Key Points:
- EU lawmakers struck an early morning deal on the AI Omnibus to simplify artificial intelligence regulations.
- The agreement grants exemptions from certain rules to companies earning up to €200 million and targets deepfake creators.
- Critics argue the new rules lack ambition and leave medical device and toy makers waiting for future guidelines.
- Industry leaders now urge the EU to fix the upcoming Digital Omnibus to protect tech innovation and data access.
EU lawmakers finally reached a provisional agreement on the AI Omnibus package at 4 am on Thursday. The European Parliament and Council spent hours debating how to simplify artificial intelligence rules for businesses across the continent. While the lead negotiators celebrated the early morning deal, many critics quickly called the final result underwhelming and lacking in real ambition.
The simplification process proved incredibly difficult. Lawmakers clashed over last-minute exemptions for machinery, faced legal challenges, and worried that the new package might ruin the original AI Act. Many industry watchers say the European Union missed a massive chance to help local businesses navigate a very confusing regulatory landscape. They argue that government promises about service desks and regulatory sandboxes will not actually fix the complicated rules.
During the final weeks, politicians argued fiercely over exempting specific products such as medical devices, toys, elevators, machinery, and boats from overlapping rules. Some countries accused Germany of delaying the talks, which led to a messy compromise. In the end, lawmakers only removed the overlapping rules for machinery products. Makers of medical devices, toys, elevators, and boats must now wait for implementing acts, which usually take a long time to be issued.
The agreement did deliver some positive news for growing tech companies. Negotiators agreed to extend small-business exemptions to mid-sized companies that report up to €200 million in annual turnover. This change offers practical support to European tech startups trying to scale their operations. Lawmakers also narrowed the definition of safety components and permitted developers to process personal data to detect and fix biases in their artificial intelligence systems.
Recent scandals involving artificial intelligence-generated nudity forced lawmakers to act. The EU will apply stricter rules to systems that people use to create non-consensual deepfakes or child exploitation material. Companies building these systems have until December 2, 2026, to comply with the new rules. Meanwhile, the EU pushed the compliance deadline for standard high-risk systems to December 2, 2027, and delayed embedded high-risk systems to August 2, 2028. However, they shortened the grace period for watermarking generated content, moving that deadline up to December 2, 2027.
The EU also pushed back the launch date of its artificial intelligence regulatory sandboxes to August 2, 2027. Critics argue these sandboxes rely too heavily on soft measures and face significant limits. As the European Parliament and Council prepare to formally approve the AI Omnibus, the political spotlight now moves to the second half of the simplification effort. Lawmakers will soon debate the Digital Omnibus package, which tackles data and artificial intelligence development.
The Central European AI Chamber recently teamed up with 15 other associations to send a strong message to EU member states. The group published an open letter demanding that politicians fix the current watered-down proposals inside the Digital Omnibus. They want lawmakers to strike a better balance between protecting consumer data and promoting economic growth. Right now, the business groups believe the compromise texts actively hurt strategic innovation.
The biggest fight surrounding the Digital Omnibus involves how developers can use data for scientific research and artificial intelligence training. The political landscape looks completely split. Tech companies argue that Europe will lose the global artificial intelligence race if developers cannot access quality training data. On the other side, privacy advocates demand that lawmakers maintain the status quo. They fear any changes will destroy the strict European data protection framework.
Industry experts suspect 3 main topics will dominate the debates in the coming months. First, lawmakers must determine how to define personal data once developers have pseudonymized it. Second, they need to debate processing exemptions under Article 88c. Third, they will argue over the accidental processing of sensitive data under Article 9. The open letter stressed that initial proposals offered practical solutions, but the current draft simply reverts to the old, restrictive rules.
Without clear definitions, companies face fragmented rules across different European countries. Researchers must rely on guidelines from the European Data Protection Board. The board focuses strictly on protecting data and does not care about promoting economic growth or tech innovation. The current proposals also narrow the definition of scientific data. Tech groups argue this directly ruins the plan to turn strong European research into successful commercial products.
The open letter asks for a broad, clear, and binding definition of data use to give public and private researchers predictable rules. Finally, the Digital Omnibus tries to fix the annoying cookie banners that plague European internet users. Lawmakers proposed a new mechanism under Article 88b. Experts warn this new tool will only create more consent chaos, ruin the consumer browsing experience, and completely fail to meet the specific consent requirements of the GDPR.
