What is the Digital Omnibus?
The Digital Omnibus proposal is the European Commission’s plan to simplify and modernize several key EU digital laws, including the GDPR and the ePrivacy Directive.
The goal is to reduce friction and improve user experience, without weakening people’s rights.
It touches a wide range of topics: cookies and consent, use of personal data and AI, pseudonymization, and GDPR rights.
A big focus is on fixing today’s consent experience. The Commission knows that constantly clicking through cookie banners on every new site is quite tedious. The Omnibus proposal tries to ease that pain while keeping a robust privacy framework in place.
What practical changes should marketers expect?
The main changes you should be aware of concern cookie banners and consent, as well as how preferences are expressed.
1. Central consent mechanisms and signals
To reduce being prompted with the banner repeatedly, the proposal looks at “central cookie management mechanisms”, such as browser or OS-level privacy settings. Think of a simple switch like:
- “Reject tracking”
- “Only essential cookies”
Users could set this once, and websites would then read and respect that choice automatically via machine-readable signals.
If the proposal decides to move from a banner-only model to a signal-aware model to express preferences centrally, this means that:
- When a valid signal exists, for instance, no consent given for tracking purposes, you must read and respect it.
- Your consent tools (CMP, tag manager, analytics) will need to interpret those signals and configure tracking accordingly.
💡 That is where Google Consent Mode will be essential for any missed opportunities when consent is not given. With modeling, you ensure you preserve marketing data in the EU and keep your campaigns running and your revenue up. More on this here.
2. Cookie rules moving into the GDPR and clarifying consent exceptions
The rules on storing or accessing information on a user’s device (cookies and similar tech) are expected to be moved into the GDPR and paired with clearer exceptions where no consent is needed. Key examples:
- Strictly necessary cookies, for the transmission of a communication or to provide a service the user explicitly requested.
- First-party, aggregated audience measurement, when you measure your own audience for your own use only, without sharing or selling the data, and without using it for other unrelated purposes.
This is important news for marketers. The proposal could bring more clarity and flexibility around first-party analytics that can run without consent (for example, certain self-hosted or privacy-focused tools), as long as they meet the conditions.
Third-party analytics and cross-site tracking, however, would generally still require consent.
💡 Need a refresher on first-party vs. third-party cookies? Over here!
3. Updated banner rules to reduce consent fatigue
Here’s what The Omnibus suggests:
- When a banner is needed, a single-click “Reject” option must be as visible and easy as “Accept” (this requirement was already commonly enforced at a member-state level).
- You can’t re-ask for consent while it remains valid.
- If a user refuses, you can’t re-prompt them for the same purpose for at least 6 months.
In practice, this means slightly fewer opportunities to “nag” users, but also a cleaner, more respectful, and improved user experience that can boost trust and brand perception.
Will cookie banners disappear?
No. The European Commission wants to avoid users being prompted with banners again and again, not to remove consent or banners altogether.
The core opt-in model stays the same: you still need valid consent for advertising, profiling, cross-site tracking, and most third-party analytics.
In practice:
- Banners will still be the main way most users give consent, especially those who never touch browser/OS privacy settings. Some users will set global preferences; in those cases, your CMP can read the signal and skip the banner.
- You will still need a Consent Management Platform or equivalent system to enforce whether tracking can run, keep proof of consent, and let users review and update their choices.
For you as a marketer, this means you’ll likely show fewer banners to the same user over time, but you still need a robust consent setup behind the scenes to control tags, pixels, and all your destinations (ad platforms, analytics, customer platforms, etc.)
What should marketers do now?
No action is needed now. The Digital Omnibus is still a proposal, not a final law. Until it’s adopted and the application dates arrive:
- Your current obligations under the GDPR and ePrivacy remain unchanged.
- You do not need to change your setup because of the Omnibus.
🚀 What you need to succeed isn’t changing
Even with new rules, transparency, user trust, and compliant data remain your biggest assets to power your marketing.
A solid compliance strategy can:
- Improve brand perception by showing you respect visitors’ privacy rights and choices. Intrusive remarketing, sending emails without consent, or resurfacing after an opt-out can backfire fast.
- Protect marketing data and performance with tools like Google Consent Mode and privacy-centric measurement.
Stay compliant today and:
✅ Keep your privacy and cookie notices clear and accessible.
✅ Ask for consent and keep proof when needed (e.g., for advertising, remarketing, cross-site tracking). Use your CMP to run or block cookies based on your preferences.
✅ Allow users to update preferences easily via your CMP, and make sure those choices flow through to your ad platforms, analytics, CRM, etc.
When will the proposal take effect?
The proposal was published on 19 November 2025, but it is not yet law. The text can change substantially at any stage during European Parliament and Council negotiations.
If and when it is adopted, it will apply in stages. Each requirement will apply months after entry into force (from 6 to 48 months).
The Omnibus is intended to be an EU Regulation, meaning it will apply directly and uniformly across all Member States.
So this is a multi-year transition, not an overnight change. You’ll have time to adapt, and your digital compliance tool, including iubenda, will guide you through the practical steps.