Regulators Push Back on AI Simplification: Joint Opinion Warns Against Weakening Rights

The EDPB and the European Data Protection Supervisor have adopted a Joint Opinion on the European Commission’s proposal to simplify implementation of harmonised rules on artificial intelligence — described as the “Digital Omnibus on AI”. While supportive of addressing practical implementation challenges, the regulators stress that administrative simplification must not lower fundamental rights protection.

The joint communications reflect a common regulatory tension: AI rules are complex, and organisations want clarity and workable compliance paths. However, simplification carries risk if it reduces safeguards, narrows oversight, or weakens controls around sensitive processing. The regulators’ message is that simplification is acceptable only where it improves operability without weakening protections.

The Joint Opinion document also references work underway on guidance concerning the interplay between the GDPR and the AI Act, illustrating that regulators expect organisations to treat AI governance and data protection as connected disciplines rather than separate silos.

For organisations building or deploying AI, the practical implication is clear: a compliance programme that relies solely on “AI Act checklists” without GDPR-grade accountability will be vulnerable. AI systems often ingest personal data, produce inferences, and influence decisions about individuals. That means DPIAs, lawful basis analysis, minimisation, transparency, and security remain foundational.

Acompli perspective: The emerging AI governance landscape rewards organisations that can demonstrate structured decision-making. “Why this data?”, “why this model?”, “what risks to individuals?”, “what mitigation and monitoring?” — these questions need traceable answers. Tools that link AI project governance to DPIAs, risk registers and technical control evidence will be aligned with where regulators are directing attention.