The European Commission is currently working to reduce the regulatory burden on companies to give them more time to devote to innovation and scaling. Its approach includes reducing bureaucracy and making existing rules more practical. Following sustained criticism of the original regulatory framework of the Artificial Intelligence Act (“AI Act”) due to its scope and multitude of technical requirements, the Commission’s new digital package, which includes its digital omnibus proposal of 19 November 2025 for a regulation to simplify the legislative framework, seeks to help EU businesses by streamlining the regulation of artificial intelligence (“AI”), cybersecurity and data.
Reasons for revising the AI Act
European digital law is becoming increasingly complex. A plethora of new rules, including those under the Artificial Intelligence Act (Regulation (EU) 2024/1689) (podcast in German only), the Data Act (Regulation (EU) 2023/2854) and the Cyber Resilience Act (Regulation (EU) 2024/2847), mean companies now face an elaborate network of interrelated obligations that are not only linked in terms of content and timelines but also challenging to implement in practice.
The AI Act of 13 June 2024, which entered into force on 1 August 2024, creates a single market for trustworthy and human-centric artificial intelligence within the EU. It aims to promote innovation and the use of AI while ensuring a high level of protection for health, security and fundamental rights. The Act is to be implemented in stages, with all provisions in force by 2 August 2027 at the latest.
As per its AI Continent Action Plan and Apply AI Strategy, the European Commission is committed to a clear, practical and innovation-friendly implementation of the AI Act.
However, a public consultation revealed numerous issues that could hinder the timely implementation of certain key provisions of the Act, e.g. the designation or establishing of notifying authorities under Article 28(1) and the obligation under Article 4 to bring about AI literacy. Delays of this kind could significantly increase compliance costs for companies and public authorities and impede innovation processes.
Against this backdrop, the Commission presented a digital omnibus proposal on 19 November 2025 for a regulation to simplify EU digital legislation, including specific amendments to the AI Act to address the identified challenges. The European Commission is also prioritising issuing a series of guidelines aimed at optimising compliance with the Act. The digital omnibus joins the other omnibus packages proposed by the European Commission to streamline EU rules (e.g. the omnibus initiatives to simplify the CBAM Regulation and the EU Corporate Sustainability Due Diligence Directive as well as the omnibus package to boost defence readiness).
Modified implementation period for high-risk AI systems
The proposal contains a new implementation period for certain rules governing high-risk AI systems (Chapter III, Sections 1-3). This period is now to be linked to the availability of standards or the provision of other support tools.
The Commission believes that delays in important preparations – such as the establishment of harmonised standards, common specifications and national authorities – could lead to practical obstacles. Consequently, the new rules may not be implemented as scheduled and compliance costs could become unnecessarily high. In such a case, there would be no justification for retaining the original date of application – which is why the proposal seeks to implement a mechanism that links the entry into application to whether the necessary support measures – such as harmonised standards, common specifications, and Commission guidelines – are actually available.
The current Article 113 AI Act, which regulates the Act’s entry into force and application, is to be supplemented by a letter (d) under which the provisions on high-risk AI systems in Chapter III, Sections 1, 2 and 3 will not enter into force until the Commission has adopted a corresponding decision confirming the existence of adequate measures:
- For AI systems classified as high-risk systems under Article 6(2) and Annex III, six months after the decision; in the absence of such decision, no later than 2 December 2027
- For AI systems classified as high-risk systems under Article 6(1) and Annex I, 12 months after the decision; in the absence of such decision, no later than 2 August 2028
Expansion of regulatory simplifications to small mid-cap enterprises (SMCs)
Companies that outgrow the definition of micro, small and medium-sized enterprises (“SMEs”) – known as small mid-caps (“SMCs”) – play a central role in the European Union’s economy. Their higher pace of growth and tendency to innovate and digitise to a greater extent mean that they face challenges similar to those of SMEs in terms of administrative burden. The Commission therefore sees a need to ensure proportionality and provide targeted support to SMCs.
To meet that need, greater attention will be paid to this group of companies in future (see Article 1(2), letter (g) AI Act). Binding definitions of SMEs and SMCs are moreover to be introduced in Article 3 AI Act.
The proposal also contains simplifications with regard to the technical documentation required under Article 11 AI Act. SMEs and SMCs will be permitted to submit certain elements of technical documentation in a simplified manner, and the Commission will establish and provide a simplified technical documentation form for this. Concurrently, the competent national and EU authorities are to give special attention to SMEs and SMCs and ensure that monitoring activities and any penalties and fines imposed remain proportionate.
Changes relating to AI literacy
Article 4 AI Act currently requires all providers and deployers of AI systems to ensure the AI literacy of their staff. However, stakeholders’ experience has shown that a one-size-fits-all solution does not work for all providers and deployers when it comes to promoting AI literacy and that it represents an additional compliance burden, particularly for smaller enterprises. AI literacy should nevertheless be a strategic priority, regardless of regulatory obligations and potential sanctions.
The current vaguely worded obligation incumbent on enterprises to promote the development of AI literacy is therefore to be abolished, with the responsibility for this being shifted to the Commission and the Member States. Deployers of high-risk AI systems will however remain obligated to provide training.
More flexibility for providers in post-market monitoring
The Commission will no longer have the power to adopt a harmonised template for a monitoring plan (currently Article 72(3) AI Act), a move intended to give providers of high-risk AI systems increased flexibility in post-market monitoring and greater discretion to set up monitoring systems specifically tailored to their organisations. The Commission will publish guidance clarifying what providers need to do to comply with the new provisions.
Reducing registration obligations
Article 49(2) AI Act currently requires providers or their authorised representatives to register both themselves and any AI system that falls under Annex III to the Act in the relevant EU database before placing the system on the market or putting it into service even if they have reached the conclusion that the system is not high-risk according to Article 6(3) AI Act. These are AI systems that, although listed in Annex III, do not pose significant risk of harm to the health, safety or fundamental rights of natural persons, including by not materially influencing the outcome of decision-making.
So in order to streamline compliance and reduce the associated costs, Article 49(2) AI Act is to be deleted without replacement, eliminating providers’ obligation to register the AI systems referred to in Article 6(3) AI Act in the EU database. Even so, a provider who takes the view that an AI system falls under Article 6(3) AI Act is still required to document its assessment prior to placing the system on the market or putting it into service – an assessment that may also be requested by the national competent authorities.
Centralising supervision within the AI Office
Supervision of a large number of AI systems built on general-purpose AI models or embedded in very large online platforms or search engines is to be centralised within the Commission’s AI Office. This acts as the centre of AI expertise across the EU, promoting the development and implementation of AI solutions that benefit both society and the economy. The AI Office currently also leads the implementation of the AI Continent Action Plan and the Apply AI Strategy. However, centralisation can only be achieved if the current Article 75 AI Act is fundamentally amended and the AI Office is granted the required authority.
The aim of the amendment is to ensure that companies only have to deal with a single regulator, rather than multiple national authorities. This centralised approach will enable the development of specialised expertise in AI systems within the Commission and ultimately alleviate the burden on national authorities. At the same time, it will also avoid diverging national enforcement actions and create legal certainty for deployers.
Facilitating compliance with data protection law
The introduction of a new Article 4a, replacing Article 10(5) AI Act, is to create a legal basis which will facilitate compliance with data protection law (article in German only) by allowing providers and deployers of AI systems and AI models to exceptionally process special categories of personal data for the purpose of ensuring bias detection and correction under certain conditions.
Broader use of AI regulatory sandboxes
The Commission also wants to expand the use of AI regulatory sandboxes. To this end, the provisions on AI regulatory sandboxes in Article 57 AI Act are to be amended to create a legal basis for the AI Office to introduce an AI regulatory sandbox on EU level for certain AI systems that will fall within its exclusive competence of supervision. At the same time, Member States are to be obliged to strengthen cross-border cooperation of their regulatory sandboxes.
The proposal is also likely to have implications for Germany’s draft Regulatory Sandboxes Act (Reallabore-Gesetz) submitted on 30 May 2025, which the governing coalition intends to use to facilitate more frequent and improved use of regulatory sandboxes in all sectors. The more innovation-friendly approach emerging from the Commission’s proposal could provide an important impetus for further committee deliberations on the draft Act.
The Commission’s empowerment to adopt implementing acts specifying the detailed arrangements for the establishment, development, implementation, operation and supervision of AI regulatory sandboxes is also to be further specified. The Commission is moreover proposing changes to the testing of high-risk AI systems in real-world conditions outside AI regulatory sandboxes and would like to extend this testing to include high-risk AI systems covered by Section A of Annex I to the AI Act, among other things. This is intended to better streamline coordination between the Member States and ensure optimal use of resources.
Conclusion
The Commission’s overarching objective of better aligning AI regulation with real-world conditions and practical needs is to be welcomed, not least because it makes it easier for entrepreneurs to understand and implement the rules. The Commission’s proposed amendments should not be seen as deregulation, but rather as concessions on a practical level. As the majority of corporate obligations remain unchanged, companies are well advised to review their particular obligations and keep an eye on what has been implemented and what not.
Furthermore, the digital omnibus is, at this stage, merely a proposal by the Commission and will initially be referred to the European Parliament and the Council of the European Union for further deliberation. Several Members of Parliament called for further debate even before the proposal was published, making it likely that some points may be amended or deleted during the upcoming negotiations. The amendments will become law only after they have been approved by a qualified majority in the Council of the European Union and by a majority of the European Parliament, making it unlikely that the amended Act will enter into force before mid-2026.
Forward
