European Union: European Commission submitted proposal for Directive amending Directive (EU) 2022/2555 as regards simplification measures and alignment with the Proposal for the Cybersecurity Act 2 including data protection authority governance

On 20 January 2026, the European Commission submitted a proposal for a Directive amending Directive (EU) 2022/2555 as regards simplification measures and alignment with the Proposal for the Cybersecurity Act 2, including data protection authority governance. The proposal would amend the role of the European Union Agency for Cybersecurity (ENISA) by requiring it to maintain a registry of essential and important entities, alongside the registry of domain name registration providers. The proposal would also require member states to provide additional information in their own list and require the incorporation of post-quantum cryptography transition into national cybersecurity strategies. Further, the proposal would increase ENISA's role in Article 37 mutual assistance procedures by mandating that it conduct cross-border cybersecurity risk analyses, develop methodologies with the Commission and the Cooperation Group, and support joint supervisory actions upon request.