On 19 November 2025, the European Commission presented the Digital Omnibus Regulation proposal as part of its wider Digital Package.
By amending cornerstone laws such as the GDPR, the ePrivacy Directive, the Data Act, and the AI Act, the proposal targets practical issues around things like cookies and consent, personal data, and AI. The purpose is clear: simplify and modernize the EU’s digital framework.
🔎 To dive deeper into the full proposal, check out our comprehensive guide.
At the same time, the proposal has triggered intense public debate. Some view it as a necessary update to keep Europe competitive and reduce friction for users and businesses; others warn against any perceived “rollback” of fundamental rights.
In this context, the voices of those who build and operate digital compliance every day are crucial.
As a Consent Management Platform (CMP), we sit at the intersection of regulation, technology, and user experience. That’s why we are actively contributing to the discussions shaping the Digital Omnibus.
Why the Omnibus matters
The Commission frames the Digital Omnibus as a competitiveness and simplification initiative, intended to cut red tape and give organisations clearer, more coherent obligations across the digital landscape.
For privacy and cookies in particular, the proposal is designed to:
- Limit consent fatigue and limit repetitive, confusing banner requests.
- Reduce compliance costs by simplifying time-consuming and costly legal requirements.
- Align overlapping laws, especially where the GDPR and ePrivacy Directive currently interact in complex ways.
- Provide legal clarity on areas that have proven vague or outdated in practice.
🔎 Find out in detail what the new cookie rules could mean for you.
Engaging in discussions with the European Commission
Speaking with a united CMP voice: our joint submission to the Commission
When the Commission opened its call for evidence and public feedback on its initiative, it explicitly invited stakeholders to share concrete ideas for simplifying rules without weakening protection.
As a leading European CMP, we joined forces with other CMP providers to submit a joint response to the Commission. Our goal was to ensure that the practical reality of consent management on the ground is reflected in the future legal framework.
In our joint feedback, we stress a core point:
It must be recognised that online consent goes beyond cookies. CMPs play a key role in obtaining consent for all non-essential treatment of data, for all types of technologies.
We argue that the conversation must move from “cookie banners” to “consent infrastructure”. If the EU goes toward central consent management inside browser mechanisms, it should promote an interoperable model.
Users should be able to choose trusted tools that can communicate seamlessly with browsers and apps to provide a transparent user experience.
European CMPs stand ready to support the Commission in designing practical, future-proof solutions that combine ease of compliance for businesses with genuine control for users, creating a model of European digital trust by design.
Concretely, we recommend that any future rules:
- Require browsers that offer central consent features to expose open APIs that CMPs can use. CMPs will still be needed to determine whether cookies and tracking technologies can be installed, to manage proof of consent, and to apply consent or refusal correctly.
- Protect genuine, granular consent. GDPR consent must remain specific, contextual, and be collected in a transparent way by neutral, independent tools.
- Simplify without centralising power. As reinforced in the Digital Markets Act, simplification must not mean concentrating control of the consent layer in a handful of browsers, which would risk gatekeeper issues.
Bringing real-world insights: our technical contribution
Following our joint feedback, key contributors, including our CPTO and Head of Frontend Engineering, took part in a dedicated roundtable with European Commission policymakers.
Matteo Colucci, our Head of Frontend Engineering, says that “the main purpose of the meeting was to open a dialogue between the European Commission and CMPs”, to ensure that all perspectives were taken into account.
He describes that participants brought hands-on implementation experience into the room, clarifying:
- The essential role of banners and CMPs in enabling users to exercise their rights.
- What really drives consent fatigue and how it could be improved (accessing user preferences across multiple contexts).
- That any new model must keep transparency central and make sure users are aware of and know how to exercise their privacy rights.
The Commission is meeting with a broad range of stakeholders, like advertisers and publishers, and we expect further discussions.
In the words of our CPTO Filippo Barra, “the Commission demonstrated its willingness to leverage industry expertise and collaborate with CMP counterparts.”
Our direction is aligned:
iubenda will continue to share insights and proactively propose improvements that enhance user experience while keeping privacy central.
We will keep turning privacy rules into clear, actionable, technically robust solutions enabling businesses of all sizes to obtain consent responsibly and accelerate growth while staying compliant globally.
Our involvement puts us in a leading position to shape the discussions and move quickly.