Change was in the air. On 19 November 2025, the European Commission presented the Digital Omnibus Regulation proposal. You can think of it as an update of Europe’s privacy rulebook, including laws like the GDPR and ePrivacy Directive, to make them easier to apply without lowering protection for people.
Simplification, but without weakening privacy rights
It’s no secret. Everyone knows today’s cookie banners can be frustrating. Repeatedly clicking on a banner for every new site you visit is not valuable. The Commission wants to change this.
The Digital Omnibus proposal aims to simplify and modernize several key existing privacy laws. The idea is to reduce friction, improve user experience, while keeping strong user rights.
The proposal suggests:
- One-click “accept” and “reject” options at the same level on cookie banners (no multiple layers), and not asking again as long as consent is valid, or for at least six months after a refusal. This reduces repetitive consent requests that build “consent fatigue.”
- Smarter “central cookie management mechanisms”, so users can set their privacy preferences once, in a simple interface. This could mean browser- or OS-level “privacy switches”. A user might choose “reject tracking” or “only essential cookies” once, and websites would read and respect that preference automatically.
- Cookie rules to be moved into the GDPR, and a review of which situations can rely on exceptions (no consent needed), for example for security purposes, or basic, first-party, aggregated audience measurement.
🔍 The proposal also touches on other topics like personal data and AI training, or revamped ways to exercise GDPR rights. To dive deeper, check out our comprehensive guide.
What this means in practice
If you run a website, app, or online campaigns, there’s no need to panic. Quite the opposite. Compliance processes will become simpler for you and your users. Plus, this is still a proposal, not a final law:
- You do not need to change anything yet because of the Digital Omnibus.
- Your current obligations under the GDPR and other laws remain unchanged for now.
- You still need your cookie banner and CMP now and under the new rules, even if they may operate differently.
ℹ️ Core principles remain. Consent stays central. People still need to be able to make clear choices and update preferences. What could change is how consent is collected and how preferences are expressed.
Behind the scenes, you’ll still need a consent management system (CMP) to:
- Trigger a banner when exceptions don’t apply (e.g., for advertising, remarketing, profiling, cross-site tracking, and most third-party analytics).
- Allow users to modify preferences at a granular level.
- Store proofs of consent.
- Read browser or OS-level signals.
Realistically, most people won’t adopt browser-level settings immediately.
Over the years, users who have set global preferences may not see a banner at all, except when it needs to be displayed for specific purposes. Others, who haven’t set anything, will interact with banners as usual.
💡 The proposal mentions that if you’re a media service provider, you will not be required to respect global preferences since you rely heavily on advertising to remain financially sustainable.
🚀 As a founder or digital marketing professional, here’s your key takeaway: new rules or not, transparency remains a must for both businesses and their consumers.
Many see privacy as daunting. In reality, when done well, you can turn it to your advantage.
It allows you to show clients you’re serious about transparency and respecting their rights. For marketers, it even means better revenue.
To earn trust and sustain a healthy growth, you should continue to:
- Maintain clear, accessible disclosures (like your privacy policy).
- Collect consent and keep proof when required.
- Honor user choices and rights.
We recommend staying informed as the proposal moves through the EU legislative process. It’s currently expected to start applying sometime between 2026 and 2027. Here’s the European Commission’s announcement.
iubenda is ready and remains your trusted partner to keep privacy central but simple
At iubenda, we’re all about making compliance simpler for digital professionals. We keep both your business goals and your users’ privacy in mind in everything we do.
iubenda optimistically welcomes this new proposal by the European Commission. We’ve always been and will stay committed to reducing friction while strengthening user control, providing compliance tools that support business growth, and turning complex rules into clear workflows.
In fact, we’re not standing on the sidelines:
✅ iubenda is actively involved in shaping discussions with the European Commission and key stakeholders in the industry, giving us early visibility into what’s coming.
✅ Our legal and product teams are studying the new proposal in depth.
✅ We’re getting prepared so we can move quickly.
✅ Our CMP and products will be ready to support new requirements when the time comes.
Rest assured, as privacy experts, we’re here to handle both the technical and legal details so you don’t have to. We’ll keep supporting you with all aspects of digital compliance, not just cookies.
Stay tuned. We’ll inform you of any updates and help you implement them quickly and confidently.