On 19 November 2025, the European Commission formally published its “Digital Omnibus on AI” (Digital Omnibus on AI Regulation Proposal | Shaping Europe’s digital future), a legislative package designed to refine, simplify and realign selected provisions of the AI Act. The initiative aims to reduce unnecessary administrative burdens, create greater legal coherence and improve the AI Act’s practical applicability—while retaining the EU’s high standards for safety and fundamental rights.
Introduction
On 19 November 2025, the European Commission has now formally presented the Digital Omnibus on AI, a cornerstone of its broader Digital Simplification Package. Far from being a new standalone regulatory framework, the Digital Omnibus on AI is a targeted amending regulation, designed to ensure that the Regulation (EU) 2024/1689 ("AI Act") can be implemented smoothly, consistently and at a pace aligned with Europe’s readiness.
Its publication follows months of consultation with industry, SMEs, civil society and Member States. These consultations revealed that despite broad support for the AI Act’s objectives, organisations are struggling with significant uncertainty: delays in the designation of national authorities, gaps in harmonised standards, and complex interactions between the AI Act and other EU digital laws. The Digital Omnibus on AI directly addresses these shortcomings.
In its essence, the Digital Omnibus on AI is a legislative alignment and simplification instrument, intended to:
- harmonise deadlines,
- streamline overlapping obligations,
- remove unnecessary administrative burdens,
- clarify interactions between the AI Act and other EU legislation, and
- reinforce enforcement structures where centralised oversight is essential.
It therefore functions as a meta-correction to Europe’s rapidly expanding digital rulebook, ensuring coherence across GDPR, the Data Act, the Cyber Resilience Act, the Digital Services Act and sectoral safety legislation.
What the Digital Omnibus on AI Is – and Why It Matters
In EU Law, the term “Omnibus” refers to a legislative tool used to amend several existing regulations at once, ensuring alignment and eliminating contradictions. In the digital context, the Commission employs the Digital Omnibus on AI to revise and integrate rules across the EU’s sprawling digital acquis. It aims to lighten the regulatory load on businesses, enhance legal certainty, and reduce divergent enforcement. Crucially, it does so without reopening the political compromises underpinning the AI Act. The goal is not deregulation, but practical optimisation.
Adjusted Timelines and Transitional Provisions
One of the most significant reforms concerns the timing of obligations for high-risk AI systems. Contrary to earlier expectations, the final Digital Omnibus on AI does not introduce a blanket one-year delay. Instead, it links the entry into application of the high-risk requirements to the availability of harmonised standards, common specifications or Commission guidelines. Once the Commission confirms such availability, high-risk rules will apply 6 months later for Annex III systems and 12 months later for Annex I systems, subject to absolute backstop dates.
These backstop dates are now fixed:
- Annex III high-risk systems: latest by 2 December 2027
- Annex I high-risk systems: latest by 2 August 2028.
A similar transitional regime applies to watermarking obligations under Art. 50 AI Act for synthetic audio, video, image and text content. Only providers of generative AI systems placed on the market before 2 August 2026 benefit from a six-month grace period to integrate technically robust marking tools (until 2 February 2027); systems placed on the market after that date do not receive a general transitional period.
These measures neither reduce obligations nor change core safeguards; rather, they acknowledge that compliance must be technically and institutionally feasible.
Strengthened Role of the European AI Office
The Digital Omnibus on AI significantly enhances the authority of the European AI Office, transforming it into a central enforcement hub for specific categories of AI systems.
The AI Office will now directly supervise:
- AI systems based on a general-purpose AI model where both system and model stem from the same provider;
- AI systems integrated into designated very large online platforms or search engines.
The AI Office gains powers to request documentation, inspect datasets, apply procedural safeguards aligned with Regulation (EU) 2019/1020, oversee real-world testing, assess risks, and impose penalties within the AI Act’s ceilings. It is explicitly empowered to conduct pre-market conformity assessments for AI systems falling under its supervisory scope.
The rationale is clear: these systems are systemic, cross-border and often complex, making fragmented national oversight ineffective. Centralisation promises consistency and legal certainty, particularly for providers operating across multiple Member States.
Regulatory Sandboxes and Real-World Testing
To complement enforcement with innovation support, the Digital Omnibus on AI introduces a dual-layer sandbox structure comprising both national and—for the first time—a formal EU-level regulatory sandbox operated by the AI Office (from 2028 onward).
The EU sandbox—operated by the AI Office—enables cross-border experimentation, especially in sectors where full conformity assessment would otherwise delay innovation. This is particularly relevant in high-investment, safety-critical areas such as transport, medical technology, energy, and advanced manufacturing.
The Digital Omnibus on AI also broadens the possibilities for real-world testing outside sandboxes. Providers of high-risk AI systems, including systems embedded in products governed by the sectoral legislation in Annex I AI Act, may test their AI under controlled real-world conditions, subject to safeguards and oversight. Member States may conclude voluntary testing agreements with the Commission to coordinate such projects.
The aim is to accelerate the development of compliant, safe AI without forcing premature full-scale deployments.
Practical Simplifications and Legal Clarifications
Beyond structural reforms, the Digital Omnibus on AI introduces several important simplifications:
- It eases the database registration obligation by exempting AI systems that nominally fall within a high-risk context but perform only minor, procedural or narrowly constrained tasks
- It modifies the post-market monitoring regime, removing the rigid requirement for a harmonised monitoring plan and replacing it with a flexible framework accompanied by future Commission guidance.
- It transforms training obligations for staff operating AI systems into a responsibility of the Commission and Member States to foster AI literacy under Art. 4 AI Act more broadly - avoiding ill-defined employer duties while retaining the political objective.
- It extends regulatory privileges such as simplified documentation, reduced penalty ceilings and lighter quality-management expectations from SMEs to “small mid-caps”, acknowledging that mid-sized companies face similar proportionality issues.
- It introduces a new explicit legal basis (new Art. 4a) allowing providers and deployers - under strict safeguards - to process special categories of personal data for bias detection and correction where no alternative exists.
Importantly, the Digital Omnibus on AI clarifies that providers may, under stringent safeguards, process special categories of personal data for bias detection and correction where no alternative method exists. This introduces a clearer legal basis for bias testing and strengthens responsible AI development while ensuring strict privacy protections.
Enhanced Clarity, Stronger Oversight and a More Manageable Path to Compliance
With the publication of the Digital Omnibus on AI on 19 November 2025, the European Commission has taken a decisive step towards turning Europe’s AI regulatory framework into a coherent, operational and innovation-friendly system.
The Digital Omnibus on AI does not alter the fundamental architecture or protective intent of the AI Act. Instead, it ensures that the Act can be implemented in a predictable, technically feasible and proportionate manner. Companies benefit from clarity, extended timelines and fewer bureaucratic frictions, but they will also face a more centralised and assertive enforcement landscape - especially where general-purpose AI models and large platforms are concerned.
The message is unambiguous: Europe is committed to trustworthy and human-centric AI, but the regulatory framework must also be workable. Organisations that act early—by updating internal governance, engaging with sandboxes and preparing for AI Office oversight—will be best positioned as the AI Act’s full application phase approaches.
