EU Unveils AI Omnibus: Sweeping Simplification of Digital Rules to Boost Innovation and Cut Costs

The European Commission has launched the “AI Omnibus,” a landmark legislative package designed to streamline the implementation of the EU’s Artificial Intelligence Act (AI Act), reduce compliance costs and foster innovation across the continent. The AI Omnibus is a central pillar of the broader Digital Omnibus package, which also includes the Data Union Strategy and the new EU Business Wallet.

A new era for digital regulation

The Digital Omnibus package aims to harmonize and simplify rules on data, cybersecurity and AI, unlocking high-quality data for AI development and cutting regulatory paperwork for businesses. The Commission estimates that these measures could save European businesses up to EUR 5 billion in administrative costs by 2029, with the Business Wallet alone expected to unlock EUR 150 billion in annual savings. 

Addressing industry concerns

The AI Omnibus responds to widespread feedback from industry, small and medium-sized enterprises (SMEs) and national authorities about the challenges of implementing the AI Act. Delays in the designation of national authorities, gaps in harmonized standards and complex overlaps with other EU digital laws have created legal uncertainty and administrative burdens.

Margrethe Vestager, Executive Vice-President for A Europe Fit for the Digital Age, commented: “With the AI Omnibus, we are making sure that Europe’s digital rulebook is not only robust but also practical and innovation-friendly. Our goal is to ensure that businesses spend less time on paperwork and more time on what matters: developing trustworthy AI and scaling up in the global market.”

Key simplification measures

• Conditional timelines for high-risk AI: The Omnibus introduces a “stop-the-clock” mechanism for high-risk AI systems. Obligations will only apply once supporting guidelines and standards are in place. For Annex III systems, there is a six-month transition after the Commission confirms readiness, with a final compliance date of December 2, 2027. For Annex I systems, the transition is 12 months, with a deadline of August 2, 2028
• AI literacy and SME relief: The mandatory AI literacy obligation for companies is replaced by a requirement for Member States and the Commission to encourage and support training. Simplified compliance requirements are extended to SMEs and small mid-cap companies (SMCs)
• Registration and monitoring flexibility: Providers of AI systems exempted from high-risk classification will no longer need to register in the EU database. Providers will also have more flexibility in post-market monitoring, relying on voluntary guidance rather than strict harmonized standards

Thierry Breton, Commissioner for Internal Market, said:

“Europe’s businesses, from factories to start-ups, will spend less time on administrative work and compliance and more time innovating and scaling-up, thanks to the European Commission’s new digital package. The AI Omnibus is a concrete step towards a competitive, innovation-driven digital single market.”

Centralized oversight and innovation support

• AI office oversight: The EU-level AI Office will oversee general-purpose AI models (such as ChatGPT) and systems built on them, ensuring coherent application of rules and reducing duplication across Member States
• Regulatory sandboxes and real-world testing: The Omnibus promotes cross-border AI regulatory sandboxes and enables real-world testing agreements between the Commission and Member States, allowing sectors to trial high-risk systems in controlled environments

Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, added:

“We need to make doing business in Europe easier without compromising our high standards of online fairness and safety. We want an innovation-friendly rulebook: both in the way we apply the rules and in simplifying the laws where our objectives can be reached at lower costs and streamlined procedures.”

Data protection and notified bodies

• Bias detection: The Omnibus allows providers to process special categories of personal data for bias detection and correction, subject to strict safeguards and in line with GDPR.
• Streamlined notified body procedures: A single application and assessment process for notified bodies is introduced, along with transitional rules to ensure their availability when the new rules take effect.

How SGS can help: Act now, don’t wait for deadlines

While the AI Omnibus introduces flexibility and may postpone certain compliance deadlines, organizations should not delay their preparations. The complexity of the AI Act and the evolving regulatory landscape mean that early action is essential for risk mitigation, business continuity and competitive advantage.

As a global leader in testing, inspection and certification we are uniquely positioned to support organizations at every stage of their AI compliance journey:

• AI readiness assessments: Help organizations understand their obligations under the AI Act, identify high-risk systems and map out compliance strategies tailored to their business models
• Gap analysis and advisory: With deep expertise in EU digital regulations, we provide gap analyses, practical guidance and hands-on support to close compliance gaps efficiently
• AI assurance and testing: Independent testing and validation of AI systems, ensuring transparency, safety and alignment with EU standards and best practices
• Certification to ISO/IEC 42001 and ISO/IEC 5259-3: Certification services for ISO/IEC 42001 (AI Management Systems) and ISO/IEC 5259-3 (Data Quality Management Systems), helping organizations demonstrate robust governance, risk management and data quality in line with international and EU requirements
• Training and capacity building: Tailored training programs to build internal AI literacy and prepare teams for ongoing regulatory changes
• SGS AI Trust Check self-assessment: We offer the AI Trust Check, a practical self-assessment tool that enables organizations to evaluate their AI systems’ compliance readiness, identify potential risks and prioritize actions for improvement. This self-assessment is designed to empower organizations of all sizes to take the first step toward trustworthy and responsible AI

Even if the final deadlines for compliance are extended, the time to act is now. Early engagement with SGS enables organizations to anticipate regulatory requirements, avoid last-minute rushes and demonstrate a proactive commitment to trustworthy and responsible AI.

With the AI Omnibus, the EU is reinforcing its ambition to be a global leader in trustworthy, responsible AI – balancing innovation, competitiveness and the protection of fundamental rights. We stand ready to guide organizations through this new era, turning regulatory change into business opportunities with internationally recognized certification, assurance services and practical self-assessment tools.

For further information, please contact:

Michal Cichocki
Global Product Manager – AI Assurance Services
Business Assurance
t: +48 22 329 22 22