Brussels wrote the world’s most extensive AI rulebook in 2024, and now the European Commission is seeking to ensure that it can actually be used – without grinding deployment to a halt.
The EU AI Act entered into force on August 1, 2024, framed as a global beacon of safety and rights.
“I believe it’s going to change the world more than anything in the history of mankind. More than electricity,” Taiwanese computer scientist and founding director of Microsoft Research chINA, Kai-Fu Lee, said in a 2019 interview, referring to the future of AI.
On November 19, 2025, the Commission published the Digital Omnibus on AI Regulation, commonly referred to as the “AI Omnibus.” This proposal rewires how parts of the AI Act are implemented, including frameworks for timelines, oversight responsibilities, and the practical steps companies face when they deploy the technology across markets.
What the AI Omnibus is
An “omnibus” proposal bundles amendments across multiple laws to reduce duplication and administrative burden. In this case, the Commission says the goal is targeted simplification, not deregulation, so AI Act implementation can be “timely, smooth, and proportionate.”
In other words, the Commission’s proposal focuses on implementation mechanics instead of a wholesale rewrite of the Act’s risk-based structure.
Regardless, the Act categorises systems by risk and sets strict obligations for “high-risk” uses, including requirements on data governance, human oversight, transparency, and post-market monitoring. The Commission’s overview lays out when different clauses apply and which areas have longer transition periods, but the Omnibus acts as a targeted simplification so as to remove duplication, tighten timelines, and make enforcement more predictable for companies across the board.
The key change: delaying high-risk deadlines
Under the current application timeline, the AI Act becomes generally applicable on August 2 2026, with some provisions phasing in earlier or later; the Omnibus would push parts of the “high-risk” regime further back – a move that has become the centre of a political fight over Europe’s AI strategy.
Reuters reported that the Commission’s proposal could delay the application of stricter rules for high-risk AI systems until December 2027, after companies argued they cannot comply without clearer standards and guidance.
While in conversation with 150sec, Ashley Casovan, managing director of the International Association of Privacy Professionals’ AI Governance Center, said:
“The most significant proposals are related to delaying the timing for implementation of requirements for high-risk systems.”
The Act bans certain uses outright and imposes strict requirements on “high-risk” systems including obligations on data governance, human oversight, transparency, and post-market monitoring. Alternatively, the Omnibus also focuses on implementation mechanics, including when key obligations take effect and how regulators supervise compliance across the single market.
What changes for companies preparing for compliance
For companies building AI governance programmes, the practical question is timing. The Omnibus changes the tempo more than the checklist: risk classification, governance controls, and technical documentation still sit at the centre of compliance, but firms may get more runway to complete them for many high-risk systems.
Casovan said it is “too early to determine” the long-term financial impact. Policymakers are responding to a basic bottleneck: standards and secondary guidance are still incomplete, she explained.
“There is a concern that standards which would help with the implementation of the Act are not yet completed,” the director noted. Euronews had also reported that AI Act technical standards work has slipped behind the original schedule.
Clearer guidance could make compliance more cost-effective because companies would know “more precisely how to meet requirements for their specific context,” Casovan added.
Enforcement could become more centralised
A second flashpoint is enforcement. Companies have long complained about inconsistent interpretation across member states. An IAPP report, for instance, found the Omnibus would clarify the Commission AI Office’s role and expand its supervision and enforcement powers for some systems.
Under the proposal, the AI Office would assume exclusive competence for certain Annex III high-risk systems based on general-purpose models when the same provider develops both the model and the system. It would also take exclusive competence for AI systems that constitute – or are integrated into – a designated very large online platform or search engine under the Digital Services Act.
Casovan explained this would mark a significant shift from the current AI Act, which gives member-state market surveillance authorities a larger role. She added that the draft would also require the AI Office to carry out premarket conformity assessments for some high-risk systems that already require third-party assessment.
Who benefits, and where friction remains
Because the AI Act cuts across industries, the Omnibus does not single out clear “winners.” Casovan explained the clearest effects may land in high-risk areas already listed – including medical applications, education, and finance – if the EU uses the extra runway to publish standards and guidance. She cautioned that the Omnibus may not ease “compliance friction where there are intersecting laws and acts,” however, particularly for firms navigating the EU’s wider digital rulebook.
For companies running content moderation and safety systems across languages, localisation remains a blind spot:
“At present, the proposed changes do not deal with localisation directly,” Casovan said. She added there is “potential for localisation risks to be dealt with in future guidance or standards,” but that work is not in the Omnibus draft.
Why the Commission moved now
The Omnibus shift fits a broader EU push to cut “administrative burdens and regulatory inconsistencies,” a diagnosis echoed in the 2024 Draghi report on European competitiveness.
The Commission has tied its simplification agenda to a wider “digital package” aimed at making European firms easier to scale; its digital rulebook page frames that simplification drive as strategic.
Casovan explained the Omnibus signals that Brussels is taking the competitiveness critique seriously:
“These proposals send the message that the recommendations made in the Draghi report are being taken seriously and that action is required,” she said, adding that it remains to be seen whether lawmakers will adopt the proposals as drafted or push for bigger changes that would alter the AI Act’s balance.
Commission officials have also tried to draw a line between a delay and a retreat. “There is not going to be an overall moratorium on the AI Act. That is not on the table. We are focusing on making the rules work in practice,” Yvo Volman, director of the Data directorate in the Directorate General for Communication Networks, Content and Technology, said at a European Parliament hearing last September.
Timing also reflects wider geopolitical realities and the need for such a package in Europe.
The U.S. and China are moving quickly from AI pilots to production; in July 2025, the White House released America’s AI Action Plan, a strategy built around accelerating innovation, building AI infrastructure, and projecting leadership abroad. China, meanwhile, has pushed an “AI Plus” integration drive. A Chinese government guideline describes plans to deepen AI adoption across key sectors, with targets for significant integration progress by 2027.
Concerns and Criticism
Supporters argue that the Omnibus fixes a practical bottleneck: that companies cannot plan compliance when key standards and enforcement pathways are still moving.
In a joint statement published in January 2026, the European Data Protection Board and the European Data Protection Supervisor said they support the proposal’s general objective of addressing AI Act implementation challenges, while warning that simplification cannot weaken enforceability or rights protections.
Critics, however, have opted for more conservative judgements. For example, AI Chamber, submitted an open letter urging EU lawmakers to expand the simplification agenda further and arguing that treating “AI primarily as a threat” would leave European firms behind on November 19, 2025.
Timeline: EU AI regulation at a glance
The Omnibus proposal still has to move through the EU’s legislative process. If lawmakers adopt it, companies may get more time, but they may also face a more centralised enforcement model and shifting compliance checklists as standards and guidance catch up.
This debate is not going away. Casovan emphasized up that “there continues to be a debate between the preservation of protecting fundamental human rights and the increased adoption of AI.”
The measure, however, will test whether Europe can keep both promises at once. The laws are there, the claims are there; now it’s time to observe where it will ultimately land.
Featured image: Via European Union.