EU AI Act simplification gives smaller firms more time, not a different rulebook

The Council of the EU announced on 7 May 2026 that it had reached a provisional political agreement with the European Parliament on the AI Omnibus, part of the EU’s Digital Omnibus simplification agenda, according to Mishcon. The package would streamline parts of the EU AI Act ahead of major compliance deadlines, but it still needs formal adoption by Parliament and Council and publication in the Official Journal before becoming law.

Mishcon describes the package as a targeted recalibration rather than a reversal of the EU’s AI regulatory approach. The EU AI Act entered into force in August 2024 and is described in the supplied evidence as the world’s most comprehensive cross-sector AI legislation. The risk-based framework and its core obligations remain intact, but firms that pushed for simplification now have more time and a somewhat narrower compliance perimeter.

The agreement includes extended compliance deadlines for high-risk AI systems, new prohibitions on AI-generated non-consensual intimate imagery and child sexual abuse material, reduced duplication for AI embedded in industrial products, a clarified supervisory role for the AI Office, and tailored accommodations for SMEs and small mid-cap enterprises, according to Mishcon.

Inside Global Tech’s supplied excerpt gives one example of the technical simplification. For systems self-assessed as non-high-risk under Article 6(3), some information requirements under Annex VIII would be deleted while preserving the underlying transparency objective. It also says AI literacy duties would shift from requiring providers and deployers to “ensure” AI literacy to requiring them to “take measures to support the development of” AI literacy among staff and others dealing with AI systems on their behalf.

The practical effect is a change in compliance capacity. Smaller firms and mid-sized companies still have to classify systems, understand obligations, document controls and prepare governance processes, but the revised timeline and narrowed requirements reduce some pressure before deadlines arrive. For companies building products for the EU market, the change affects staff training, legal review, product documentation, vendor oversight and evidence collection.

The high-risk guidance track remains active. IAPP reports that the European Commission released draft guidelines on 19 May and opened a public consultation to help providers, deployers and other actors determine whether an AI system falls within the high-risk category. The draft guidance covers general classification principles and the two high-risk categories under Article 6: product-safety systems under Annex I and systems deployed across eight areas under Annex III, including biometrics, education, employment and law enforcement.

The Commission’s examples are intended to cover all areas and use cases but are not exhaustive and may be updated over time, IAPP reports. The consultation runs through 23 June, and IAPP says it is not clear when the Commission will finalize the guidance or whether it will seek further public comment on later drafts. Firms therefore have more direction, but not a fully settled compliance map.

The global reach comes from how companies organize governance. Archer argues that the EU AI Act can serve as a practical backbone for global AI governance because it translates oversight into classification, requirements, documentation and lifecycle controls. Its model emphasizes inventory, intake, risk classification, review routing, control evidence, ownership, reporting and refresh triggers, with local requirements managed as overlays rather than separate systems.

The supplied evidence does not show final legal text, implementation results, enforcement actions or how much burden will actually fall on SMEs once the package is adopted. It confirms a provisional political agreement, described changes, draft high-risk guidance and the continued centrality of the EU AI Act as a governance baseline for companies operating across jurisdictions.

The cleanest implication is that Brussels is easing the route into compliance without abandoning the architecture. The AI Act still asks companies to know what systems they use, classify risk, document controls and maintain accountability. The simplification changes timing and some obligations; it does not remove the need to build working AI governance.