EU Digital Omnibus Proposal (2025-11)
⚠️ This page tracks a legislative proposal (not yet adopted). The Digital Omnibus is still under consideration in the European Parliament and Council. This page is based on the Commission’s 2025-11-19 version; provisions may change in the final text.
Summary
Section titled “Summary”The Digital Omnibus Package, released by the Commission on 2025-11-19, is a simplification package spanning several digital laws. Its core rationale is to respond to industry concerns about “excessive regulatory complexity” and “insufficient preparedness for AI Act application.”
The most consequential proposal: delaying the AI Act high-risk system obligations (Chapter III) by up to 16 months to 2027-12.
Triggering context
Section titled “Triggering context”By 2025-07-10 (the AI Act’s original deadline for member states to designate national competent authorities), only 3 of 27 member states had completed all designations (Lithuania, Luxembourg, Malta). Key countries (Germany, France, Italy, Spain, Austria) had not.
Consequences:
- AI Act cannot effectively apply in 2026-08 without national enforcement bodies
- Industry (especially SMEs) faces intense compliance-time pressure
- U.S. political pressure (the Trump administration opposes the Brussels Effect and pushes for delay)
Core proposals
Section titled “Core proposals”1. Delay of AI Act high-risk provisions
Section titled “1. Delay of AI Act high-risk provisions”Chapter III (Annex III standalone high-risk use cases), originally to apply on 2026-08-02, is deferred to 2027-12 (up to 16 months).
Affected provisions:
- Article 6 high-risk classification
- Articles 8-15 high-risk obligation matrix
- Articles 17-27 provider / deployer obligations
- Articles 40-49 conformity assessment and registration
Not delayed:
- Article 5 prohibited list (already applicable 2025-02-02)
- Article 50 transparency obligations (scheduled 2026-08-02)
- Articles 51-56 GPAI obligations (already applicable 2025-08-02)
- Annex I embedded high-risk in products (original 2027-08-02 unchanged)
2. Simplified compliance burden
Section titled “2. Simplified compliance burden”- Simplified documentation for high-risk impact assessments
- Reduced field count for EU database registration
- More optional paths for conformity assessment
3. SME support
Section titled “3. SME support”- EU-wide mandatory regulatory sandboxes (member states must provide them)
- Compliance-cost subsidies
- Simplified templates
4. Minor adjustments to other Digital legislation
Section titled “4. Minor adjustments to other Digital legislation”- Data Act implementation details
- DSA VLOP designation threshold review
- Cyber Resilience Act transition period
Legislative procedure
Section titled “Legislative procedure”| Stage | Timing (estimated) |
|---|---|
| Commission proposal | 2025-11-19 ✅ |
| Parliament first-reading position | 2026-Q2 / Q3 |
| Council position | 2026-Q3 / Q4 |
| Trilogue | 2026-Q4 / 2027-Q1 |
| Political agreement | 2027-Q1 / Q2 (earliest) |
| Formal adoption | mid-2027 |
Risk: if legislation drags past 2026-08, AI Act Chapter III applies on the original schedule and would then be retroactively amended.
Controversy
Section titled “Controversy”Supporters (industry + some member states)
Section titled “Supporters (industry + some member states)”- Industry associations such as DigitalEurope: welcome the simplification
- Germany, France, Spain, Austria (non-designation states): need more time
- Meta, Google, Microsoft: publicly supportive
- U.S. government: actively pushing (a Trump diplomatic priority after EO 14179)
Opponents (civil society + some MEPs + some member states)
Section titled “Opponents (civil society + some MEPs + some member states)”- EDRi, Algorithm Watch, Access Now and other civil society groups: view this as a retreat of the Brussels Effect
- Part of the European Parliament’s GPAI coalition: Mueller, Benifei, and others publicly critical
- Nordic states (Sweden, Denmark, Finland): skeptical of the delay
Practical impact on companies
Section titled “Practical impact on companies”Short term (as of 2026-04):
- AI Act continues on its original schedule (GPAI applied 2025-08, prohibited list applied 2025-02)
- Signing and complying with the GPAI CoP remains the focus for 2026
- High-risk AI system compliance preparation need not accelerate (pending Omnibus finalization)
Medium term (H2 2026 - 2027):
- Omnibus adopted → high-risk provisions delayed to 2027-12; companies gain an extra 16 months of preparation
- Omnibus not adopted → 2026-08-02 applies per original AI Act schedule → member-state enforcement fragmentation becomes visible
Relationship with other jurisdictions
Section titled “Relationship with other jurisdictions”- U.S. Trump AI Action Plan + EO 14365: push for EU-U.S. “deregulatory alignment”
- China’s AI Safety Governance Framework 2.0 (2025-09): China chose self-initiated acceleration of systematizing governance — a contrast with EU deferral
- UK: continues to support the AI Safety Institute path, distinct from the EU delay
Text and archives
Section titled “Text and archives”| Source | Link |
|---|---|
| Commission official press release | digital-strategy.ec.europa.eu |
| Digital Omnibus comprehensive analysis | IAPP, Covington, WilmerHale, and others |
| IIEA EU digital agenda 2025-2026 | iiea.com/blog/eu-digital-policy-2025-2026 |
Version history
Section titled “Version history”| Date | Event |
|---|---|
| 2025-11-19 | Commission released the proposal |
| 2026-Q2+ | Parliament consideration (expected) |
| Mid-2027 | Earliest adoption date (if smooth) |