Contact Us

The EU Digital Omnibus on AI: All You Need to Know About The Proposed Amendments to the EU AI Act

  • Home
  • The EU Digital Omnibus on AI: All You Need to Know About The Proposed Amendments to the EU AI Act
EU Digital Omnibus on AI

Summary

On 19 November 2025, the European Commission (the “Commission”) published its Digital Omnibus on AI, a legislative proposal to streamline implementation of the EU Artificial Intelligence Act (the “Act”). The proposal addresses delays in harmonized standards and guidance while adjusting compliance timelines and reducing administrative burdens.

Key points:

  • High-risk AI system compliance deadlines extended, conditional on availability of standards and guidance, with backstop dates of 2 December 2027 for standalone high-risk use cases and 2 August 2028 for AI embedded in regulated products.
  • Registration requirements eliminated for AI systems deemed not high-risk under Article 6(3).
  • Small and Medium Enterprises (SME) benefits extended to small mid-cap companies, with simplified quality management system requirements.
  • AI Office gains exclusive enforcement powers over general-purpose AI models and systems integrated into very large online platforms.
  • AI literacy obligations shifted from providers to member states and the Commission.

What Is the Digital Omnibus on AI?

The Digital Omnibus on AI is a legislative proposal that amends specific provisions of the EU Artificial Intelligence Act. The term “omnibus” refers to a legislative tool used to amend multiple provisions simultaneously.

The AI Act, adopted as Regulation (EU) 2024/1689, established a comprehensive regulatory framework for artificial intelligence. Industry feedback revealed implementation challenges: businesses faced uncertainty about risk classifications, and essential support infrastructure, including harmonized standards and official guidance, remained incomplete.

In several member states, competent authorities responsible for enforcement had yet to be designated.

The Digital Omnibus addresses these issues through targeted amendments that adjust timelines, clarify provisions, and reduce administrative burdens, developments closely monitored by any artificial intelligence law firm advising on EU regulatory compliance.

How Do the Compliance Timelines Change for High-Risk AI Systems?

Under the original Act, rules for high-risk systems were scheduled to apply from 2 August 2026 for standalone high-risk use cases such as biometric identification and AI used in employment, and from 2 August 2027 for AI embedded in products subject to existing EU safety legislation such as medical devices.

The Digital Omnibus links application of these requirements to the availability of supporting compliance infrastructure.

The rules take effect once the Commission confirms completion of relevant harmonized standards, common specifications, and guidance. Following such confirmation, there would be a six-month transition period for compliance with standalone high-risk use cases and twelve months for AI embedded in regulated products.

If standards development faces delays, backstop dates apply: standalone high-risk use cases from 2 December 2027 and AI embedded in regulated products from 2 August 2028. This provides up to 16 months of additional preparation time.

What Happens to AI Systems Already on the Market?

Under amended Article 111, providers of high-risk AI systems lawfully placed on the EU market before the applicable compliance date may continue to place identical units on the market without retrofitting, provided the design remains unchanged.

Exception: Where legacy high-risk AI systems are intended for use by public authorities, providers must achieve full compliance by 2 August 2030.

The proposal also extends the grace period for transparency obligations under Article 50(2). For systems generating synthetic content placed on the market before 2 August 2026, marking obligations would apply from 2 February 2027.

Are Registration Requirements Changing?

Yes. The Digital Omnibus eliminates registration obligations for certain AI systems. Under the current Act, providers who determine their AI system falls within a standalone high-risk use case but does not pose significant risk under Article 6(3) must still register in the EU database for high-risk AI systems.

The proposal removes this registration requirement. However, providers must document their risk assessments and make them available to market surveillance authorities upon request, an obligation that will require close coordination between product teams and any advising technology law firm.

What Relief Is Available for Smaller Companies?

The Digital Omnibus extends SME benefits to small mid-cap companies (SMCs), defined as entities that meet two of three thresholds: fewer than 750 employees, net turnover of €150 million or less, or balance sheet total of €129 million or less.

The proposal expands simplified quality management system requirements to all SMEs, not only microenterprises. Both SMEs and SMCs may implement quality management systems proportionate to their organization size.

How are Conformity Assessments Clarified?

For AI systems that fall within both categories of AI embedded in products subject to existing EU safety legislation and standalone high-risk use cases, the proposal clarifies that providers must follow the conformity assessment procedures applicable to AI embedded in regulated products.

What Opportunities Exist for Testing AI Systems?

The proposal extends Article 60 testing opportunities to high-risk AI systems embedded in regulated products, allowing providers of AI embedded in regulated products to conduct controlled trials before full certification.

The Commission’s AI Office would gain authority to establish an EU-level regulatory sandbox for general-purpose AI models, complementing existing national sandboxes. Member States must strengthen cross-border cooperation on sandbox initiatives.

How Does Enforcement Change Under the Proposal?

The AI Office would have exclusive competence for supervision and enforcement of:

  • Annex III AI systems based on general-purpose AI models where the model and system are developed by the same provider
  • AI systems integrated into very large online platforms or very large online search engines under the Digital Services Act

For such systems classified as high-risk and subject to third-party conformity assessment under Article 43, the Commission would conduct pre-marketing conformity assessments. This shifts enforcement from member state authorities to centralized oversight.

What Changes Apply to AI Literacy and Bias Mitigation?

The current Act requires all providers and deployers to ensure sufficient AI literacy among their staff. The Digital Omnibus removes this direct obligation, instead requiring the Commission and member states to encourage such measures.

The proposal broadens the existing permission to process special category data for bias detection and correction.

While the current Act limits this to high-risk AI systems, the Digital Omnibus extends it to all AI providers, deployers, systems and models, regardless of risk classification. For high-risk systems without model training, the derogation is limited to dataset testing.

What Does the Digital Omnibus Fail to Address?

Despite offering some procedural relief, the proposal leaves several critical industry concerns unresolved:

  • Lack of definitional clarity – Essential terms like “provider” remain ambiguous in the Act itself, with clarification relegated to non-binding guidelines that cannot provide legal certainty. This includes uncertainty around downstream modifications of general-purpose AI models.
  • Redundant fundamental rights assessments – The proposal retains Article 27’s fundamental rights impact assessment requirement despite significant overlap with existing GDPR data protection impact assessments. An enhanced single assessment would eliminate unnecessary duplication.
  • Limited research exemptions – The research exemption excludes real-world testing and applies only to systems developed for the “sole purpose” of scientific research, potentially excluding systems whose research outputs inform commercial development like pharmaceuticals or medical devices.
  • Insufficient sandbox benefits – While the proposal expands regulatory sandboxes, it fails to empower competent authorities to certify tested systems as compliant, which would create a meaningful presumption of conformity and genuine regulatory value.
  • Risk of fragmentation – Article 82 still permits national authorities to impose additional measures beyond the Act’s requirements when compliant systems are deemed risky, threatening regulatory consistency across member states.

What is the Legislative Timeline?

The Digital Omnibus on AI must proceed through the EU’s ordinary legislative procedure, with consideration by the European Parliament and the Council of the European Union. The legislative process is expected to take several months.

The Commission submitted the AI-specific amendments as a standalone package separate from the broader Digital Omnibus regulation. This separation is intended to accelerate adoption.

Adoption before August 2026 is necessary to avoid a scenario where the original high-risk AI requirements take effect before supporting standards and guidance are available. Delays could result in compliance obligations without access to necessary technical specifications and guidance.

Key Takeaways

The Digital Omnibus on AI recalibrates the EU’s approach to artificial intelligence regulation by addressing practical implementation challenges.

The proposal extends compliance timelines conditional on standards availability, simplifies registration and documentation requirements, and centralizes enforcement for significant AI systems.

Businesses developing or deploying high-risk AI systems gain additional preparation time, but must remain ready for earlier application if the Commission determines that adequate compliance support exists, particularly where AI governance overlaps with obligations typically handled by a data protection law firm and lawyers advising on EU regulatory risk.

Authors: Shantanu Mukherjee, Alan Baiju

Other Posts

Our Clients

Spektar
Engrail
UltraHuma
WSA
Kelix
Karkinos
Trampoline-1
Power
temple
Konfer-1
Xplorazzi
SBS-1

Awards & Recognitions

Add Your Heading Text Here
Add Your Heading Text Here
Add Your Heading Text Here
Add Your Heading Text Here
Add Your Heading Text Here

Testimonials

My relationship with Ronin Legal and Shantanu has advanced exponentially in a very positive direction in a very short time. The Ronin team is zealous in their partnership with us to advance the mission of our small start-up to become a world leader in neuroscience development. Ronin has taken the lead with review of our legal and technical documents and contracts. They are subject matter experts in general counsel services across our global environment. It is a pleasure to work with a team that is pragmatic and responsive in all circumstances. They are second to none.

Janet Flisak

Executive Director, Clinical Development, Engrail Therapeutics

Shantanu and the team at Ronin have been invaluable partners for our investment firm’s expansion into co-development of specialty pharmaceutical drugs. As we made the transition from more traditional VC investing to direct drug development collaborations, the team at Ronin have utilized their deep domain expertise in cross border pharma to help us set up an effective and compliant structure for our project. I would highly recommend Ronin to any organization in the life sciences space that is looking for legal partners with in depth understanding of the various nuances of this dynamic sector.

Zarvaan Merchant

Managing Director, Spektar Therapeutics

I’ve been very happy with Ronin’s ability to ramp resources up or down depending on what we require in a particular week or month. In addition, the ability to connect with multiple lawyers across jurisdictions quickly (US, UK, UAE, Singapore), help us to assess international law firms and then work with them to get the best legal advice is very appreciated.

Bhuvan Srinivasan

Chief Business Officer, Ultrahuman

Shantanu and the Ronin team have been very pragmatic and responsive business partners, working with Konfer – an agentic genAI product for confident continuous compliance to Regulations. They analysed the state of AI regulation in various countries, and reviewed the EU AI Act and other relevant AI legislation offerings of our product. The team’s ability to align complex legal information to product offerings has been invaluable to us. Ronin Legal has negotiated our business contracts for partnerships. They’re solution-oriented and cost-effective, and I would highly recommend Ronin Legal to startups and tech companies everywhere, and especially those building AI powered businesses.

Debu Chatterjee

CEO, Founder, Konfer.AI.

I have worked with the Shantanu, and his team, for a number of years during which time his insight and acumen have helped us greatly in the negotiation of a number of pharmaceutical licensing agreements and in the formation of new subsidiaries. I thoroughly recommend Ronin Legal to anyone seeking advice and guidance in pharmaceutical deal making.

Damon Smith

Chairman, Altus Group of Companies

Shantanu and team Ronin were meticulous, detailed, persevering and most importantly batting entirely for our side through our seed round fundraise and beyond. They were always approachable, available and balancing principle with pragmatism. I would highly recommend the team for any startup related legal matter.

Abhik Ghosh

Founder, 26 Décor

First of all, of behalf of SIIX Corporation, we wish to congratulate you & team on the launch of your new website!

 

We are very happy to be engaged with you & your professional team on our business venture in India and on establishing our JV initiatives. With your expertise, integrity, and commitment to providing trusted legal guidance, we truly believe to achieve our goals and successfully complete our JV partnership and, to expand our business in India with your support.

Shanmugam Gurusamy

Managing Director, SiiX India Private Limited

Ronin Legal has become an integral part of our deal process. Their solution-oriented mindset, combined with consistently high-quality work and exceptional responsiveness, makes contract negotiations smoother and more efficient. They truly understand our business needs

Dr. Madeha Khan

Working with Shantanu and Ronin Legal has been truly transformative for my startup. From our very first meeting, Shantanu stood out with his approachable manner and deep commitment to understanding my business. He consistently showed genuine interest and empathy, always providing clear, practical advice that’s perfectly tailored to our needs.

 

What truly sets Shantanu and Ronin Legal apart is their unique blend of legal expertise and a true partnership mindset. They deeply understands the challenges of building a startup, cutting through jargon to give advice that’s actually useful and helping us avoid costly mistakes without any pressure. It feels less like a traditional client relationship and more like having a dedicated co-pilot invested in our journey. They have become an invaluable ally, that we trust and depend on.

Tani Tasopoulou

Founder & CEO, OrgDesignWays Consulting

I cannot speak highly enough about the exceptional service provided by Ronin Legal. Their team made what could’ve been a complicated and stressful IP process feel smooth and manageable. From the outset, their team demonstrated a deep understanding of intellectual property law, offering not only expert legal guidance but also a strategic mindset advising on protection of our brand in various regions. They were responsive, thorough, and truly acted as partners in safeguarding our IP assets. Their attention to detail, clarity in communication, and professionalism gave us complete confidence throughout the process thus far. I wouldn’t trust anyone else with our intellectual property.

Karen Liao

The Wrong Gym

In The Media

How the UAE Ensures Your Biometric Data is Protected: A Closer Look
What Biden's Support To TRIPS Waiver Proposal Means For The Fight Against Covid-19 Pandemic
Deep Pockets, Strong Relations: Corporate Hope for COVID Shots
Jab of Indemnity: A Lowdown on Why This Features on Pfizer, Moderna Wish List
Slouching towards oversight - artificial intelligence and the law
Fitness Wearables and the Law Part III: India
E-pharmacies and the law: an uneasy balance
America’s AI Action Plan: A Heady Cocktail of Techno-optimism, Culture Wars and Geopolitics
The Increased Need to Protect Health Data Privacy in a post- Roe World
Oracle, Cerner, and the Quest for Health Care Data
The ADGM’s New Cyber Risk Management Framework: A Closer Look
Fitness Wearables and the Law in EU
How Do We Regulate Chatbots? A Closer Look
How is Biometric Data Protected Under Indian Law?
Is Your Watch FDA Approved? Fitness Wearables and the Law
Cabinet Decision No. 35 of 2025: When Do Foreign Entities Owe UAE Tax?
The Regulation of Telemedicine: A Global Comparative Analysis
View All

Legal updates

Netflix And Paramount Battle for Warner: Part 2
December 17, 2025

Netflix And Paramount Battle for Warner: Part 2

The EU Digital Omnibus on AI: All You Need to Know About The Proposed Amendments to the EU AI Act
December 17, 2025

The EU Digital Omnibus on AI: All You Need to Know About The Proposed Amendments to the EU AI Act

Netflix And Paramount Battle for Warner: Part 1
December 12, 2025

Netflix And Paramount Battle for Warner: Part 1

View ALL

Stay Updated.

To subscribe to our newsletter, click on the link below

SUBSCRIBE NOW

Copyright © 2025  |  Ronin Legal   |   Website Maintained by LawStrings Management  |  Privacy Policy  |  Cookie Policy  |  Terms of Use

Leave Us A Message

Cookie Consent with Real Cookie Banner