European Data Protection Authorities Issue Joint Opinion on the Digital Omnibus on AI
On January 20, 2026, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted Joint Opinion 1/2026 regarding the European Commission’s proposal to amend the EU AI Act. This document outlines their primary recommendations and concerns about the proposed changes.
Complexity of the AI Act
The Authorities acknowledge the complexity of the AI Act and agree that targeted simplifications can support legal certainty and efficient administration. However, they caution that such simplifications must not compromise the protection of fundamental rights, including data protection rights.
Key Recommendations
1. Clear Boundaries for Processing Sensitive Data
The Proposal aims to expand the legal basis under the AI Act to allow for the processing of special categories of personal data for bias detection and correction in AI systems. While the Authorities concede that some bias mitigation may necessitate the use of sensitive personal data, they insist that such processing should meet a “strict necessity” threshold rather than merely a “necessary” threshold. They further recommend that the use of this legal basis be clearly defined and limited to justified cases that consider the risks of adverse effects arising from such processing.
2. Maintaining Registration and Training Obligations
Although generally supportive of reducing administrative burdens, the Authorities are opposed to eliminating registration requirements for AI systems deemed low-risk. They flag the risks associated with differing interpretations and incorrect assessments, which could reduce visibility for competent authorities and hinder effective supervision of potentially high-risk AI systems. Additionally, they argue that shifting the AI literacy obligation to the Commission and Member States would undermine the effectiveness of ensuring AI literacy among providers and deployers.
3. Reinforcing Institutional Coordination for AI Regulatory Sandboxes
The Authorities express broad support for EU-level AI regulatory sandboxes but recommend that competent national data protection authorities be involved in their operation. They also suggest that the EDPB should have observer status on the European Artificial Intelligence Board. This is crucial to ensure effective governance and coordination.
4. Clarifying Supervision and Enforcement Rules
The Authorities emphasize the need for strong cooperation among various stakeholders involved in the supervision and enforcement of the AI Act, including the AI Office and national market surveillance authorities. They call for clarifications regarding the powers and competencies of these entities, such as which general-purpose AI systems would trigger the AI Office’s exclusive competence.
5. Warning Against Postponing High-Risk Obligations
Finally, the Authorities express concern regarding the proposed postponement of certain obligations for high-risk AI systems. They warn that such delays could allow more high-risk systems to escape the Act’s requirements, undermining compliance and public trust. They urge legislators to maintain original timelines for obligations with rights-protective effects and to limit any necessary delays to what is strictly essential.
The ongoing dialogue around the AI Act underscores the balance that must be struck between fostering innovation and safeguarding fundamental rights. As regulatory frameworks evolve, it is imperative that they remain robust to protect users in an increasingly digital landscape.
