Scope

The Digital Omnibus on AI proposal aims to streamline and simplify the implementation of harmonised rules on artificial intelligence by amending the AI Act and related instruments. The proposal responds to practical implementation challenges experienced since the AI Act’s adoption, targeting unnecessary compliance burdens, anticipated delays in standards and guidance, and issues especially impacting SMEs and small mid-cap companies (SMCs).
These changes are part of a wider package to ensure smoother, more innovation-friendly application of the EU digital rulebook, aligning with reforms in data governance, cybersecurity, privacy, and digital markets.

Relevance

The AI Digital Omnibus is relevant for any organisation developing, providing, deploying, or using AI systems in the EU and EEA, including Norway. It particularly eases compliance for innovative enterprises, especially SMEs and SMCs, lowers regulatory friction for research and industrial testing, ensures legal certainty on the use of personal data in bias detection, and streamlines oversight and enforcement.

Norway has recently held a public consultation regarding a national law to implement the original AI Act. However, the Omnibus proposal introduces significant changes to the timeline and content of the EU AI Act’s implementation. It is likely that Norway’s implementation timeline will also need to be reconsidered (originally estimated to become in force in autumn 2026).

Key obligations

Key proposed amendments to the AI Act include delayed implementation of the rules regarding high-risk AI systems, proposed to enter into application once the Commission confirms the availability of harmonised standards, common specifications, or Commission guidelines, with a defined maximum deadline (2 December 2027/2 August 2028). Further amendments include:

• Regulatory simplifications and privileges for SMEs are extended to SMCs, including simplified technical documentation, reduced quality management requirements, and special consideration in penalties and guidance.
• Establishment of a specific legal basis for providers and deployers of all AI systems to process special categories of personal data (with strict safeguards) when necessary for bias detection and correction.
• Conformity assessment bodies proposed being able to submit a single application and undergo a single assessment procedure for both the AI Act and relevant sectoral product legislation, reducing duplicative processes.
• Oversight and enforcement to be concentrated in the AI Office for (i) all AI systems based on general-purpose AI (GPAI) models developed by the same provider; (ii) AI systems embedded in or constituting designated very large online platforms or search engines (per the Digital Services Act)
• Broader opportunities for real-world testing, including voluntary agreements for cross-border testing, and the establishment of an EU-level AI regulatory sandbox by the AI Office (with priority for SMEs and SMCs).
• Providers whose systems are classified as non-high-risk are relieved from multiple administrative obligations.