European Union: Commission announced Proposal for Digital Omnibus Regulation (EU 2025/0360) including cybersecurity regulation

On 19 November 2025, the EU Commission announced its Proposal for a Digital Omnibus Regulation (EU 2025/0360) on the simplification of the digital legislative framework. The Digital Omnibus would amend a number of existing regulations, including the GDPR, the Data Act, the EU AI Act, and the NIS 2 Directive, while repealing the Regulations on non-personal data, the P2B Regulation, the Data Governance Act, and the Open Data Directive. The Digital Omnibus would amend the NIS 2 Directive to require the European Union Agency for Cybersecurity (ENISA) to develop and maintain a single-entry point for the reporting of cybersecurity incidents. It would further amend other EU legal acts, including the GDPR, the eIDAS Regulation, the Digital Operational Resilience Act, and the Critical Entities Resilience Directive to require the entities regulated under those acts to report incidents to the single-entry point. In the case of the GDPR, personal data breaches is likely to result in a high risk to the rights and freedoms of natural persons would need to be reported to the single-entry point within 96 hours of becoming aware of them.