Home » The EU AI Act’s Reality Check: Key Proposed Amendments to Simplify and Streamline AI Regulation
Blog 13 min read

The EU AI Act’s Reality Check: Key Proposed Amendments to Simplify and Streamline AI Regulation

Dec 02, 2025 The EU AI Act’s Reality Check: Key Proposed Amendments to Simplify and Streamline AI Regulation

This blog was originally posted on 2nd December, 2025. Further regulatory developments may have occurred after publication. To keep up-to-date with the latest compliance news, sign up to our newsletter.

AUTHORED BY DILA ŞEN, SENIOR REGULATORY COMPLIANCE SPECIALIST, COMPLIANCE & RISKS

The European Union’s landmark Artificial Intelligence Act (EU AI Act), a global first in regulating AI, is already in force, but its most demanding compliance requirements, those governing high-risk AI systems, are still set to apply in the coming years.

Acknowledging stakeholder concerns and implementation delays, the European Commission has published a Proposal for a Regulation on the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI). This proposal, published on 19 November 2025, is a set of highly targeted amendments aimed at enhancing predictability, consistency, and workability for businesses, public authorities, and national enforcement bodies operating within the EU AI legal framework.

On the same date, there was a separate package proposed with the amendments to the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, the Data Act and other digital laws (Digital Omnibus). This blog explores the changes proposed to the GDPR.

Here is a comprehensive breakdown of the key proposed changes.

1. Redefining Application Timelines

The proposal adjusts the application dates for high-risk AI systems to address industry concerns about delays in the creation of necessary standards.

  • Readiness-Based Application (Article 113): The obligations for high-risk AI systems in Chapter III will now apply following a Commission decision that confirms that adequate supporting measures (like harmonized standards, common specifications, and guidance) are available for compliance.
    • For Annex III systems (specific use cases), rules apply six months after this decision, or by December 2, 2027, whichever is earlier.
    • For Annex I systems (AI in regulated products), rules apply twelve months after this decision, or by August 2, 2028, whichever is earlier.
  • Transitional Period for Generative AI (Article 111): Providers of generative AI systems already on the market before August 2, 2026, are granted a six-month window, until February 2, 2027, to comply with the technical obligations for machine-readable marking and detectability (Article 50(2)).
  • Legacy High-Risk Systems (Article 111): The rule for high-risk systems placed on the market before the high-risk requirements apply is clarified, confirming that they generally won’t require re-certification unless a significant change is made to the system’s design.

2. Support for Small and Growing Businesses

The Digital Omnibus formalizes support for a wider range of companies, reducing the administrative load.

  • Extending Privileges to Small Mid-Caps (SMCs) (Article 1, 3, 11, 17, 99): The Regulation introduces formal definitions for SMEs and SMCs. Key regulatory privileges previously granted only to SMEs are now extended to SMCs:
    • They benefit from simplified technical documentation requirements.
    • Their Quality Management Systems (QMS) must be implemented in a proportionate manner to their size.
    • Member States must consider their economic viability when calculating and imposing penalties.
  • Removing Mandatory AI Literacy (Article 4): The binding, horizontal obligation on all providers and deployers to ensure AI literacy among their staff is removed. Instead, the Commission and Member States are required to encourage and foster AI literacy.
  • Removing Minor Registration Burden (Article 6, 49, Annex VIII): Providers who conclude and document that an Annex III system (e.g., in employment, education) is not high-risk (for example, because it performs only narrow or procedural tasks) are exempted from the obligation to register that system in the EU database. The corresponding Annex VIII requirement for registration information is also deleted.
  • Post-Market Flexibility (Article 72): The Commission removes the power to adopt a harmonized template for the mandatory post-market monitoring plan. Instead, it will provide guidance, allowing providers greater flexibility to tailor their monitoring system to their specific organization.

3. Centralized Oversight and Framework Clarity

The amendments reinforce the governance structure, particularly for AI systems that present cross-border or complex risks.

  • Exclusive AI Office Competence (Article 75): The AI Office is granted exclusive supervision and enforcement competence for two critical categories of AI systems:
    • AI systems based on a General-Purpose AI (GPAI) model where the model and the system are developed by the same provider.
    • AI systems that constitute or are integrated into designated Very Large Online Platforms (VLOPs) or Very Large Online Search Engines (VLOSEs), aligning the enforcement with the Digital Services Act (DSA).
  • New Basis for Bias Detection (Article 4a): A legal basis is established to exceptionally process special categories of personal data for the purpose of bias detection and correction, subject to strict privacy safeguards (e.g., anonymization, pseudonymisation, documented necessity). This applies to all AI systems and models.
  • Fundamental Rights Authorities (Article 77): Cooperation is enhanced between market surveillance authorities and public authorities tasked with protecting fundamental rights, allowing them broader and clearer access to necessary information and documentation.

4. Streamlining Conformity Assessment

The process for Notified Bodies (NBs) to gain authorization to assess high-risk AI systems is simplified and structured.

  • Single Application for Notified Bodies (Article 28): Notifying authorities must provide the option for a single application and single assessment procedure for NBs seeking designation under both the AI Act and existing Union harmonisation legislation (Annex I, Section A, e.g., for medical devices). This is designed to eliminate duplication.
  • Prioritizing Sectoral Law (Article 43): If a high-risk AI system is covered by both Annex I, Section A (product law) and an Annex III category (use-case), the provider must follow the conformity assessment procedure required under the Annex I sectoral law.
  • New Annex XIV Codes (Article 30): A new Annex XIV is added, establishing a multi-dimensional list of codes, categories, and corresponding types of AI systems. This list formally defines the scope of competence for each designated Notified Body:
    • AIH Codes (AI Horizontal Codes): Codes covering the underlying AI technologies, such as machine learning that processes structured data, single-modality generative AI, multimodal generative AI, and agentic AI.
    • AIP Codes (AI Product Codes): Codes linked to Annex I product safety legislation.
    • AIB Codes (AI Biometric Codes): Codes specific to Annex III biometric systems.

5. Fostering Innovation and Testing

  • EU AI Regulatory Sandbox (Article 57): The AI Office is empowered to establish an EU-level AI regulatory sandbox for systems under its supervision, offering priority access to SMEs.
  • Expanded Real-World Testing (Article 60): The ability to conduct real-world testing outside a sandbox is extended to high-risk AI systems covered by Annex I, Section A.
  • Voluntary Testing Agreements (New Article 60a): A path is created for voluntary agreements between the Commission and interested Member States to test high-risk AI systems covered by Annex I, Section B (e.g., in civil aviation) in real-world conditions.

These changes collectively represent a shift toward a more adaptable and business-friendly framework, ensuring Europe can remain competitive while upholding its high standards for safe and trustworthy AI.

Stay Ahead Of Regulatory Changes

Want to stay ahead of these regulatory developments?

Accelerate your ability to achieve, maintain & expand market access for all products in global markets with C2P – your key to unlocking market access, trusted by more than 300 of the world’s leading brands.
C2P is an enterprise SaaS platform providing everything you need in one place to achieve your business objectives by proving compliance in over 195 countries.

C2P is purpose-built to be tailored to your specific needs with comprehensive capabilities that enable enterprise-wide management of regulations, standards, requirements and evidence.
Add-on packages help accelerate market access through use-case-specific solutions, global regulatory content, a global team of subject matter experts and professional services.

  • Accelerate time-to-market for products
  • Reduce non-compliance risks that impact your ability to meet business goals and cause reputational damage
  • Enable business continuity by digitizing your compliance process and building corporate memory
  • Improve efficiency and enable your team to focus on business critical initiatives rather than manual tasks
  • Save time with access to Compliance & Risks’ extensive Knowledge Partner network
C2P-Laptop-Heatmap

Cutting Through the Chaos: A 2025-2026 Survival Guide to ESG, Sustainability & Product Compliance

Unpack the latest regulatory developments in 2025, gain practical insights, and learn what’s coming next in 2026!

Whether you’re grappling with deadlines or planning for future compliance, join us for a roadmap to navigate the challenges and opportunities ahead.

REGISTER now

Related Resources