On 19 November 2025, the European Commission released the Digital Omnibus package, a comprehensive proposal to reform and consolidate major pieces of EU digital regulation. The Omnibus seeks to update and align the GDPR, Data Act, AI Act, and other laws into a more cohesive framework — easing compliance burdens, harmonising definitions, and introducing a unified incident reporting approach across EU digital legislation.
Among the notable proposals:
-
Extending GDPR breach notification timeframes from 72 to 96 hours for high-risk breaches and standardising notification templates.
-
Creating a Single EU Reporting Portal (SEP) for cybersecurity and privacy incidents to satisfy multiple regulatory requirements with one submission.
-
Strengthening trade secret protections and cloud portability.
This initiative could reshape how organisations approach data governance, cybersecurity reporting, and cross-directive compliance.
🔗 Reporting on Digital Omnibus — Commission information via legal analysis summaries sidley.com+1