By PowerQuant | Updated June 2026 | Reading time: ~8 minutes
What the Digital Omnibus is
The Digital Omnibus on AI is part of the European Commission's 2025–2026 simplification agenda. The proposal emerged after significant industry concern that the harmonised standards underpinning the high-risk conformity-assessment process would not be available in time for the original 2 August 2026 Annex III deadline. On 7 May 2026, negotiators from the European Parliament and the Council of the EU agreed on a provisional text. The package is targeted — it does not rewrite the AI Act; it adjusts specific deadlines and thresholds.
Sources for the agreement: Council of the EU press release, 7 May 2026; European Parliament Legislative Train.
What the Omnibus would change (if formally adopted)
1. Annex III stand-alone high-risk: deferred to 2 December 2027 (proposed; not yet adopted)
The most significant proposed change is a 16-month postponement of the applicability of Chapter III obligations for stand-alone Annex III high-risk AI systems — including the HR and employment category at Annex III, point 4. Under the proposal, the new date would be 2 December 2027 (proposed; not yet adopted). The earlier Commission proposal that linked the deferral to the availability of harmonised standards was replaced in the trilog with a fixed date.
This would affect Article 26 deployer obligations (instructions for use, human oversight, log retention, worker information, affected-person disclosure), Article 27 FRIA, CE marking and conformity assessment, and the EU database registration requirements for Chapter III systems — but only for stand-alone Annex III systems, and only once the amendment is formally in force.
Separately, high-risk AI systems embedded in products covered by EU harmonisation legislation (Annex I) — such as medical devices or machinery — are proposed to be deferred to 2 August 2028 (proposed; not yet adopted). This is unlikely to affect most HR-tech deployers.
2. SME threshold raised (proposed; not yet adopted)
The simplified-provider rules that currently apply to small and medium-sized enterprises (under 250 employees and below €50M turnover) would be extended to companies with up to 750 employees and below €150M turnover. For Nordic HR-tech vendors, this would move a material number of mid-market providers from the full provider-obligation track to the lighter SME track. It does not reduce deployer obligations.
3. Targeted administrative simplifications (proposed; not yet adopted)
The package includes reductions in certain registration, technical-documentation, and reporting requirements for specific categories of providers and deployers. The precise scope of these simplifications will be clear only from the final text as published in the Official Journal.
4. Prohibited AI practices: new ban on non-consensual sexual content and CSAM
The trilog agreement added a new prohibited practice covering AI systems that generate non-consensual sexual and intimate content and child sexual abuse material (CSAM). This does not affect HR-tech deployers but is part of the agreed package.
What the Omnibus would NOT change
Article 50 — transparency obligations: binding from 2 August 2026
Article 50 transparency obligations — chatbot disclosure (Art. 50(1)), machine-readable marking of AI-generated content (Art. 50(2)), emotion-recognition notice (Art. 50(3)), and deep-fake / public-interest text disclosure (Art. 50(4)) — apply from 2 August 2026. The Digital Omnibus does not move this date for deployers. For HR deployers, AI chatbots in recruitment, AI-generated candidate communications, and any use of emotion-recognition or biometric categorisation in an employment context must be compliant by 2 August 2026 regardless of the Omnibus outcome.
The Omnibus provisional agreement does include a narrow transitional provision for the provider-side technical marking requirement in Article 50(2) — specifically for providers of generative AI systems that were already on the market before 2 August 2026. That technical-marking grace period applies only to the provider's machine-readable marking duty under Art. 50(2). It does not extend, delay, or reduce any of the deployer-facing disclosure obligations under Art. 50(1), 50(3), or 50(4), which remain binding from 2 August 2026.
Article 4 — AI literacy: has been in force since 2 February 2025
Article 4 is not addressed in the Omnibus. The obligation on deployers to ensure a sufficient level of AI literacy of their staff and other persons dealing with AI systems on their behalf has been in force since 2 February 2025. If your organisation has not implemented a documented AI literacy programme, it is already non-compliant — the Omnibus does not provide relief for this.
Article 5 — prohibited practices: have been in force since 2 February 2025
The prohibitions on social-scoring AI systems, real-time biometric identification in publicly accessible spaces (subject to narrow law-enforcement exceptions), and certain emotion-recognition practices in employment contexts came into force on 2 February 2025. The Omnibus does not change these obligations. The fine ceiling for prohibited-practice violations is €35 million or 7% of global annual turnover — whichever is higher (Article 99(3)).
GPAI obligations (Articles 53–55): unchanged
The obligations on providers of general-purpose AI models — transparency, technical documentation, and (for systemic-risk models) evaluation and adversarial testing — are not proposed to be deferred. For HR-tech deployers, this means the vendor of the foundation model underlying your HR tool continues to carry its GPAI obligations under the original schedule. The Omnibus deferral of your Annex III deployer obligations does not affect what your AI vendor is required to do on the model-provider side.
Fine structure (Article 99): unchanged
The Omnibus does not reduce the penalty ceilings. They remain:
- €35 million or 7% of global annual turnover (whichever is higher) — for prohibited practices under Article 5.
- €15 million or 3% of global annual turnover (whichever is higher) — for non-compliance with Chapter III high-risk obligations and most other provisions, including Article 50.
- €7.5 million or 1% of global annual turnover (whichever is higher) — for supplying incorrect, incomplete, or misleading information to authorities.
A deferral of when obligations apply does not reduce the fine ceiling for violations that occur after the obligation date. The enforcement window simply opens later — it opens at full strength.
What this means practically for HR-tech deployers
The honest strategic read is:
- 2 August 2026 is a real deadline — for Article 50 transparency, Article 4 literacy documentation, and any Article 5 compliance gaps. These are not deferred. Start now if you have not.
- “We can wait until 2027 for Annex III” is only partly true — and only once the Omnibus is formally published. Until then, 2 August 2026 remains the law.
- Enterprise customers will not wait — large employers procuring HR software are including EU AI Act readiness requirements in tender questionnaires in 2026. A deferral in law does not defer a customer's procurement requirements.
- National supervisory authorities will be more mature by December 2027 — the extra 16 months gives data protection authorities and digital-services supervisors time to develop enforcement methodology, guidance, and audit playbooks. When enforcement opens, it will be better targeted than it would have been in 2026.
- The compliance evidence does not change — the artefacts required under Article 26 (AI inventory, oversight records, log retention, worker notices) are the same whether the enforcement date is August 2026 or December 2027. Building them now uses the same resources as building them in 2027; the value is just accrued earlier.
What could still change before formal adoption
A provisional political agreement from a trilog is almost always adopted without substantive change — the three institutions have already agreed. However, legal-linguistic review can adjust specific phrasings, and the formal voting and publication process takes time. The final published text in the Official Journal is authoritative; the provisional agreement is the best available indicator of what it will say.
Watch the European Parliament Legislative Train for the formal adoption timeline. Once the Omnibus is published in the Official Journal, the new dates become law; until then, the dates above remain proposals.
Summary table
| Obligation | Current binding date | Omnibus effect |
|---|---|---|
| Art. 4 — AI literacy | 2 February 2025 | No change |
| Art. 5 — prohibited practices | 2 February 2025 | No change (new CSAM prohibition added) |
| Art. 50 — transparency (all sub-paragraphs, deployers) | 2 August 2026 | No change for deployer disclosure duties |
| GPAI obligations (Arts. 53–55) | 2 August 2026 | No change |
| Annex III high-risk Chapter III obligations for stand-alone systems | 2 August 2026 | Proposed deferral to 2 December 2027 — not yet adopted |
| Annex I embedded high-risk (machinery, medical devices, etc.) | 2 August 2027 | Proposed deferral to 2 August 2028 — not yet adopted |
| Fine ceilings (Art. 99) | Apply to each obligation from its binding date | No change |
Sources
- Regulation (EU) 2024/1689 (EU AI Act), Articles 4, 5, 50, 99, 113 — eur-lex.europa.eu/eli/reg/2024/1689/oj
- Council of the EU — Digital Omnibus provisional agreement press release, 7 May 2026 — consilium.europa.eu
- European Parliament — Digital Omnibus Legislative Train — europarl.europa.eu
- European Commission — Digital Omnibus on AI Regulation proposal — digital-strategy.ec.europa.eu
Note: PowerQuant supplies software and documentation for use in your internal compliance process — not legal advice. The Omnibus is a moving target; verify the publication status before making scheduling decisions that depend on the proposed dates.