On 7 May 2026, the Council of the European Union and the European Parliament reached a provisional agreement on the so-called Digital Omnibus, a regulatory simplification package that significantly amends the Artificial Intelligence Act (AI Act), the European regulation governing the development and use of artificial intelligence. This agreement redefines deadlines, responsibilities and governance tools, with concrete implications for every organisation – public or private – operating AI systems within the European Union.
There is much talk of artificial intelligence, often in technical or visionary terms. Far less often does the focus fall on a crucial question: who is responsible for ensuring that these systems are safe, transparent and compliant with the rules? It is a question that Europe has sought to answer with the AI Act, the world’s first comprehensive regulatory framework on AI. And now, roughly a year after its gradual entry into force, that framework is being updated – not in its fundamental principles, but in its deadlines and enforcement mechanisms.
For Italian businesses, both public and private, the Digital Omnibus is therefore not merely a legal issue. It is an operational step. Because it concerns the way in which organisations will have to map their artificial intelligence systems, classify risks, vet suppliers, document processes and establish a governance framework capable of supporting innovation.
In other words, it is no longer enough simply to ‘use AI’. One must be able to demonstrate how it is used, why it is used, and what safeguards are in place.
To understand what is changing, and above all what this means for Italian businesses and institutions, it is worth starting from the beginning.
What is the Digital Omnibus and why was it created?
The Digital Omnibus is a regulatory simplification package presented by the European Commission on 19 November 2025 with the aim of making the European Union’s digital regulatory framework more coherent and competitive. The stated aim is to ease administrative burdens, reduce overlaps between different regulations and create more favourable conditions for businesses, particularly small and medium-sized enterprises, to adopt and develop digital technologies within the European single market.
The package addresses several strategic areas: personal data protection, cybersecurity, data management and sharing, digital identity and artificial intelligence. In particular, the Commission has proposed technical and targeted amendments to existing regulations, including the GDPR, the European Cybersecurity Framework and the AI Act – EU Regulation 2024/1689, with the aim of reducing overlaps, clarifying implementation obligations and simplifying compliance requirements, particularly for SMEs and innovative companies.
AI Act: the European framework for artificial intelligence
To understand the scope of the Digital Omnibus, it is useful to go back to the starting point: the AI Act.
EU Regulation 2024/1689 is the world’s first comprehensive regulatory framework dedicated to artificial intelligence. Published in the Official Journal of the European Union on 12 July 2024, the AI Act introduces a risk-based approach: the greater the potential impact of an AI system on people, rights, safety or essential services, the stricter the obligations for those who develop, distribute or use it.
The logic is simple: not all artificial intelligence systems are the same. A spam filter, a corporate chatbot, a medical diagnosis support system or an algorithm used to select candidates in a recruitment process do not carry the same level of risk. For this reason, the regulation distinguishes between systems posing minimal risk, systems subject to specific transparency obligations, high-risk systems and prohibited practices.
New deadlines: more time to comply with high-risk systems
The crux of the provisional agreement of 7 May 2026 concerns the postponement of deadlines. The AI Act originally stipulated that the obligations for high-risk systems – those listed in Annex III of the Regulation – would come into force on 2 August 2026. A deadline that many businesses, particularly SMEs, were struggling to meet in the absence of definitive technical standards and clear implementation guidance from the authorities.
With the provisional agreement on the Digital Omnibus, the timetable has been revised.
In summary, the new framework sets out a number of key milestones:
- 2 December 2026
Entry into force of mandatory watermarking for AI-generated content (synthetic content, audiovisual deepfakes). A delay of approximately four months from the original deadline. A three-month extension for systems already on the market.
- 2 August 2027
New deadline for the activation of regulatory sandboxes (regulated testing environments for SMEs and scale-ups developing compliant AI solutions). Postponed by twelve months from the original deadline of 2 August 2026.
- 2 December 2027
Application of obligations for high-risk autonomous AI systems, including biometric systems, critical infrastructure management systems, recruitment systems, and systems for access to education.
- 2 August 2028
Application of obligations for high-risk systems integrated into regulated products, such as medical devices, industrial machinery, vehicles and toys.
This is a substantial adjustment. The point is therefore not to postpone compliance indefinitely. The point is to give businesses the time they need to translate regulatory requirements into real, measurable processes that are fully integrated into the organisation.
For Italian companies, this means one very concrete thing: the time gained should not be seen as a break, but as a preparation phase.
Transparency and watermarking: identifying AI-generated content
One of the most tangible aspects of the AI Act concerns the transparency of content generated by artificial intelligence. In a context where synthetic text, images, audio and video are becoming increasingly realistic, it is essential to be able to recognise when content has been produced or manipulated by an AI system. This applies, for example, to audiovisual deepfakes, generative content used in digital communication, or synthetic images circulated online.
The Digital Omnibus confirms this principle but makes its implementation more gradual. The obligation to make AI-generated content identifiable (digital watermarking) has in fact been postponed until 2 December 2026, with the aim of giving businesses and developers the time needed to adopt effective technical solutions consistent with European standards. The direction remains clear: to strengthen trust in the digital ecosystem and counter the risks associated with disinformation, content manipulation and the misuse of artificial intelligence. As indicated by the Council of the European Union, the provisional agreement aims to simplify the application of the rules without reducing the level of protection provided by the AI Act.
For businesses, this means that the use of AI in content production can no longer be left to isolated or unmonitored initiatives. Marketing, communications, customer service, training and corporate documentation will need to establish clear internal policies: when to disclose the use of AI, which content to subject to human review, which tools to use, and how to ensure traceability and accountability.
Sandboxes and governance: innovating in a safer environment
Another key aspect of the agreement concerns regulatory sandboxes, i.e. regulated testing environments in which businesses, SMEs and scale-ups can test artificial intelligence systems with the support of the relevant authorities. The launch of the sandboxes has been postponed until 2 August 2027, but their role is becoming even more important: to provide a safe space for developing innovative solutions, verifying compliance before market launch and reducing the risk of misinterpretation.
For the Italian manufacturing sector, largely made up of SMEs and industrial supply chains undergoing digital transformation, this tool could represent a tangible opportunity. Sandboxes help bridge the gap between innovation and compliance, ensuring that regulation is not perceived solely as a constraint. In its proposal on the Digital Omnibus on AI Regulation, the European Commission indeed refers to targeted measures to make the implementation of the AI Act more proportionate, timely and sustainable for organisations.
Alongside sandboxes, the Digital Omnibus also strengthens European coordination through the AI Office, the Commission’s office dedicated to implementing the AI Act and supervising general-purpose artificial intelligence models.
The aim is to reduce fragmentation, duplication and uncertainty regarding implementation across the various Member States, thereby providing businesses with a more consistent framework for planning the necessary adjustments.
What Italian businesses need to do now
The agreement of 7 May 2026 is still provisional: it must be formally adopted by the European Parliament and the Council, undergo legal and linguistic review, and be published in the Official Journal of the European Union. However, the new deadlines already provide a clear indication: the time gained should not be seen as a break, but as a useful phase to prepare.
Italian businesses should start by mapping the AI systems already in use or under development, classifying them according to the risk level set out in the AI Act. This step is essential to understand which tools fall within the category of high-risk systems and which, on the other hand, are subject to lighter transparency obligations. EU Regulation 2024/1689 adopts a risk-based approach: the greater the potential impact of a system on rights, safety or essential services, the stricter the obligations for suppliers and users.
At the same time, it will be necessary to define internal roles and responsibilities: who approves the adoption of new AI tools, who verifies supplier compliance, who manages technical documentation, who monitors risks and who updates company procedures. AI compliance is not just a matter for the legal department or IT, but involves governance, cybersecurity, procurement, human resources, marketing and senior management.
From compliance to digital trust
In conclusion, the Digital Omnibus does not diminish the importance of the AI Act, but makes its implementation more gradual and sustainable. The EU’s approach remains focused on trustworthy, secure and transparent artificial intelligence, capable of fostering innovation without compromising fundamental rights, security and accountability.
For Italian businesses, it is not only important to adapt to new deadlines, but to build a framework for AI governance capable of transforming compliance into a competitive advantage. Mapping systems, assessing risks, monitoring suppliers, documenting processes and ensuring human oversight means reducing uncertainty and strengthening the trust of customers, partners and institutions.
This is the context for Olidata commitment, focused on developing technological solutions that combine innovation, security and the ability to govern digital systems. Because the future of artificial intelligence will depend not only on the power of the models, but on organisations’ ability to make them reliable, controllable and consistent with their own objectives.
The real challenge today is not simply to adopt AI. It is to create the conditions for AI to generate value in a secure, transparent and sustainable way.