惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Application and Cybersecurity Blog
Application and Cybersecurity Blog
B
Blog RSS Feed
M
MIT News - Artificial intelligence
爱范儿
爱范儿
V
V2EX
雷峰网
雷峰网
D
Docker
美团技术团队
N
Netflix TechBlog - Medium
C
Cisco Blogs
T
Threatpost
K
Kaspersky official blog
P
Privacy International News Feed
W
WeLiveSecurity
T
Tor Project blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
F
Full Disclosure
Forbes - Security
Forbes - Security
V
Vulnerabilities – Threatpost
I
Intezer
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Google Online Security Blog
Google Online Security Blog
The Register - Security
The Register - Security
GbyAI
GbyAI
Security Archives - TechRepublic
Security Archives - TechRepublic
Help Net Security
Help Net Security
人人都是产品经理
人人都是产品经理
SecWiki News
SecWiki News
Cyberwarzone
Cyberwarzone
Vercel News
Vercel News
罗磊的独立博客
The Hacker News
The Hacker News
腾讯CDC
S
Security @ Cisco Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
Recorded Future
Recorded Future
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 【当耐特】
小众软件
小众软件
Hacker News: Ask HN
Hacker News: Ask HN
P
Proofpoint News Feed
TaoSecurity Blog
TaoSecurity Blog
IT之家
IT之家
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
S
Security Affairs
C
Check Point Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

Element Blog

Organise your chats your way with Sections We’re interoperable, so you can be sovereign Matrix-based ZaPuK confirmed as a core component within Germany’s Deutschland-Stack Element recognised as a Digital Public Good CompuGroup Medical (CGM) and Element partner to transform healthcare communications Sweden goes live with Matrix-based federation! Air-gapped communications for national security Seamless encrypted history sharing arrives in Element Digital sovereignty is built on an open standard that enables federation Introducing the ESS Community migration tool Spaces has landed on Element X! Meedio partners with Element to deliver sovereign communications across Europe Governments need to adopt Matrix responsibly The Cyber Resilience Act: Implications for open source and digital products Latest Signal and WhatsApp breaches show that consumer apps have no place in government Sustainable decentralised comms at Element Exploring MatrixRTC: Real time communication in rooms Element’s multi-tenancy TI-Messenger solution secures ‘Good’ rating in gematik commissioned pentest Open source is key to Europe’s digital sovereignty
The Digital Omnibus: opportunities and risks for open source
Denise Almeida · 2026-02-18 · via Element Blog

At FOSDEM 2026, Denise R. S. Almeida (Head of Policy & Compliance at Element and Data Protection Officer for the Matrix.org Foundation) presented a practitioner perspective on the recently proposed Digital Omnibus. This ambitious legislative package proposed by the European Commission seeks to harmonise key concepts and simplify requirements across a range of digital regulations, including the General Data Protection Regulation (GDPR), the Data Act, and the ePrivacy Directive, with the goal of reducing administrative burdens and boosting innovation. However, as many have pointed out, simplification cannot be used as a justification for deregulation - especially when it comes to core definitions associated with our human rights.

She shared her perspective on what the proposal could mean for open source projects and communities using Matrix as a case study, highlighting both the opportunities and the risks it introduces.

Watch the whole presentation

Understanding the Digital Omnibus

The Digital Omnibus is a complex effort to harmonise overlapping European regulations. Its explicit goal, as defined by the European Commission, is to make compliance simpler, reduce bureaucracy, and ultimately free organisations to focus more on innovation. For open source projects, which often operate on limited budgets and volunteer-driven resources, these changes could be particularly meaningful.

Key proposals include simplified cookie rules to address consent fatigue, improved access to data, alignment of terminology across different regulations, and the creation of a unified reporting system for incidents and breaches. While nearly 200 pages in length, these proposals collectively aim to reduce friction in the regulatory environment and provide a clearer path forward for developers, organisations, and communities alike.

Opportunities for open source communities

There are a few ways the Omnibus could benefit open source projects. One of the most significant is streamlined reporting of breaches and incidents. Today, organisations must navigate multiple frameworks and timelines across different authorities. A single reporting system would allow teams to dedicate more time to understanding root causes and preventing incidents, rather than juggling administrative obligations. This poses to be the most impactful operational shift introduced by the Omnibus.

Another key opportunity is standardisation of Data Protection Impact Assessments (DPIAs). Many open source projects face the same privacy and security challenges but often tackle them independently, reinventing the wheel each time. Standardised DPIAs could provide templates and shared best practices, giving projects a head start on compliance while maintaining user trust.

Overall, reducing legal complexity and creating clearer guidance could allow open source teams to focus on development, community engagement, and innovation, rather than legal paperwork. For a sector where every contributor hour counts, these changes could have a tangible impact on productivity and creativity.

Risks and concerns

While the Omnibus focuses on the idea of “simplification”, there are also key risks, particularly around changes to the definition of personal data under the GDPR. This is effectively a risk of deregulation, the consequences of which must not be taken lightly. Currently, personal data is defined as any information that can directly or indirectly identify an individual. The Omnibus adds new nuance, expanding on the definition which could introduce ambiguity:

Image shows a passage of proposed text from the Digital Omnibus that introduces ambiguity around the definition of personal data.
Source: Digital Omnibus, Analysis of Select GDPR and ePrivacy Proposals by the European Commission Version 2.0, noyb.

Ambiguity in such a foundational definition carries serious implications and would essentially amount to a form of deregulation and, as many others argue, could represent a constitutional shift to the European approach to personal data protection. It could increase complexity, confuse compliance efforts, and even create loopholes for excessive processing of personal data without any protection obligations. For open source projects, clarity and transparency are essential: contributors need confidence that sharing data and collaborating openly won’t expose them to legal uncertainty. Any dilution of core protections risks undermining the trust and transparency that open source communities rely on.

While harmonisation and simplification are welcome, they must not come disguised as deregulation or be pushed forward at the expense of personal data protections or the principles underpinning European digital sovereignty. Open source relies on predictability and clarity in law; introducing complexity into a core definition threatens both.

Why participation matters

The Omnibus is still open for consultation until March 11, 2026, in the form of the Digital Fitness Check call for evidence. This provides a critical window for the open source community to contribute. Everyone is  encouraged to review the proposals, identify potential risks, and provide feedback. This is an opportunity to ensure that regulatory harmonisation  supports innovation without compromising fundamental human rights, such as privacy.

Open source communities bring a unique perspective, balancing practical development constraints with strong commitments to user rights. By engaging with the consultation, developers, project maintainers, and contributors can help shape a framework that protects users, reduces administrative overhead, and allows open source projects to thrive.

Striking a balance

The Digital Omnibus represents a dual challenge: it promises simplification, clarity, and reduced bureaucracy, but it also introduces a serious risk of deregulation as well as complexity in areas that benefit from clarity, such as the core concept of personal data in the GDPR. Open source projects could benefit from the Omnibus if these proposals are implemented thoughtfully, but only if the foundational protections for personal data remain strong and unambiguous.

Therefore communities must actively participate, share insights, and highlight overlooked risks. Only by engaging can open source projects ensure that Europe’s regulatory framework remains strong whilst supporting innovation, safeguarding users, and strengthening trust across digital ecosystems.

Note: since her talk the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted a joint opinion which highlights similar concerns to those raised at FOSDEM:

“The EDPB and the EDPS strongly urge the co-legislators not to adopt the proposed changes to the definition of personal data as they go far beyond a targeted or technical amendment of the GDPR. In addition, they do not accurately reflect and clearly go beyond the CJEU jurisprudence, and they would result in significantly narrowing the concept of personal data. The European Commission should not be entrusted to decide by an implementing act what is no longer personal data after pseudonymisation as it directly affects the scope of application of EU data protection law.”