In my exclusive reporting for Stankevicius, I previously chronicled the European Union’s ambitious experiment in AI governance. My articles on “Brussels Releases The European Union General-Purpose AI Code of Practice” and “The European Union’s AI Act Goes Live: What Higher Education Institutions Need to Know” documented the regulatory framework as it took shape. Much has happened since.
On November 6, 2025, I published The European AI Act and Its Implications for New York State Higher Education Institutions for the Rockefeller Institute of Government. That report analyzed how the EU AI Act, the world’s first comprehensive regulatory framework for artificial intelligence, would impact higher education institutions beyond Europe’s borders, particularly those in New York State with existing research or programmatic collaborations with EU-based institutions.
The report examined the Act’s risk-based approach, which categorizes AI systems based on their potential risks to health, safety, and fundamental rights. Like the General Data Protection Regulation before it, the EU AI Act applies extraterritorially, affecting American institutions that deploy AI systems producing outputs used within the EU. With the first compliance deadlines set to start in summer 2026, the report provided New York higher education institutions with essential guidance on classifications, documentation standards, and interconnected data governance obligations necessary to protect transatlantic partnerships.
The Digital Omnibus Proposal
Now, just days after the report’s release, on 19 November 2025, the European Commission has published a draft regulation that signals a dramatic shift in direction. Released as part of the “Digital Omnibus Proposal,” the draft introduces sweeping changes to the EU AI Act itself. The Digital Omnibus Proposal aims to simplify and streamline the European Union’s complex digital rulebook in response to mounting pressure from industry and warnings about Europe’s deteriorating competitive position. This move marks a significant pivot for the EU. While Brussels has historically prioritized strict regulatory standards, exemplified by the 101 different laws governing the EU digital sector, this new package suggests a shifting focus toward economic competitiveness and reducing administrative burdens for businesses.
POLICY AND LEGISLATION Publication
Digital Omnibus Regulation Proposal
19 November 2025
Digital Omnibus Regulation Proposal
The Digital Omnibus proposal includes a set of technical amendments to a large corpus of digital legislation, selected to bring immediate relief to businesses, public administrations, and citizens alike, and to stimulate competitiveness.
Digital Omnibus Regulation Proposal
It is a first step to optimise the application of the digital rulebook. The immediate objective is to ensure that compliance with the rules comes at a lower cost, delivers on the same objectives, and brings in itself a competitive advantage to responsible businesses.
Critically, the Commission acknowledges this is only the beginning. “The Commission is also conducting a Digital Fitness Check. Whereas the Digital Omnibus proposals are immediate and targeted, the analysis the Commission will undertake in the Digital Fitness Check will focus on cumulative impact of the digital rules, seeking to test how they support the EU’s competitiveness and where further adjustments will need to be proposed in the second half of the legislative mandate” (European Commission, 2025, p. 3).
Top 5 Proposed EU AI Act Changes
1. Timeline Changes (Article 113)
The Commission proposes a delay to the enforcement of obligations for high-risk AI systems, currently set for August 2, 2026. The new applicable date would be delayed to either:
- Six to 12 months after corresponding technical standards are approved; or
- December 2, 2027 (for Annex III systems) and August 2, 2028 (for Annex I systems).
2. Downgrading AI Literacy Obligations (Article 4)
The strict legal mandate for providers and deployers to ensure AI literacy is being softened. The proposal suggests that Member States should instead foster literacy and encourage providers to take measures, rather than legally requiring them to do so.
3. EU AI Office Scope Expansion (Article 75)
The proposal aims to centralize supervision. It designates the AI Office (part of the European Commission) as the primary authority for supervising AI systems based on general-purpose AI (GPAI) models where the model and system are developed by the same provider. This shifts power away from fragmented national regulators.
This centralization builds on the AI Office’s existing role in administering the GPAI Code of Practice, which was released in July 2025. “After the Code is endorsed by Member States and the Commission, AI model providers who voluntarily sign it can show they comply with the AI Act by adhering the Code. This will reduce their administrative burden and give them more legal certainty than if they proved compliance through other methods” (European Commission, 2025, para. 2).
4. Limiting Public Database Registration (Article 6)
To cut red tape, the Commission proposes removing the obligation for providers to register AI systems in the EU public database if they have determined the system is not high-risk due to the specific nature of its use (a derogation). Providers must still document this assessment and produce it upon request.
5. Proportionality for Small Mid-Caps (Article 99)
The proposal introduces Small Mid-Caps (SMCs) as a new category. Defined as companies with up to 750 employees and an annual turnover under €150 million, these firms would face smaller, more proportionate compliance penalties, extending protections previously reserved only for SMEs and startups.
Summary of Changes
For a quick reference on how the landscape is shifting, see the comparison table below.
| Area of Change | Current EU AI Act Status | Proposed Amendment (Digital Omnibus) |
| Compliance Timeline | Obligations for high-risk AI apply starting Aug. 2, 2026 | Delayed application. New deadline: 6-12 months after standards approved OR late 2027/2028 |
| AI Literacy | Legal obligation for providers to ensure staff literacy | Downgraded. States will “encourage” providers to foster literacy |
| Supervision | Distributed among national authorities and the AI Office | Centralized. The AI Office becomes the primary authority for vertically integrated GPAI systems |
| Database Registration | Mandatory even for systems claiming an exemption (derogation) | Removed for derogations. Documentation must be kept but registration is not required |
| Penalties | Proportional penalties primarily for SMEs/Startups | Expanded. “Small Mid-Caps” (<750 staff) also get reduced penalties |
How Did We Get Here? The “Regulatory Tsunami”
The EU has consistently sought to export its regulatory standards globally, a phenomenon known as the Brussels effect. This was clearly visible with the GDPR, which attempts to push major American enterprises to align their privacy frameworks with EU law despite the lack of a federal U.S. equivalent.
However, the sheer volume of legislation has become a liability. “It goes without saying that there has been an absolute explosion of new EU laws and regulations that are relevant to the digital world” (Zenner et al., 2025, p. 1). According to their comprehensive dataset, the EU digital sector is now governed by over 100 different laws across 12 thematic areas, creating, in the words of these experts, a “tsunami of legislative measures” that even the most experienced experts struggle to keep up with. For AI governance professionals, this complexity is acute. A single AI system often triggers requirements across the GDPR, the AI Act, and cybersecurity mandates simultaneously.
Pressure to simplify has intensified from both within and outside the EU. Reports indicate that U.S. industry lobbyists and the Trump administration have pushed back against EU digital laws, citing the burden on American companies.
The “Draghi Report” Factor
A major catalyst for this proposal was the September 2024 report “The Future of European Competitiveness“. Authored by Mario Draghi, former President of the European Central Bank, the report frames the EU’s economic challenges in stark terms. Draghi (2024) argues that the EU’s complex regulatory environment significantly impedes innovation. The report highlights critical pressures, noting that “55% of SMEs cite regulatory obstacles as their greatest challenge” (Draghi, 2024). The report further warns of a widening innovation gap between the EU, the U.S., and China.
Particularly relevant to AI governance, Draghi (2024) criticizes “the EU’s precautionary approach to tech regulation (such as strict compute thresholds for AI models)” which “often stifles growth before it can begin” (p. 228). The Digital Omnibus Package appears to be the Commission’s direct legislative answer to Draghi’s call to reignite growth by reducing the regulatory burden.
What Comes Next? The Long Road to Law
While the Commission’s proposal is a significant signal of intent, it is not yet law. The Digital Omnibus Package must now undergo the ordinary legislative procedure, requiring approval from both the European Parliament and the Council of the EU. This process involves intense trilogue negotiations that are famously complex. On average, it takes the EU 19 months to move from a proposal to a widely adopted law.
For educational institutions engaged in transatlantic partnerships, current regulatory evolution demands vigilant monitoring and proactive compliance planning. The tension between regulatory simplification and maintaining high standards will shape the future of AI governance in international higher education collaboration.
Stakeholders should expect the text to change as Parliament and Member States debate the details. However, the direction of travel is clear. Brussels is attempting to pivot from a purely regulatory approach to a model that balances safety with the urgent need for competitiveness.
References
- Cowin, J. (2025). Brussels releases the European Union general-purpose AI code of practice. Stankevicius. Brussels Releases The European Union General-Purpose AI Code of Practice – Stankevicius
- Cowin, J. (2025, November 6). The European AI Act and its implications for New York State higher education institutions. Rockefeller Institute of Government. The European AI Act and Its Implications for New York State Higher Education Institutions | Rockefeller Institute of Government
- Draghi, M. (2024, September). The future of European competitiveness: In-depth analysis and recommendations. European Commission. https://commission.europa.eu/document/download/ec1409c1-d4b4-4882-8bdd-3519f86bbb92_en?filename=The%20future%20of%20European%20competitiveness_%20In-depth%20analysis%20and%20recommendations_0.pdf
- European Commission. (2025, July 10). The general-purpose AI code of practice. https://digital-strategy.ec.europa.eu/en/policies/ai-code-practice
- European Commission. (2025, November 19). Digital omnibus regulation proposal. Shaping Europe’s digital future. https://digital-strategy.ec.europa.eu/en/library/digital-omnibus-regulation-proposal
- Zenner, K., Marcus, J. S., & Sekut, K. (2025, July). A dataset of EU legal and policy instruments for the digital world. Centre for European Policy Studies (CEPS). https://cdn.ceps.eu/2025/08/CEPS-Zenner-Dataset-July-2025.pdf
Dr. Jasmin (Bey) Cowin, a columnist for Stankevicius, employs the ethical framework of Nicomachean Ethics to examine how AI and emerging technologies shape human potential. Her analysis examines the risks and opportunities that emerge from tech trends, providing personal insights into the interplay between innovation and ethical values. Connect with her on LinkedIn.
