In November 2025, the European Commission published the Digital Omnibus on AI, a proposal to simplify and adjust the EU AI Act before its full application. In March 2026, the Council agreed its position, confirming that changes are moving forward through the legislative process.
For companies preparing for the AI Act, the Omnibus matters because it shifts timelines, introduces relief for smaller companies, and adjusts how high-risk obligations work in practice. This article explains the key changes in plain language and what they mean for your planning.
What is the Digital Omnibus on AI?
The Digital Omnibus on AI is part of the EU's broader simplification agenda. It proposes targeted amendments to the AI Act to ease compliance burdens, extend deadlines, and clarify rules that were causing uncertainty for businesses.
It is not a rewrite of the AI Act. The core framework — risk-based classification, provider and deployer roles, transparency obligations — stays in place. The Omnibus adjusts how and when certain requirements apply, especially for high-risk AI systems and smaller companies.
Key changes companies should understand
1. Extended deadlines for high-risk AI rules
Under the original AI Act, rules on high-risk AI systems apply from 2 August 2026. The Omnibus proposes to delay this, making the start date conditional on the readiness of harmonised standards and guidelines.
If adopted, high-risk rules for Annex III use cases (such as hiring, credit, and education) would apply at the latest from 2 December 2027. For high-risk systems embedded in regulated products, the deadline extends to 2 August 2028.
This gives companies more time to prepare, but it also means timelines depend on standards development. Companies should plan for flexibility rather than assume a fixed date.
2. Grace periods for existing AI systems
The Omnibus introduces grace periods for AI systems already on the market. If a high-risk AI system was lawfully placed on the market before the new rules apply, identical units of that system can continue to be used without retrofitting, as long as the design remains unchanged.
For generative AI systems released before August 2026, providers get an additional six months (until February 2027) to meet new transparency obligations like content marking.
3. Relief for SMEs and small mid-caps
The AI Act already provides reduced obligations for SMEs. The Omnibus extends certain benefits to small mid-caps (SMCs) — companies with fewer than 750 employees and either net turnover under €150 million or a balance sheet under €129 million.
These benefits include:
- simplified technical documentation for high-risk AI compliance
- more proportionate quality management system requirements
- caps on penalties for non-compliance
For SMEs themselves, quality management requirements are further simplified, previously reserved only for microenterprises.
4. Registration requirements removed for lower-risk systems
Previously, providers that demonstrated an Annex III use case was not actually high-risk still had to register the system in the EU database. The Omnibus removes this requirement. Providers still need to document their risk assessments, but they no longer need to register systems that fall outside the high-risk category.
5. Regulatory sandboxes and real-world testing
The Omnibus introduces an EU-level regulatory sandbox alongside existing national sandboxes. This allows companies, especially SMEs, to pilot high-impact AI solutions under regulatory guidance. Real-world testing rules are also broadened, letting providers of regulated-product AI conduct controlled trials before full certification.
6. Codes of practice become soft law
Under the original AI Act, the Commission could adopt binding codes of practice for general-purpose AI models. The Omnibus removes the hard-law pathway. Codes can still be adopted, but they remain voluntary guidance rather than enforceable rules.
7. Centralised enforcement changes
The EU's AI Office gains exclusive supervisory authority over certain AI systems, including those based on general-purpose AI models and systems embedded in very large online platforms. Meanwhile, enforcement for high-risk AI in regulated products remains with national product safety regulators.
What happens if the Omnibus is not adopted in time?
The Omnibus is still a legislative proposal moving through Parliament and Council. If political agreement is not reached before August 2026, the original AI Act deadlines apply as drafted. That means high-risk requirements could take effect before the supporting standards or tools are fully ready.
Companies should not rely solely on delayed timelines. The practical advice is to prepare as if the original dates still apply, while staying flexible for adjusted deadlines if the Omnibus passes.
What this means for different types of companies
Startups and SaaS companies
The extended high-risk deadlines and SME/SMC relief reduce the urgency of full compliance programs, but the core work remains the same: map your AI systems, understand your role, and classify risk. Starting early is still the best strategy because governance built now scales with your product.
HR and hiring companies
Hiring-related AI remains one of the clearest high-risk categories. The delayed timeline gives HR companies more time to implement controls, but the expectations around documentation, oversight, and transparency are unchanged. Do not wait for the deadline to start building governance around candidate-facing AI.
Consulting and advisory firms
The Omnibus creates additional advisory demand. Clients will need help understanding how shifted timelines and new SMC categories affect their plans. Consulting firms that understand these changes can offer more precise guidance and stronger client relationships.
Practical steps to take now
- Do not pause compliance work. The Omnibus adjusts timelines, not the fundamentals. Mapping, classification, and documentation remain essential.
- Check if you qualify for SME or SMC relief. If your company has fewer than 750 employees and meets the financial thresholds, you may benefit from simplified requirements.
- Monitor standards development. The real trigger for high-risk obligations may be standards readiness, not a fixed calendar date.
- Use the extra time wisely. Build governance now while the pressure is lower. Teams that wait until deadlines approach will face rushed, lower-quality work.
- Track the legislative process. The Omnibus needs Parliament and Council agreement. Follow progress to adapt your roadmap as certainty increases.
For a complete overview, return to the EU AI Act Guide. Start with the EU AI Act checklist if you need a quick overview. To see where these changes fit historically, explore the EU AI Act timeline. Then use the AI Act compliance checklist to turn awareness into structured action. Run a free AI Act scan to check your exposure, or return to the ActNavigator homepage.