FESI urges EU to streamline digital compliance for sports brands

The Federation of the European Sporting Goods Industry (FESI) has published a position paper calling on the European Commission to sharpen and simplify several provisions of the proposed Digital Omnibus Regulation, with particular concern for how existing digital rules affect companies operating across EU member states.

The paper, released in March 2026, addresses proposed amendments to the General Data Protection Regulation (GDPR), the Data Act and the Network and Information Security Directive (NIS 2). While FESI broadly supports the Commission’s goal of reducing administrative burden, the federation identifies four areas of the GDPR alone where it believes current or proposed language remains unworkable for sporting goods companies.

Health data definitions need narrowing

The most operationally significant concern relates to Article 9 of the GDPR, which governs special categories of personal data. FESI argues that the current definition of ”health data” is broad enough to capture general lifestyle information — including running and workout data collected through wearables — placing such data in the same regulatory tier as clinical or diagnostic information.

The federation recommends limiting the definition to medical data that reveals a user’s physical or mental health status in a treatment or diagnostic context. Without that clarification, companies producing connected fitness devices face compliance obligations that, in FESI’s view, are not calibrated to actual privacy risk.

On cookies, the paper argues against a strict mandate to gather consent exclusively at browser level, proposing instead that users be offered the choice to activate Global Privacy Controls (GPC) — a technical mechanism already operational in California under the California Consumer Privacy Act (CCPA). FESI recommends limiting GPC’s scope to targeted advertising and the sale or sharing of personal data with third parties, keeping first-party service providers outside its reach.

FESI also calls for the deletion of proposed Article 41(a), which would establish data evaluation protocols. In the federation’s view, the article introduces legal uncertainty without a corresponding privacy benefit — particularly around the risk that data previously classified as non-personal could be reclassified as personal if pseudonymization standards evolve.

Data Act and cybersecurity reporting in scope

On the Data Act, FESI raises concerns about two provisions in Article 32. The first — Article 32(v) — would allow the Commission to reclassify categories of data, potentially triggering new remuneration or access obligations without clear criteria.

The second — Article 32(x) — lacks sufficient definition of the terms ”where appropriate” and “appropriate safeguards” for transfers of non-personal data to third countries. Both, FESI argues, introduce unpredictability into existing business models and data-sharing arrangements.

On cybersecurity, the federation supports the creation of a single entry point for incident reporting under NIS 2 — currently companies must notify multiple national authorities with differing deadlines — and recommends aligning the notification window across NIS 2 and the Cyber Resilience Act with the 96-hour period already proposed under the amended GDPR Article 33, rather than the current 24-hour threshold.

FESI’s footprint — and why regulatory clarity matters for sports brands

FESI represents approximately 1,800 sporting goods manufacturers across Europe, accounting for roughly 85 percent of the European market. Between 70 and 75 percent of its membership is made up of small and medium-sized enterprises. The sector employs over 700,000 people in the EU and generates annual revenue of around €81 billion.

The Digital Omnibus Regulation is part of the Commission’s broader push to rationalize Europe’s digital rulebook. For sports brands, where product development increasingly intersects with data collection — through wearables, connected equipment and AI-driven consumer services — the legal clarity sought by FESI is directly tied to the pace at which the sector can develop and deploy such products in the European market.