The EACB welcomes the possibility to comment on the European Commission’s proposal for a Digital Omnibus. Over the past years, the banking/financial sector has seen a significant increase in digital and cyber-related legislation and policymaking.
Additional guidance is also being issued by supervisory authorities, which may not always coordinate with one another before publishing. Furthermore, case law from the Court of Justice of the European Union can also influence the interpretation of legislation. Therefore, the EACB believes it is important to ensure sufficient alignment between different legislative initiatives, while keeping the intended policy objectives in mind.
The EACB welcomes several elements of the proposal, including the consolidation of existing EU data sharing rules into a single legal framework and efforts to simplify certain GDPR provisions. At the same time, safeguards must be preserved for sensitive data, trade secrets and intellectual property, and exemptions for SMEs should not create uneven playing fields, as data sensitivity is not linked to company size.
On personal data, the EACB supports targeted improvements to GDPR workability, notably on the processing of special categories of data and on automated decision making, while emphasising the need for consistent interpretation across Member States and clear guidance on interactions with sector specific rules.
Regarding incident reporting, the creation of a Single Entry Point seems to be a positive development, but it does not reduce the underlying burden of multiple overlapping reporting regimes. Moreover, strong safeguards are needed so that information submitted for one authority is not automatically accessible to others without a clear legal basis.
In the broader discussion on simplification, the EACB wants to once again stress the importance of recognising DORA as lex specialis and calls for a clear exemption from the CRA for financial entities already subject to DORA, to avoid redundant obligations and disproportionate compliance costs. More broadly, better coordination between national authorities and greater consistency in supervisory interpretation are essential to reduce fragmentation and support a more effective and innovation friendly digital rulebook.