The EU Just Voted to Make the AI Act Easier for SMEs — Here's What Changes

Big News From Brussels: The AI Act Is Getting a Simplification Package

For SMEs worried about EU AI Act compliance, there is genuinely good news from Brussels this month. On 13 March 2026, the EU Council agreed its negotiating position on the Digital Omnibus on AI — a package of targeted amendments designed to make EU AI Act compliance simpler, more proportionate, and less burdensome for smaller businesses.^[1]

The Council's position now moves into formal negotiations — the so-called "trilogue" process — with the European Parliament. Nothing is law yet. But the direction of travel is clear, and the changes being discussed are significant for any EU business using AI.

Where This Came From

The Digital Omnibus on AI was first proposed by the European Commission in November 2025, as part of a broader effort to reduce regulatory complexity across the EU's digital rulebook. It sits alongside proposals to simplify GDPR, NIS2, and the Data Act under one umbrella.^[2]

The motivation is competitive. The Draghi report on EU competitiveness warned that Europe's regulatory accumulation was hurting innovation. The Digital Omnibus is the most concrete response: a deliberate effort to trim compliance costs without gutting the underlying protections.

What the Council Position Actually Changes

Here are the key proposed changes that are relevant to SMEs — bearing in mind these are still subject to trilogue negotiations with the Parliament:

1. Lighter Documentation for Smaller Companies

Under the current EU AI Act, simplified technical documentation requirements only apply to microenterprises (under 10 employees). The Digital Omnibus proposes extending that simplification to small and medium-sized companies more broadly — covering businesses with up to 250 employees and under €50 million in annual turnover.^[3]

For SMEs building or deploying high-risk AI systems, this is meaningful. Full technical documentation requirements are substantial — detailed training data records, performance metrics, risk assessments. Simplified requirements reduce that burden significantly.

2. High-Risk Rules May Be Delayed Until Standards Are Ready

One of the biggest sources of uncertainty for businesses has been the lack of harmonised standards for high-risk AI systems. Without agreed standards, demonstrating compliance is difficult — companies don't know what "good" looks like.

The Omnibus VII package proposes that high-risk AI obligations should only fully apply once the Commission confirms that the necessary support tools and standards are in place — potentially providing up to 16 months of additional breathing room for affected businesses.^[4]

This doesn't mean the August 2026 deadline disappears. Transparency obligations, prohibited practices bans, and basic deployer duties remain fixed. But for companies facing the most complex conformity assessment requirements, the runway may be longer than they thought.

3. AI Literacy Obligation Is Being Softened

Article 4 of the current AI Act places a direct obligation on employers to ensure their staff have sufficient AI literacy. The Omnibus proposal would shift this: instead of a hard legal obligation on individual companies, member states and the Commission would be responsible for encouraging and supporting AI literacy training.

In practice, this means the risk of being penalised for insufficient staff AI training would reduce significantly — at least until member states implement their own national programmes.

4. Guidance to Minimise Compliance Burden

The Council's mandate adds a new obligation for the Commission to provide guidance to help businesses understand how to comply with high-risk AI requirements in a way that minimises administrative burden. For SMEs without in-house legal teams, clearer official guidance is genuinely useful — it reduces reliance on expensive external consultants.

What This Means for Your Business Right Now

The most important thing to understand: these changes are not yet law. The Council's position is one side of a negotiation. The European Parliament must agree, and the trilogue process typically takes several months. The August 2, 2026 deadline and existing obligations remain in place until any amendments are formally adopted and published.

What should you do?

• Don't use this as an excuse to pause compliance work. The August 2026 deadline applies to transparency obligations, prohibited practices, and basic deployer duties — none of which are affected by the Omnibus proposals.
• If you're facing high-risk AI documentation requirements, it's worth monitoring trilogue progress. There may be meaningful relief coming — but it's not guaranteed, and the timeline is unclear.
• Use the direction of travel as context. The EU is actively trying to make compliance easier for SMEs. This is political signal as much as legal signal — regulators are unlikely to pursue aggressive early enforcement against SMEs that are making genuine efforts.
• Start with your audit. Knowing which risk category your AI systems fall into is useful regardless of how the Omnibus lands. If you're minimal or limited risk, your obligations are manageable and largely unchanged. Our free audit gives you that classification in under 10 minutes.

The Bottom Line

The Council's March 13 position is the clearest sign yet that the EU is listening to SME concerns about AI Act complexity. The proposed simplifications — lighter documentation, possible timeline flexibility for high-risk rules, softer AI literacy obligations — are all directly responsive to feedback from businesses.

Whether those proposals survive trilogue unchanged is another question. But for SMEs, the direction is encouraging: Brussels wants compliance to be achievable, not just aspirational.