (AI Act simplification)

EDPB-EDPS Joint Opinion 1/2026 on the Proposal for a Regulation as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI)

I. Regulatory Summary

Signals likely supervisory priorities and red lines for any AI Act “simplification” measures: accountability (registration), constrained use of sensitive data for bias mitigation, DPA involvement in sandboxes, clear supervisory competencies, and continuing AI literacy duties. Legal and advisory practices supporting AI deployments should reflect these positions in compliance roadmaps, governance documentation, and risk assessments ahead of the AI Act high-risk application timeline.

II. Full Description

Adopted 20 January 2026 and published 21 January 2026, the EDPB–EDPS Joint Opinion 1/2026 responds to the European Commission’s “Digital Omnibus on AI” proposal (issued 19 November 2025) that would amend aspects of AI Act implementation. The opinion supports administrative simplification in principle but cautions against any dilution of fundamental-rights protections, particularly where AI governance intersects with data protection. Key themes include: (i) limiting and safeguarding special-category data use for bias detection/correction; (ii) maintaining registration/accountability mechanisms for high-risk AI systems; (iii) embedding DPA involvement in EU-level AI regulatory sandboxes where personal data are processed; (iv) clarifying the AI Office’s supervisory scope and avoiding overlap with EDPS supervision of EU institutions’ AI systems; (v) preserving provider/deployer AI literacy duties; and (vi) minimizing delays to high-risk AI obligations to maintain legal certainty.

III. Scope & Application

Formal joint opinion on the European Commission’s “Digital Omnibus on AI” proposal to amend the EU AI Act implementation approach. While not legally binding, it is an authoritative supervisory-position statement shaping compliance expectations where AI Act changes intersect with GDPR/EUDPR (e.g., sensitive-data processing for bias detection, registration/accountability, supervision, sandboxes, and AI literacy). Relevant to law firms and professional advisors as AI deployers, and to clients that are AI providers/deployers seeking compliance advice.

IV. Policy Impact Assessment

Signals likely supervisory priorities and red lines for any AI Act “simplification” measures: accountability (registration), constrained use of sensitive data for bias mitigation, DPA involvement in sandboxes, clear supervisory competencies, and continuing AI literacy duties. Legal and advisory practices supporting AI deployments should reflect these positions in compliance roadmaps, governance documentation, and risk assessments ahead of the AI Act high-risk application timeline.

Primary Focus: ai act implementation (administrative simplification)