The European Union has reached a provisional agreement on the AI Omnibus package, an initiative designed to simplify parts of the AI Act and reduce regulatory complexity for businesses building or deploying AI systems. But while lawmakers describe the agreement as progress, many industry groups believe the outcome only partially addresses the operational challenges companies are already facing.

One of the biggest debates centered around overlapping regulations for sectors such as medical devices, machinery, toys, and transportation products. In the end, lawmakers agreed to remove overlapping AI Act provisions only for machinery products, while the remaining sectors may see clarifications later through implementing acts. For many businesses, that creates continued uncertainty around compliance responsibilities, timelines, and product classification.

The package also introduces several operational changes that could directly affect companies working with AI systems in Europe. SME exemptions will now extend to mid-sized companies with up to €200 million in turnover, potentially helping scale-ups navigate compliance more easily. At the same time, stricter obligations are being introduced for AI systems capable of generating non-consensual explicit content or child sexual abuse material. Deadlines for high-risk AI compliance have also been pushed back into 2027 and 2028, giving organizations more time to adapt infrastructure, governance, and internal processes.

However, attention is already shifting toward what many consider the more important phase: the Digital Omnibus package. While the AI Omnibus focuses on simplifying AI-specific regulation, the Digital Omnibus will shape one of the most critical questions for Europe’s AI future: how companies can legally access and use data for AI development and scientific research.

This is where the tension between innovation and regulation becomes much more visible. Industry groups argue that without clearer rules around pseudonymized data, legitimate interest processing, and AI-related research exemptions, Europe risks slowing down its own AI competitiveness. Others continue to prioritize strict interpretations of data protection principles, fearing that loosening restrictions could weaken the GDPR framework.

For companies building AI products, the challenge is becoming increasingly operational rather than theoretical. AI systems depend on data availability, governance clarity, auditability, and long-term maintainability. When rules remain fragmented or open to interpretation across multiple Member States, businesses face slower development cycles, higher legal uncertainty, and more complex architecture decisions.

The broader message behind the EU’s latest AI negotiations is becoming clear: Europe is still trying to find the balance between protecting users and enabling competitive AI innovation. And while the AI Omnibus may reduce some immediate friction, the next stage of regulation around data access and AI development could have a far greater impact on how European software ecosystems evolve over the next few years.

Source