The European Union has developed an extensive digital regulatory framework covering areas such as artificial intelligence, data governance and cybersecurity, among others. To strengthen the competitiveness of European businesses and simplify the application of existing digital rules, the European Commission presented the Digital Package on 19 November 2025. The package includes the Digital Omnibus proposals, the European Data Union Strategy and the proposal for a European Business Wallet framework. Together, these initiatives aim to reduce regulatory fragmentation and administrative burdens, improve the coherence of EU digital legislation and facilitate compliance for businesses operating within the Digital Single Market, while maintaining high standards for data protection, cybersecurity and fundamental rights.
The Digital Omnibus is a legislative initiative designed to simplify and streamline Europe’s digital regulatory framework. Presented by the European Commission on the 19th November 2025, the Digital Omnibus brings together targeted updates to existing rules on data regulation, cybersecurity and artificial intelligence, aiming to reduce overlaps while maintaining high standards for fundamental rights, data protection and innovation.
Alongside the legislative package, the Commission launched the Digital Fitness Check, a broader evaluation examining how EU digital laws interact and what their combined impact is on people, businesses and public authorities. Public consultation ran from 19th November 2025 until 11th March 2026, gathering input on stakeholders’ practical experience and overlapping obligations, cumulative compliance requirements and areas of unnecessary regulatory complexity.
Following this phase, the Council of the European Union and the European Parliament adopted on 13th March 2026 and 26th March 2026 their respective positions on the digital omnibus proposal, introducing amendments to the AI Act:
HIGH-RISK AI SYSTEMS
- New prohibitions on AI practices involving the generation of non-consensual sexual and intimate content
- The original application date for many high-risk AI obligations under the AI Act was set for 2nd August 2026. New deadlines have been introduced for the application of the rules for high-risk AI systems:
- 2nd December 2027 for standalone AI systems
- 2nd August 2028 for AI systems covered by EU sectoral legislation on safety and market surveillance
GOVERNANCE
- The council proposes to postpone regulatory sandboxes’ establishment, with a fixed deadline set for 2nd August 2027
- The council proposes exceptions to the competences of the AI Office for the supervision of AI systems based on general-purpose AI models where the model and that system are developed by the same provider, specifying that national authorities should retain competence for law enforcement, border management, judicial authorities and financial institutions.
PERSONAL DATA
- The Digital Omnibus allows service providers to process special categories of personal data to detect and correct biases in AI systems, where strictly necessary.
SUPPORT TO ENTERPRISES
Digital Omnibus introduces simplification measures aimed at ensuring greater proportionality in the application of AI rules for enterprises.
- The parliament and the council agreed on the extension of support measures previously available to small and medium-sized enterprises to small mid-cap enterprises.
- To prevent overlapping application of sector-specific EU product safety rules and the AI Act, the Parliament proposes streamlined and simplified compliance obligations under the AI Act for products already regulated under sectoral laws (e.g., medical devices, toys, lifts, machinery and watercraft).
- The Council introduces an obligation for the European Commission to issue guidance to businesses to minimise compliance burdens.
TRANSPARENCY
- Under the original AI Act, registration obligations applied only to high-risk AI systems. The Council reinstates a registration obligation for providers that consider their AI systems to be exempt from being classified as high-risk.
- 2nd November 2026: Parliament set a new deadline for providers to comply with rules on watermarking AI-created audio, image, video or text content to indicate its origin.
With both the Council of the European Union and the European Parliament having adopted their respective positions on the AI Omnibus, the proposal has entered the decisive trilogue phase — the final stage of negotiations before the formal adoption of a consolidated legislative text.
On 7th May 2026, the Parliament and Council negotiators reached a provisional agreement on the AI Act amendments. A compromise was reached on the interplay between the AI Act’s rules for industrial AI and sectoral legislation, introducing a mechanism to resolve overlaps by limiting the AI Act’s application in those cases through implementing acts. New deadlines for the application of watermarking rules and the establishment of regulatory sandboxes were set at 2nd December 2026 and 2nd August 2027, respectively.
The provisional agreement must now be endorsed by the Council and the European Parliament before being submitted to a legal/linguistic revision with a view to the formal adoption of the legislative act by the co-legislators in the coming weeks.
If the Omnibus amendments are not formally adopted prior to 2 August 2026, the relevant provisions of the original AI Act scheduled to apply from that date, including many high-risk obligations, would apply according to the original timeline.
