EU AI Act August 2026 Current-Law Baseline: SME Digital Omnibus Planning

Q: Can SMEs wait until 2027 because of the Digital Omnibus?

No. SMEs should not treat the Digital Omnibus provisional agreement as permission to pause. Inventory, vendor mapping, AI literacy, prohibited-practices screening, and disclosure decisions are low-regret tasks that should continue while final legal text is pending.

Q: Which EU AI Act tasks should SMEs still do now?

SMEs should identify AI use cases, record system owners, capture vendor evidence, screen prohibited practices, document AI literacy activity, and check Article 50 disclosure triggers. These tasks create a useful evidence baseline without assuming final high-risk dates.

Q: Does the Digital Omnibus apply automatically?

No. The Digital Omnibus provisional agreement does not change the legal text automatically. The agreement must be formally adopted and published before it changes obligations. SMEs should track the status and keep current-law planning separate from provisional-agreement planning.

Q: What is the minimum evidence file for an SME deployer?

A minimum SME evidence file should include an AI system list, purpose and user group, vendor/provider, data categories, owner, risk route, disclosure trigger, training record, and decision log. This is readiness evidence, not proof of compliance.

Q: When should an SME ask a lawyer or DPO to review its position?

An SME should seek legal, privacy, or DPO review when AI is used in employment, education, credit, essential services, biometric processing, health, public-facing disclosure, or sensitive personal-data contexts. EU AI Compass supports triage, not final legal advice.

EU AI Act August 2026 Current-Law Baseline: SME Planning After the Digital Omnibus Agreement

EU AI Act timeline update showing current-law baseline and Digital Omnibus planning track

The law needs sequence, not countdown theatre.

The right question is not “How many days are left?” The right question is “What do we need to complete now under current law, and what can be staged if the proposal track later changes?”

Current law first, proposal second

Confirmed current-law deadlines

Article 5 prohibited practices: applied from 2 February 2025.
Article 4 AI literacy: applied from 2 February 2025.
GPAI obligations: applied from 2 August 2025.
Article 50 and Annex III main phase: 2 August 2026.

Proposal track you should monitor

Omnibus could shift some high-risk timing if adopted.
That proposal remains procedurally active, not final.
You should track it, not bet your compliance posture on it.
Build dual timelines into internal planning and customer communication.

The rational operating model is simple: run your programme against the confirmed baseline while carrying a proposal overlay for Board-level planning and resource sequencing.

Five-step SME compliance plan showing inventory, classification, prohibited-practice screening, Annex III controls, and documentation readiness under the current-law August 2026 baseline — Do the work in the right order. Sequence beats panic.

The 5-step action plan for SMEs

1. Build your AI inventory. Record every system you build, deploy, or procure, including embedded AI features inside third-party software. Shadow AI is still the easiest way to fail this law by accident.

2. Classify each system. Separate prohibited, high-risk, transparency-relevant, GPAI-related, and minimal-risk use cases. Do not dump everything into one “AI” bucket.

3. Screen Article 5 and Article 4 first. These are already applicable and are the fastest route to immediate legal exposure or avoidable operational weakness.

4. Prioritise Annex III and Article 50 workstreams. High-risk evidence, documentation, and transparency design should run as parallel tracks, not sequential afterthoughts.

5. Centralise documentation. Regulators will inspect evidence before they admire architecture diagrams. If a control is not evidenced, it is weak. If a decision is not documented, it will be attacked.

What regulators are likely to inspect first

Visible prohibited-practice exposure.
Whether you can classify your systems coherently.
Whether documentation exists for systems you call high-risk or transparency-relevant.
Whether staff dealing with AI have any defensible literacy measures at all.

What this means for SMEs with limited budget

Do not wait for perfect standards. Do not wait for final codes. Do not wait for the Omnibus to “save” you. Inventory, classification, literacy, prohibited-practice screening, ownership, and evidence collection are good investments under every scenario.

For a cleaner split between current law and the proposal track, read the confirmed vs proposed timeline page. For first-pass triage, use the 2-minute quick quiz and the 12-question Compliance Checker.

About the author: Abhishek G Sharma is the founder of Move78 International Limited. He holds ISO 42001 Lead Auditor, CISA, CISM, CRISC, and CEH certifications. He brings over 20 years of practitioner experience in cybersecurity, AI governance, and enterprise risk management.

Disclaimer: This analysis is for educational purposes only and does not constitute legal advice. Consult qualified counsel for binding compliance decisions. Last updated: 9 May 2026.

Need More Practical Guidance?

Explore the free EU AI Compass tools and guides to classify your use case, understand your obligations, and move to the next compliance step.

12-Question Compliance Checker Read the Guides

Source basis

Source basis: Regulation (EU) 2024/1689, AI Act Service Desk Article 113, and the Council of the EU 7 May 2026 provisional-agreement notice where applicable.

Use note: This page is educational only and is not legal advice, a conformity assessment, or a compliance guarantee.

Digital Omnibus update, 9 May 2026

Digital Omnibus update, 9 May 2026: EU co-legislators reached a provisional agreement that would change parts of the EU AI Act implementation timeline if formally adopted and published. SMEs should not pause evidence work. EU AI Compass separates the current-law 2 August 2026 baseline from the Digital Omnibus provisional-agreement track.

SME and small mid-cap watch

The official 7 May 2026 Digital Omnibus provisional agreement would extend certain SME-related simplification measures to small mid-cap enterprises if formally adopted and published. SMEs and small mid-caps should still maintain AI inventories, role classifications, vendor evidence, and Article 50 trigger records because the final legal text and national implementation details remain pending.

Digital Omnibus planning FAQ

Can SMEs wait until 2027 because of the Digital Omnibus?

Which EU AI Act tasks should SMEs still do now?

Does the Digital Omnibus apply automatically?

What is the minimum evidence file for an SME deployer?

When should an SME ask a lawyer or DPO to review its position?

Last evidence review date: 9 May 2026

Source basis: Regulation (EU) 2024/1689 remains the current published EU AI Act baseline. This page also tracks the official 7 May 2026 Digital Omnibus provisional agreement reported by the Council of the EU and welcomed by the European Commission. The agreement still requires endorsement, legal/linguistic revision, formal adoption, and publication before it changes the legal text. Source links: AI Act Article 113, Council provisional agreement, 7 May 2026, European Commission press statement, 7 May 2026. This page is for operational planning and is not legal advice.