AI Act 2.0: The Commission's regulatory remix proposal

Part of the Commission’s omnibus proposal concerns amendments to the EU AI Act, which has certain provisions already in force while other provisions are yet to come into force.

The proposal aims to strengthen the Union’s competitiveness and significantly reduce the regulatory burden on individuals, businesses, and administrations while maintaining high standards that promote the Union’s values. Following stakeholder consultations, the Commission identified key areas presenting implementation challenges, most notably: the slow designation of national competent authorities and conformity assessment bodies, and the lack of harmonised standards for the AI Act’s high-risk requirements, guidance, and compliance tools.

Key amendments proposed to the AI Act include:

1. Pushing The Timelines

The proposal includes changes to the following deadlines:

1. High-risk systems: Rules for Annex III high-risk systems currently apply from 2 August 2026. The proposal extends this deadline based on when the Commission determines that necessary compliance support measures are available. Once the Commission makes this determination, entities will have 6 months to comply. Regardless of the Commission's determination, the rules will apply no later than 2 December 2027 under the proposal.

   Rules relating to high-risk systems under Annex I are currently due to apply on 2 August 2027, but the proposal also gives such systems a one-year extension from the date of confirmation of availability of compliance support measures, which will begin to apply no later than 2 August 2028 if the proposals are accepted.

Exemption for high-risk systems already on the market: Currently, Article 111 of the AI Act provides that high-risk systems placed on the market before 2 August 2026 do not have to comply with the AI Act obligations, unless the system undergoes a significant change. The proposal contains amendments to Article 111 that link the exemption period to the timelines under Article 113. 

If accepted, this would mean that Annex III high-risk systems placed on the market prior to 2 December 2027, and Annex I high-risk systems placed on the market before 2 August 2028, will be exempt from the AI Act unless a significant change is made to those systems (or unless earlier timelines apply to their enforcement as noted above).

b. Machine-readable watermarking obligations on providers for AI-generated content: 

The proposal also provides a grace period for machine-readable content marking obligations for generative AI systems under Article 50(2) until 2 February 2027, provided the AI system is placed on the market before 2 August 2026. However, this would mean that AI systems placed on the market after 2 August 2026 would have to comply with the watermarking rules immediately.

2. Removal of Registration requirements for Annex III systems not deemed as high-risk

Currently, Article 6(3) of the AI Act provides an exclusion mechanism for high-risk systems under Annex III where they meet certain conditions, such as being used for narrow procedural tasks, provided they do not involve profiling of individuals.

Where companies assess that their system should not be considered high-risk, they are currently required to register these systems in the EU database. The proposal seeks to remove this registration obligation while maintaining the documentation requirement, meaning companies must still document their decisions and retain these records for potential regulatory scrutiny.

3. AI Literacy Obligation being moved from the entities to the Commission and the Member States

Currently, Article 4 of the AI Act imposes a general AI literacy obligation on providers and deployers of AI systems falling within the scope of the Act. This obligation took effect on 2 February 2025. The Commission proposes to remove this obligation from providers and deployers and instead transfer it to the Commission and Member States.

4. Permission to process special category personal data to de-bias AI Systems

GDPR Omnibus amendment proposal contains an exemption for processing of residual special category data when such processing cannot be avoided despite the measures put in place. That exemption would be relevant when the processing of special category data is not necessary for the AI System to function. Where there is a necessity to process special category data, then an exemption under Article 9(2) GDPR would need to be relied upon. One such exemption is de-biasing high-risk AI systems which is currently a requirement under the AI Act.

The proposal to amend the AI Act, however,  now plans to extend this de-biasing exemption to other types of AI systems as well (i.e. non-high risk systems), which will be subject to strict obligations including ensuring state-of-the-art security and privacy-preserving measures, not transferring or permitting access to special category data by third parties, and deleting the special category data once bias is detected and corrected or the data retention period has expired (whichever comes first).

5. Other Changes

Other proposed changes include: broader use of AI regulatory sandboxes and real world testing; extending regulatory simplifications granted to small and medium-sized enterprises to small mid-caps; centralising oversight of a large number of AI systems built on general-purpose AI models or embedded in very large online platforms (VLOPs) and very large search engines  (VLOSEs) with the AI Office; and the provision of guidelines (some of which were originally intended to come in the form of implementing legislation).

Notably, some of the Commission’s powers to issue implementing acts under the AI Act (such as those concerning post-market monitoring plans) are being replaced with the issuance of guidelines in the proposal which will have less binding power. 

Next steps 

These proposals will now be sent to the European Parliament and the Council (comprising representatives of the 27 EU Member States) for review, amendment and adoption. The Commission is already looking at further simplification initiatives and is undertaking a ‘stress-test’ of the digital rulebook, via a Digital Fitness Check. Stakeholders are invited to provide their views by 11 March 2026.

The overall legislative process is outlined below. 

Legal legislative process:

Late November–December 2025: Late November–December 2025: The European Commission will send its proposals for the Digital Omnibus package to the European Parliament, which will allocate the package to the relevant committee(s). The Committee on the Internal Market and Consumer Protection (IMCO), the Committee on Industry, Research and Energy (ITRE) and the Committee on Civil Liberties, Justice and Home Affairs (LIBE) are likely to play leading roles. Political groups will then nominate a rapporteur and shadow rapporteurs to draft the Parliament’s report in the relevant Committees;

From January 2026: Members of the European Parliament (MEPs) will discuss and table amendments to the proposals during Committee meetings, with the aim of adopting on a final Report by Q1 2026;

Council discussions: In parallel, representatives of the 27 EU Member States in the Council will begin technical talks to prepare their position, known as a ‘general approach’, expected in Q1 2026;

By Q2/Q3 2026: Once the responsible European Parliament Committee(s) adopts their final report and this Report is endorsed by a vote by all MEPs in plenary session, and the Council agrees on its approach, interinstitutional “trilogue” negotiations between the European Commission, European Parliament, and Council will begin—likely in spring 2026—to reach a compromise text on the proposal;

Possible acceleration: This timeline could accelerate if the European Parliament decides to apply its urgent procedure under Rule 170 of its Rules of Procedure, as it has done for previous omnibus packages. This would allow the proposal to bypass the full Committee stage and go directly to a vote during a Parliament plenary session, potentially enabling adoption as early as Q1 2026. This fast-track option reduces opportunities for amendments and shortens stakeholder engagement windows;

Final adoption: Under the standard process, adoption is expected by mid-2026 or Q3 2026, but this will depend on how aligned the Parliament and Council are with the Commission’s initial proposals. This timeline could take longer if the Parliament and Council have significant amendments to the original proposals, or proceed more quickly if the urgent procedure is triggered. 

If you have any queries regarding the Digital Omnibus package, please get in touch with our article contributors.