When the European Union passed its landmark AI Act in 2024, the law was supposed to set a global standard for regulating artificial intelligence. Instead, for many smaller companies, it set off a scramble to meet compliance deadlines that outpaced the technical standards and assessment tools they actually needed to comply. On May 7, 2026, EU lawmakers acknowledged the problem and agreed to fix it.
The Council of the European Union and the European Parliament reached a provisional deal to simplify key parts of the AI Act through a legislative package known as the Digital Omnibus on AI. The agreement widens compliance exemptions beyond traditional small and medium-sized enterprises to include “small mid-cap” firms, delays certain high-risk AI deadlines until the supporting technical standards are actually published, and adjusts governance structures under Regulation (EU) 2024/1689.
The deal is the clearest admission yet from Brussels that the original regulatory timeline was unrealistic for companies without large legal and compliance departments.
What the deal actually changes
The most consequential shift is who gets relief. Under the original AI Act, lighter compliance obligations applied mainly to small and medium-sized enterprises. The new agreement extends those protections to small mid-cap companies as defined by Commission Recommendation (EU) 2025/1099, which sets the official thresholds for that category. In practice, this means a significantly larger pool of growth-stage firms, companies that may have hundreds of employees and meaningful revenue but still lack the dedicated regulatory teams of major tech players, can now access reduced requirements for high-risk AI systems.
The agreement also decouples compliance deadlines from the calendar and ties them instead to the actual readiness of harmonized technical standards. The Council’s negotiating mandate spells out the reasoning in its recitals: delayed preparation of those standards and conformity-assessment frameworks had created obligations that companies could not realistically fulfill. That language is notable because it amounts to an institutional acknowledgment that the regulatory infrastructure was not keeping pace with the law’s own requirements.
The European Parliament’s legislative tracker for dossier 2025/0359 COD confirms both the deadline linkage and the expanded exemptions. Governance changes are also part of the package, though the precise structural adjustments have not been fully detailed in public summaries released as of late May 2026.
How the deal came together
The timeline reflects deliberate institutional urgency. The European Commission tabled the original simplification proposal, and the Council agreed on its negotiating position in March 2026, explicitly framing its mandate around minimizing compliance burdens for smaller firms. The provisional agreement announced on May 7 represents the conclusion of trilogue negotiations between the Council, Parliament, and Commission.
The Council’s press release confirmed the deal alongside a separate provision: a ban on so-called “nudification” apps, AI tools that generate non-consensual intimate imagery. The European Commission framed the broader package as an effort to support innovation while maintaining citizen protections.
Industry criticism that preceded the reform
The simplification effort did not emerge in a vacuum. In the months following the AI Act’s passage, trade groups representing technology companies across Europe publicly warned that the law’s compliance requirements were unworkable on the timelines set. DigitalEurope, a Brussels-based industry association whose members include both large tech firms and smaller European companies, had called for implementation delays and clearer guidance, arguing that companies could not comply with rules whose underlying technical standards had not yet been finalized. The Computer & Communications Industry Association (CCIA Europe) raised similar concerns, pointing to the gap between legal deadlines and the readiness of conformity-assessment infrastructure.
Those criticisms were echoed by national trade groups and startup advocacy organizations, though specific public statements tying named companies to particular compliance failures have not surfaced in the available record. The Council mandate’s own recitals effectively validated the industry argument by acknowledging that delayed standards and governance frameworks had made compliance unrealistic for smaller firms. Still, the absence of direct, on-the-record testimony from individual companies means the “compliance was impossible” framing rests primarily on institutional language and general industry advocacy rather than documented case studies.
What is still unclear
Several important questions remain open. No public statements from affected companies or industry associations have confirmed whether the May 7 simplifications fully resolve the compliance difficulties that prompted the reform. Formal reactions from DigitalEurope, CCIA Europe, and other trade groups to the provisional deal had not been published as of late May 2026.
Official data on how many small mid-cap enterprises across EU member states will qualify for the expanded exemptions has not been released in detail. The Commission’s explanatory materials offer high-level estimates, but granular country-by-country figures are not yet part of the public legislative record.
The nudification ban also raises enforcement questions. The prohibition itself is clear, but the operational details of how member states will identify violators and take action have not been spelled out. Whether enforcement will run through existing national authorities or require new coordination structures remains to be seen.
It is also worth noting that the story so far is told almost entirely from the perspective of the institutions that wrote the original rules and then decided to soften them. Independent industry reaction will be important to watch as the formal text moves toward final adoption, expected in the coming weeks.
Whether the simplification will be enough remains an open fight
The provisional agreement still requires formal adoption by both the Council and Parliament before the revised rules become binding. That process typically takes weeks to months, and the amended text is unlikely to change substantially at this stage.
The broader question is whether this simplification will be enough. The AI Act remains the most comprehensive AI regulation in the world, and even with lighter requirements, smaller companies will still face significant obligations around transparency, risk management, and human oversight for high-risk systems. Whether the revised framework strikes the right balance between protecting citizens and letting European AI companies compete globally is a debate that is far from settled.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
