What Is the EU Digital Omnibus?
The EU Digital Omnibus is a legislative package proposed by the European Commission that amends several EU digital regulations simultaneously. The package covers changes to the EU AI Act, the Product Liability Directive, GDPR's liability framework, and other digital laws. The motivation is regulatory simplification — the Commission described it as a measure to reduce administrative burden and give businesses more time to adapt to new requirements.
For the EU AI Act specifically, the Digital Omnibus proposes two changes to enforcement timelines:
| Obligation Category | Current Deadline | Proposed Deadline |
|---|---|---|
| Standalone high-risk AI systems (Annex III) — CVscreening, credit scoring, biometrics, etc. | 2 August 2026 | 2 December 2027 |
| High-risk AI embedded in Annex I regulated products — medical devices, machinery, vehicles | 2 August 2027 | 2 August 2028 |
If enacted, these changes would give businesses an additional 16 months for standalone Annex III AI and 12 months for embedded product AI. This is significant — but it is not yet law.
Where the Digital Omnibus Actually Stands
To become EU law, the Digital Omnibus must complete the full EU ordinary legislative procedure. The European Parliament's vote on 26 March 2026 was a significant step — but only one step in a multi-stage process.
| Stage | Status (April 2026) |
|---|---|
| European Commission proposal | Completed |
| European Parliament first reading vote (569 in favour, 26 March 2026) | Completed |
| Council of the EU position | In progress |
| Trilogue — negotiation between Parliament, Council, and Commission | In progress — no concluded date announced |
| Formal adoption by Parliament and Council | Not yet |
| Publication in the Official Journal of the EU | Not yet |
| Entry into force | Not yet |
The critical legal question is when trilogue concludes and when the text is published in the Official Journal. The EU AI Act deadline extension proposed in the Omnibus takes effect only when the Omnibus itself enters into force — not when the Parliament votes, not when trilogue begins, and not when it concludes. Publication in the Official Journal typically occurs some weeks after political agreement is reached.
Why August 2026 Remains the Legally Binding Deadline
There are three reasons why businesses cannot safely plan around a deadline extension as of April 2026:
1. Trilogue is uncertain in timing
Trilogue negotiations have no fixed duration. Complex packages involving multiple law changes can take months. There is no publicly announced schedule for the Digital Omnibus trilogue to conclude. If trilogue runs past July 2026, the Omnibus cannot be published in the Official Journal before August 2, 2026 — and the extension does not take effect.
2. The extension is not retroactive
Even if the Omnibus is published on, say, September 1, 2026, the August 2026 EU AI Act deadline would already have passed. The Omnibus would not retroactively legalise non-compliance between August 2 and the date of publication. Businesses that relied on the extension without compliance work in progress could face enforcement exposure from August 2 onwards.
3. National market surveillance authorities are preparing for August
EU Member States are required to designate market surveillance authorities (MSAs) and the EU AI Office has been operational since the Act entered into force. These institutions are not pausing enforcement preparation pending the Omnibus outcome. Post-August 2026 enforcement is expected to begin — initially focused on the most serious non-compliance cases, but increasingly systematic over time.
The deadline is real. Planning for August 2026 on the assumption that the Omnibus will pass in time is not a compliance strategy — it is a gamble. The cost of compliance preparation is modest. The cost of being wrong is up to €15M or 3% of global annual turnover.
The Procurement Dimension: Why the Deadline Exists Regardless of Enforcement
Even if the Digital Omnibus passes and the legal enforcement deadline shifts, the practical compliance deadline remains August 2026 for many businesses. Large enterprise buyers — banks, public sector bodies, major corporates — are already incorporating EU AI Act compliance into procurement requirements. They need their AI vendors to demonstrate compliance before they will sign or renew contracts.
This creates a market enforcement mechanism that is entirely independent of whether the EU AI Office or national MSAs are actively enforcing: if your customer requires EU AI Act compliance documentation as a condition of doing business, you need it regardless of what the law says about enforcement dates.
What to Actually Do Right Now
The correct response to the Digital Omnibus situation is not to pause compliance work — it is to:
- Proceed with compliance as if August 2026 applies — because it does, until it doesn't.
- Monitor trilogue progress — if trilogue concludes with political agreement well before June 2026, there is a realistic chance of publication before August 2. If trilogue shows no signs of concluding by June, plan for August.
- Document your compliance progress — if the deadline is extended but you have compliance work in progress, you are in a defensible position. If the deadline is not extended and you have compliance work completed, you are ready. Either way, documented progress is better than none.
- Do not treat Article 5 as affected — the Digital Omnibus does not propose any change to the Article 5 prohibited AI practices, which have been in force since 2 February 2025. Compliance with Article 5 is already required.
Aurora Trust tracks EU AI Act legislative developments and updates compliance documentation accordingly. If the Digital Omnibus changes the compliance landscape, the platform updates. Starting at €49/month — complete your documentation now, adapt as the law evolves.