AI Act Omnibus VII: The EU Simplifies, but Do Companies Really Have More Time?
On March 13, 2026, the EU Council approved its position on the "Digital Omnibus", part of the Omnibus VII legislative package proposed by the Commission on November 19, 2025, to simplify AI Act implementation. New deadlines, new prohibitions and a strengthened role for the AI Office: here's what actually changes.
📅 New Timelines: Key Dates Are Shifting
The most relevant change for businesses involves the potential postponement of deadlines for high-risk AI systems:
| Category | Current Date (AI Act) | Note |
|---|---|---|
| High-risk standalone AI systems (Annex III) | August 2, 2026 | May be postponed to December 2, 2027 if the reform passes |
| High-risk AI systems embedded in products (Annex I) | August 2, 2027 | May be postponed to August 2, 2028 |
| National AI Regulatory Sandboxes | August 2, 2026 | No postponement proposed |
Important note: the dates proposed by the Council are "backstops" — maximum deadlines. Rules could enter into force 6-12 months after the Commission confirms the availability of harmonized standards. Standards could therefore arrive before the dates shown above. However, the Omnibus proposal still needs to complete the trilogue with the European Parliament.
Key Additions by the Council
The Council introduced several significant changes beyond the Commission's original proposal:
- New explicit prohibition: AI-generated non-consensual sexual/intimate content and CSAM (child sexual abuse material) is now banned. This goes beyond the Commission's original proposal.
- Mandatory registration in the EU database even for high-risk systems that consider themselves exempt from classification.
- "Strict necessity" standard for processing sensitive personal data for bias detection purposes.
- Clarification of AI Office competences:
- Exclusive competence over AI systems based on GPAI models
- Exclusive competence over AI in Very Large Online Platforms (VLOPs) and search engines
- Exception: national authorities remain competent for law enforcement, border management, judiciary, and financial institutions
- Commission obligation to provide specific guidance to minimize compliance burden.
Simplifications for Businesses
| Measure | Benefit |
|---|---|
| Extended SME exemptions | Small mid-caps (SMCs) now also benefit |
| Regulatory sandboxes | Easier access for real-world testing |
| Strengthened AI Office powers | Less governance fragmentation |
| Centralized GPAI supervision | Single point of contact for providers |
Context: The "Digital Omnibus"
The Omnibus VII package includes two regulation proposals:
- Simplification of the EU digital legislative framework
- Simplification of AI Act implementation
The Commission also launched the "Digital Fitness Check," a public consultation (closed March 11, 2026) to analyze the interaction between various digital regulations: AI Act, DSA, DMA, GDPR, NIS2, DORA, and others.
Next Steps
- The Polish Council Presidency will launch negotiations with the European Parliament
- Trilogue (Council + Parliament + Commission) will begin
- Final adoption of the regulation
Our Take
The deadline extensions shouldn't be misleading: companies dealing with high-risk AI systems must continue preparing. The backstop dates are fixed, but harmonized standards could be ready sooner than expected, triggering early application of the rules. The centralization of competences in the AI Office reduces fragmentation but increases the importance of structured dialogue with Europe's new AI supervision "superpower."
For SMEs and small mid-caps, the expanded exemptions offer concrete relief, but it's essential to understand exactly where your organization falls within the regulatory perimeter.
Want to understand how the new deadlines impact your organization?
Tomato Blue provides gap analysis and advisory on AI Act and regulatory compliance. Contact us for a personalized assessment.
Contact Us