Digital Omnibus Package: After the Plenary Vote – What’s Next for EU AI?  Part II

Author: Erika Criscione

In our article, “Digital Omnibus Package: How the EU is reshaping the digital landscape – Part I ” we explored the background of the EU’s Digital Simplification Package (the “Digital Omnibus”) and analysed some key proposed amendments to the GDPR, ePrivacy framework and cyber laws. In this second part, we turn to the EU AI Act Omnibus, focusing on latest developments following the plenary vote of the 26 March, through which both the European Parliament and the Council adopted their respective positions on the Commission’s proposed amendments[1] to the Artificial Intelligence Act (AI Act)[2].

Trilogue negotiations are expected to commence shortly, which therefore implies that no amendments have been formally adopted. The original AI Act timeline, including the 2 August 2026 deadline, remains in place.

Implementation Timelines under the EU AI Act Omnibus

The Parliament and the Council have established fixed deadlines for the application of obligations relating to high-risk AI systems, making a clear departure from the Commission’s original approach, which proposed to link the application of these obligations to the availability of harmonised standards and official guidance.

The co-legislators have instead opted for definitive deadlines for the implementation of these obligations.

Under the Parliament and Council’s position, obligations for high-risk AI systems listed in Annex III, including those used in biometrics, critical infrastructure, education, employment, essential services, law enforcement, justice and border management, would apply from 2 December 2027.

For AI systems falling within the scope of EU sectoral product safety and market surveillance legislation (Annex I systems), compliance obligations would be deferred further, applying from 2 August 2028.

At the same time, the co-legislators have taken a more stringent stance on transparency obligations. Providers of AI systems, including general-purpose AI systems, that generate synthetic audio, image, video or text content would be required to comply with watermarking obligations under Article 50(2) by 2 November 2026[3], thereby bringing forward the timeline originally proposed by the Commission (2 February 2027).

Simplification for SMEs and Small Mid-Caps (SMCs)

Another important proposed Commission’s amendment, which has been broadly endorsed by the Parliament, concerns the simplification of rules applicable to SMEs and small mid-cap enterprises (SMCs). These measures include simplified technical documentation, reduced compliance costs, proportionate penalties and streamlined conformity assessment procedures. However, the Parliament tempers this approach by clarifying that such simplifications should apply only where appropriate and must not undermine the overall objectives or level of protection established under the AI Act.

AI Literacy Requirements under the EU AI Act

The original text proposed by the Commission sought to soften the AI literacy obligation mandated under the AI Act by shifting it from a requirement on providers and deployers to a more voluntary, encouragement-based framework led by the Commission and Member States.

The Parliament, however, departs from this approach by reinstating the mandatory AI literacy obligation for providers and deployers although in a more flexible form, requiring them to ensure a “sufficient level” of AI literacy rather than imposing a more stringent or prescriptive standard.

Reduced Registration Burdens

The Commission’s proposal introduces reduced registration burdens for certain AI providers, where providers assess those systems as non high risk. This proposed amendment was rejected by both the Parliament and the Council, which reinstated the registration requirement, while simplifying the information required for registration entries.

Ban on “Nudifier Apps”

Both the Parliament and Council introduce a new prohibited practice under Article 5 of the EU AI Act, on “nudifier” systems that use AI to create or manipulate images that are sexually explicit or intimate and resemble an identifiable real person without that person’s consent.

The ban would not apply to AI systems with effective safety measures preventing users from creating such images.

Data Protection and Bias Detection under the AI Act

The Commission proposal sought to extend the process of special category of data for bias detection, which was originally provided only for high-risk AI systems, to providers and deployers of other AI systems and AI models. In addition, the Commission has lowered the threshold for processing special categories of personal data for bias detection from “strictly necessary” to “necessary”.

The Parliament and the Council broadly accept the extension to providers and deployers of other AI systems and AI models, however only on an exceptional basis and subject to cases where bias is likely to affect health and safety, fundamental rights, or could lead to discrimination prohibited under Union law.

Practical Implications of the EU AI Act Omnibus for Businesses and Individuals

The positions adopted by the Parliament and the Council reflect a calibrated approach: simplification without undermining the regulatory core.

For businesses, the introduction of fixed deadlines for high-risk AI systems and targeted relief for SMEs enhances legal certainty and facilitates more effective compliance planning, while the retention of key obligations, such as registration and risk management, confirms that the AI Act remains substantively robust.

For individuals, this approach strengthens trust in AI by enhancing transparency obligations and introducing new prohibitions, such as the ban on “nudifier” systems, thereby reinforcing protections relating to dignity, privacy and fundamental rights.

Overall, the co-legislators seek to ensure that streamlining compliance does not come at the expense of accountability or user protection.

Conclusion

The proposed amendments under the Digital Omnibus Package reflect an effort to balance simplification with the preservation of key safeguards under the AI Act. However, as the legislative process is still ongoing and no final agreement has been reached, the current AI Act framework remains fully applicable. Stakeholders should therefore continue to monitor developments closely, as the outcome of trilogue negotiations will ultimately determine the scope and timing of any changes.

---

[1] https://www.europarl.europa.eu/doceo/document/TA-10-2026-0098_EN.html

[2] Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024

[3] https://www.europarl.europa.eu/news/en/press-room/20260323IPR38829/artificial-intelligence-act-delayed-application-ban-on-nudifier-apps