Monday, 18 May 2026
AI Daily
Front Page
EU AIMonday, 04 May 2026 · 3 min read

Amnesty International Says EU Omnibus 'Simplification' Would Dismantle AI Act and GDPR Protections

Amnesty International has warned that the European Commission's Digital Omnibus package would gut core GDPR and AI Act protections under the guise of regulatory simplification, ahead of a critical May 13 trilogue.

European Parliament building exterior, representing EU AI Act legislative negotiations
Placeholder (picsum)

Amnesty International has issued one of the most pointed civil-society interventions yet in the EU's ongoing regulatory debate, arguing that the European Commission's Digital Omnibus package would strip away the rights protections at the core of the GDPR and the AI Act — changes the organisation describes as "an unprecedented rollback of rights online at the EU level."

The warning, published in April 2026 and gaining attention as a decisive May 13 trilogue approaches, targets a package Brussels frames as bureaucratic simplification. Amnesty's position is that the substance of what is being simplified is not red tape but enforceable rights.

What the Omnibus Would Change

The package, unveiled in November 2025, proposes adjustments to both the GDPR and the AI Act that Amnesty says would work together to weaken protections against surveillance and algorithmic harm. On the data side, the Commission's proposals would redefine what counts as personal data, broadening the circumstances under which companies can retain and reuse it for AI training. They would also allow controllers to deny data deletion requests where removal requires what the Commission describes as "disproportionate effort" — a term critics say remains undefined and susceptible to self-serving interpretation.

On the AI Act side, the proposals would eliminate the obligation for high-risk system operators to publish risk assessments to a central EU database. More significantly, they would allow providers to self-determine whether their systems fall into the high-risk category at all, without external verification. Combined with a grandfather clause that lets AI systems deployed before the August 2026 deadline avoid many future obligations, Amnesty argues the reforms would let a wide range of already-deployed surveillance and decision-making tools sidestep the rules the AI Act was designed to impose.

The organisation notes that Amazon alone spent €7 million on EU lobbying in a single year, and frames the Omnibus as a victory for that pressure rather than a genuine administrative reform.

The Trilogue Situation

The Omnibus negotiations have been marked by collapse and restart. A twelve-hour trilogue session on 28 April 2026 ended without agreement after Parliament and the Council failed to resolve a core dispute: whether AI embedded in regulated products — medical devices, machinery, toys, connected cars — should fall under the AI Act or be routed through sectoral regulations instead. Parliament pushed for the sectoral carve-out; the Council and Commission resisted, warning it would hollow out the framework.

MEP Michael McNamara cautioned that routing AI governance through sector-specific legislation could prove "deregulatory rather than simplifying" — essentially removing AI Act accountability from a large class of deployed systems without replacing it with an equivalent standard.

A fresh trilogue session is scheduled for 13 May 2026, which analysts now regard as the last realistic opportunity to reach agreement before the Cypriot Council Presidency expires on 30 June. If no deal is reached by then, the incoming Irish presidency would inherit the negotiations with no guarantee of continuity.

Regardless of the Omnibus outcome, organisations must still prepare for Article 50 transparency requirements — user disclosures and machine-readable marking for AI-generated content — which activate on 2 August 2026 under the existing AI Act schedule.

Stakes Beyond Brussels

The timing matters for anyone operating AI systems in the EU. The original deadline for high-risk AI system compliance was August 2026. The Parliament's March 2026 plenary vote — passed 569 votes to 45 — proposed pushing that deadline to 2 December 2027 for standalone high-risk systems, but that position is still subject to trilogue agreement. Until a deal is struck, companies face uncertainty about which obligations will apply and when.

Amnesty is not alone in raising concerns. The Digital Watch Observatory has flagged that if the Digital Fitness Check is eventually extended to the Digital Services Act and Digital Markets Act, the scope of potential deregulation could broaden beyond what is currently visible. Civil-society organisations across multiple EU member states have submitted similar objections, though the Commission has framed the reforms as essential to European competitiveness.

The broader tension is one the EU has struggled with throughout the AI Act's development: how to maintain rights-protective rules stringent enough to justify the bloc's global regulatory reputation while avoiding a compliance burden that pushes investment and model development outside Europe. The Omnibus debate has made clear that this tension has not been resolved — it has merely been deferred to a May deadline that is now less than two weeks away.

#eu-ai-act#omnibus#amnesty-international#human-rights#gdpr#simplification

Sources

More from EU AI

See all