The European Commission plans to simplify some EU rules on AI, cybersecurity and data. Its Digital Omnibus package proposes amending the AI Act, DORA and other EU legislation.
The proposals on the EU AI Act include:
delaying the start date of the high-risk AI regime by 16 months to 2 December 2027,
removing the AI literacy requirement for AI providers and deployers and replacing it with an obligation on the Commission and Member States to foster AI literacy, and
transferring oversight of some AI systems to the Commission’s AI Office.
A separate proposal on digital legislation envisages creating a single entry point for companies to report incidents and cyber attacks. This would harmonise existing procedures across GDPR, DORA and NIS2. The Commission hopes that a “report once, share many” approach will reduce the administrative burden on firms.
The European Parliament and Council will now consider the Commission's proposals. The Commission has also launched a wider consultation exploring whether the EU’s digital rules are effective, proportionate and fit for the future. This Digital Fitness Check is open for comments until 11 March 2026.
/Passle/5c4b4157989b6f1634166cf2/MediaLibrary/Images/2025-11-10-11-15-37-252-6911c959be557da3fa78c600.png)
/Passle/5c4b4157989b6f1634166cf2/MediaLibrary/Images/5e8c632e342a501240e44bf9/2021-12-16-10-06-48-311-61bb0fb88cb5d300b039a8f7.jpg)
/Passle/5c4b4157989b6f1634166cf2/MediaLibrary/Images/2025-08-18-09-49-59-735-68a2f747092d32bd68ab0450.png)
/Passle/5c4b4157989b6f1634166cf2/SearchServiceImages/2025-11-11-12-32-25-427-69132cd9c341c3c6036f666c.jpg)