Illustrazione astratta di persone di profilo

Digital Omnibus AI: what changes compared to the AI Act and what companies need to do

Veronica Olivi

Veronica Olivi

02 Jul 2026 | 5 min read

Artificial intelligence has entered companies' daily operations much faster than expected. Today, it's enough to integrate an AI model into management software to automate activities like ticket classification, quote preparation, document summarization, or operator assistance.

From a technical standpoint, this may seem like a simple additional feature, but from a regulatory standpoint, it raises numerous questions.Is the user aware that the content was generated by artificial intelligence? Can they verify or correct it? What data is being processed? Who is responsible for decisions made by the system?

These are exactly the questions the European Union is trying to answer through a regulatory framework in constant evolution. After the AI Act came into force, 2026 saw the arrival of the Digital Omnibus AI, a package of amendments designed to make the application of the new rules more gradual and sustainable.

Let's look at what's changing and what aspects companies should be aware of right away.

What is the AI Act

The AI Act (EU Regulation 2024/1689) is the world's first regulation dedicated to artificial intelligence. It entered into force on August 1, 2024, and introduces a risk-based approach to AI systems. The goal is not to limit innovation, but to ensure that artificial intelligence is developed and used safely, transparently, and with respect for fundamental rights. The regulation imposes different obligations depending on the risk level that an AI system may pose to citizens, businesses, and society.

The Four Risk Categories Under the AI Act

1. Unacceptable Risk
Includes systems considered incompatible with European values and therefore prohibited.
These include:

  • social scoring;

  • cognitive manipulation systems;

  • exploitation of people's vulnerabilities;

  • certain prohibited forms of biometric identification;

  • systems that generate non-consensual intimate images.


2. High-Risk Systems
These are applications that can have a significant impact on people's lives.
They include, for example:

  • critical infrastructure;

  • medical devices;

  • biometric systems;

  • personnel selection;

  • education;

  • justice;

  • access to essential services such as credit or insurance.

For these applications, the regulation requires very detailed documentation, risk management, human oversight, continuous monitoring, and data quality requirements.


3. Limited-Risk Systems
These are systems that must primarily comply with transparency obligations.
They include:

  • chatbots;

  • virtual assistants;

  • systems that generate images, text, or video;

  • applications that interact directly with users.

In these cases, the user must be clearly informed when they are interacting with an artificial intelligence system or when content has been artificially generated.


4. Minimal Risk
Most AI applications currently on the market fall into this category.
For example:

  • spam filters;

  • recommendation systems;

  • productivity support tools;

  • AI integrated into business software.

These systems are not subject to specific obligations, although good usage practices are encouraged.

Illustrazione astratta di persone immerse in uno spazio tridimensionale geometrico

Key AI Act deadlines

February 2, 2025
Bans on prohibited practices and the obligation for staff AI literacy come into force.

August 2, 2025
Obligations for GPAI models and European governance rules become applicable.

August 2, 2026
Most of the obligations set out in the AI Act come into force.

2027–2028
Obligations postponed by the Digital Omnibus for certain categories of high-risk systems progressively come into force.

What is the Digital Omnibus AI and what changes compared to the AI Act

With the rapid development of artificial intelligence, the need emerged to make the application of the AI Act more gradual and coordinated.For this reason, in 2026 the European institutions approved the Digital Omnibus AI, a simplification package that does not change the principles of the AI Act but affects its practical application.

The goal is to reduce administrative burdens, avoid regulatory overlaps, and give businesses and public administrations more time to adapt.The main changes mainly concern high-risk systems and the postponement of certain obligations.

The Digital Omnibus postpones some deadlines:

  • high-risk systems under Annex III move from August 2, 2026 to December 2, 2027;

  • products covered by Annex I (such as certain medical devices or regulated products) are postponed to August 2, 2028.

This extension gives companies more time to prepare, but it is not an invitation to wait.

New Prohibitions
The package also introduces new prohibitions that will come into force starting December 2, 2026. These include systems that generate non-consensual intimate material ("nudification") and certain applications linked to the production of child sexual abuse material.

The postponement doesn't mean companies can stop preparing
Many companies might interpret the postponed deadlines as a reason to delay every compliance activity. In reality, the opposite is true: preparation takes time, and it's necessary to inventory all AI systems in use, understand their risk level, define internal responsibilities, prepare documentation, and train staff. Organizations that start today will have a competitive advantage once the new provisions become fully applicable.

What Penalties Are Provided?
The AI Act introduces a penalty system similar in severity to the one already seen with the GDPR.
Penalties can reach up to:

  • €35 million or 7% of worldwide turnover for prohibited practices;

  • €15 million or 3% of turnover for violations of obligations related to high-risk systems;

  • €7.5 million or 1% of turnover for inaccurate or incomplete information provided to competent authorities.

Proportionate caps are provided for startups and SMEs based on organization size.

Illustrazione astratta di persone immerse in uno spazio tridimensionale geometrico

How to prepare for the AI Act

Even though some deadlines have been postponed, the best time to start is now.

Companies should:

  • map all artificial intelligence systems used or developed;

  • classify each application according to the risk level set out in the AI Act;

  • carry out a gap analysis to identify necessary actions;

  • define AI governance with clear roles and responsibilities;

  • prepare the required documentation;

  • implement human oversight and risk management processes;

  • train staff on the correct use of artificial intelligence, an activity already required by the regulation.

The Digital Omnibus AI does not change the philosophy of the AI Act, but it makes its application more gradual. Companies have a few more months to adapt, but the obligations remain and require structured preparation.

For this reason, it's important not to simply observe the regulatory evolution, but to start now understanding how artificial intelligence is used within one's own organization and what impacts it may have from a regulatory, organizational, and operational standpoint.

At Moku, we support companies through this journey with assessment activities, process analysis, AI governance definition, and identification of adoption opportunities compliant with European regulations. Preparing today means being able to innovate with greater confidence tomorrow.

Find out more on...