Digital Omnibus Extends EU AI Act Deadlines for High-Risk AI Systems

The European Commission published its Digital Omnibus proposal on November 19, 2025, introducing targeted amendments to the EU AI Act (Regulation 2024/1689). The proposal aims to streamline compliance timelines for high-risk AI systems and reduce the regulatory burden on small and medium-sized enterprises.

The most significant change concerns compliance deadlines for high-risk AI systems. Stand-alone high-risk AI systems classified under Annex III now have an extended deadline of December 2, 2027, while high-risk AI systems embedded in regulated products covered by Annex I receive an extended deadline of August 2, 2028. These extensions give providers and deployers additional time to meet the Act's substantial technical documentation, risk management, and conformity assessment requirements.

The proposal also recalibrates the AI literacy provisions under Article 4. Rather than treating AI literacy as a mandatory obligation, the Digital Omnibus shifts this to an encouragement — a notable change for organisations that had been preparing mandatory training programmes. Additionally, simplified documentation requirements originally intended only for SMEs have been extended to small mid-cap companies, broadening the scope of regulatory relief.

On the institutional side, the proposal expands the competencies of the EU AI Office to supervise AI systems integrated into very large online platforms and very large online search engines, reinforcing centralised oversight for systemically important services.

The legislative process has moved swiftly. The Council of the EU agreed on its general approach on March 13, 2026. Shortly after, on March 18, 2026, the European Parliament's IMCO and LIBE committees adopted their joint report. Trilogue negotiations between the Parliament and the Council have been launched, with rapporteurs Arba Kokalari (EPP, Sweden) and Michael McNamara (Renew, Ireland) leading the Parliament's position.

During Council negotiations, Member States additionally proposed bans on AI-generated non-consensual intimate imagery and AI-generated child sexual abuse material, expanding the Act's prohibited practices provisions.

It is worth noting that despite the expanded role of the EU AI Office, national competent authorities retain responsibility for supervising AI systems in sensitive domains including law enforcement, border management, and financial institutions.

Organisations preparing for EU AI Act compliance should monitor trilogue progress closely, as the final text may adjust deadlines and obligations further. The Digital Omnibus represents the first major legislative revision to the AI Act since its adoption and signals the Commission's willingness to adapt requirements based on implementation feedback.

Source: European Parliament Legislative Train Schedule, "Digital Package — Digital Omnibus on AI".