Digital Omnibus on AI: Revised Mandate for Trilogue Negotiations

In late 2025, the European Commission published COM(2025)836 — the so-called Digital Omnibus on Artificial Intelligence — a legislative proposal designed to simplify and recalibrate the obligations introduced by the EU AI Act (Regulation (EU) 2024/1689). Following intensive technical discussions within the Council and the European Parliament, a revised negotiating mandate was agreed in early 2026, setting the parameters for the final trilogue negotiations that will determine the amended text of the AI Act.

What COM(2025)836 Is

The Digital Omnibus on AI is an omnibus simplification regulation: a single legislative vehicle that proposes targeted amendments to the EU AI Act without reopening the entire text. The Commission brought forward the proposal under Article 114 TFEU, invoking the internal market legal basis that underpins the original AI Act. The stated purpose is to reduce administrative burden — particularly for small and medium-sized enterprises (SMEs) and mid-tier AI developers — while preserving the core risk-based architecture that makes the AI Act the global benchmark for AI governance.

COM(2025)836 was motivated by feedback gathered during the AI Act's first implementation phase and by the Commission's broader Better Regulation agenda. Early monitoring showed that certain compliance pathways, particularly for general-purpose AI (GPAI) models and for providers seeking to avoid high-risk classification, were disproportionately complex relative to the actual risk profile of the systems involved.

Key Changes Proposed

Article 51 — Lighter Obligations for Low-Risk GPAI Models. The original AI Act imposed significant transparency and capability-evaluation obligations on all GPAI model providers above a defined training compute threshold (10^25 FLOPs). COM(2025)836 proposes amending Article 51 to introduce a tiered approach: models below a revised lower threshold would face only basic transparency requirements (model card publication and incident reporting), while only models above the systemic risk threshold would face the full suite of Article 51 to Article 55 obligations. This change is expected to benefit a large number of European and non-European GPAI developers who found the original threshold too broad.

Article 43 — Simplified Conformity Assessment. Under the original text, providers of high-risk AI systems listed in Annex III were required to undertake third-party conformity assessments in a range of circumstances. COM(2025)836 proposes expanding the self-assessment pathway under Article 43(2) to cover additional Annex III categories where harmonised standards are available and where the provider can demonstrate a documented internal quality management system. This reduces the cost and time associated with conformity assessment, particularly for systems used in employment screening and education — two Annex III categories where costs had proven prohibitive for SMEs.

SME Derogations. COM(2025)836 introduces a new Article 11a providing explicit derogations for microenterprises and small enterprises. SMEs qualifying under Commission Recommendation 2003/361/EC would benefit from extended transition periods, simplified technical documentation requirements, and access to regulatory sandboxes with reduced fees. National competent authorities would be required to designate SME advisory contacts within their market surveillance structures.

Article 6 — Revised High-Risk Classification. One of the most contested aspects of the original AI Act was the two-step classification mechanism in Article 6, which required providers to self-assess whether their system, even if listed in Annex III, "poses a significant risk of harm." COM(2025)836 proposes replacing this self-assessment with a presumption-based mechanism: systems listed in Annex III are presumed high-risk unless the provider can demonstrate, against specified criteria published by the AI Office, that the system does not meet the harm threshold. This reverses the burden in a way that is more predictable for regulators while giving compliant providers a clearer rebuttal pathway.

The Trilogue Process

The EU legislative procedure requires the European Parliament, the Council of the EU, and the European Commission to reach agreement in tripartite negotiations known as trilogues. Following the revised Council mandate adopted in early 2026, the Parliament's IMCO and LIBE committees have been working to consolidate their own positions on COM(2025)836. Trilogue sessions are expected to conclude before the end of 2026, with the amended regulation entering into force shortly thereafter.

The principal outstanding issues in trilogue concern the scope of Article 6 revisions — with several member states and Parliament rapporteurs concerned that the presumption mechanism could create loopholes — and the exact compute thresholds for GPAI tiering under Article 51, which will require updating as compute costs continue to fall.

What This Means for Businesses Timing Compliance

Businesses that have already invested in AI Act compliance programmes should not pause or reverse their work. The core risk-based architecture — prohibited practices under Article 5, high-risk obligations under Articles 8 to 15, and GPAI model obligations under Articles 51 to 55 — will remain in place. COM(2025)836 proposes refinements, not wholesale revision.

However, organisations that have not yet initiated compliance should incorporate the proposed changes into their planning assumptions. In particular, providers developing systems that currently fall within the Annex III self-assessment scope of Article 43 should monitor trilogue outcomes, as the expanded self-assessment pathway could significantly reduce their compliance cost if adopted. GPAI model providers below the revised Article 51 thresholds should similarly track the final compute figures before committing to third-party evaluation budgets.

This article is informational only and does not constitute legal advice. Consult qualified legal counsel for advice specific to your organisation.

Frequently Asked Questions

Does COM(2025)836 delay the AI Act's application dates?

COM(2025)836 does not propose a general delay to the AI Act's phased application dates. The prohibited practices under Article 5 applied from August 2025, GPAI model obligations from August 2025, and high-risk system obligations begin applying from August 2026. SME derogations under the proposal extend transition periods for qualifying enterprises, but large providers and providers of high-risk systems remain subject to the original timetable.

Will the revised Article 6 classification mechanism be retroactive?

The proposed presumption mechanism in the revised Article 6 would apply from the date of entry into force of the amending regulation. Providers who have already completed conformity assessments under the original Article 6 pathway would not be required to repeat them, but would benefit from the new rebuttal pathway in any future supervisory review.

How does COM(2025)836 affect GPAI model providers outside the EU?

The EU AI Act's Article 2 extraterritorial scope provisions are unchanged by COM(2025)836. Non-EU GPAI model providers whose models are placed on the EU market or used by EU-based deployers remain subject to the Act's requirements, including the revised Article 51 tier that applies to their compute level.

Sources

• COM(2025)836 — Digital Omnibus on AI — European Commission
• EU AI Act (Regulation (EU) 2024/1689) — EUR-Lex
• EU AI Office — General-Purpose AI Models — European Commission