EU Digital Omnibus in Trilogue: What German SMEs Need to Know Now
7 min read
As of: 22 April 2026
In April 2026, the European Parliament adopted its negotiating position on the Digital Omnibus, and trilogue talks with the Council and Commission have been underway since this week. The Cypriot Presidency of the Council aims to reach a final agreement by May. For Germany’s SME sector, this means a package is now on the table that promises to cut red tape by 25 to 35 percent, with estimated savings of six billion euros by 2029, and deferred compliance deadlines for the EU AI Act. Three key questions will determine whether the package truly eases the burden for your business—or simply shifts bureaucracy elsewhere.
Key takeaways
- Parliament’s position set: In April 2026, the European Parliament adopted its draft, calling for extended deadlines for the AI Regulation and relief measures for SMEs (Datenschutzticker, April 2026).
- Trilogue underway since April, conclusion by May: The Commission, Council, and Parliament are now negotiating compromises, with the Cypriot Presidency targeting an agreement by May 2026.
- 6 billion euros in relief: The Commission estimates that the package will reduce compliance costs by 25 to 35 percent by 2029, amounting to around six billion euros in total savings.
- Core adjustments: Watermarking obligations, AI Regulation deadlines for existing systems, and DSA reporting requirements are being recalibrated. For SME IT teams, this means rethinking already planned implementations.
- Straight talk for SMEs: Compliance costs for the EU AI Act are estimated at up to 600,000 euros per mid-sized company. Without the Omnibus relief, DACH businesses will feel the impact.
RelatedEU AI Act from August: What tech teams need to clarify / CSRD Omnibus for SMEs
What the Digital Omnibus is—and who’s driving it
What is the Digital Omnibus? The Digital Omnibus is an EU omnibus law that streamlines multiple digital regulations at once to cut red tape. The current package includes amendments to the AI Act, the Digital Services Act (DSA), the Data Act, and related regulations. The initiative was sparked by the Draghi Report, which identified Europe’s regulatory density as a barrier to innovation. It also responds to the political mandate to measurably ease the burden on European competitiveness.
For Germany’s SMEs, this isn’t some abstract Brussels debate—it’s a very real lever. Compliance costs for the EU AI Act are estimated at up to 600,000 Euro in one-off expenses, plus ongoing costs, for mid-sized companies using AI systems in the medium-high risk category. If you’re running a dozen AI use cases—think chatbots, content generators, or recommendation engines—you’re quickly looking at six-figure annual costs just for documentation, audits, and risk management. That’s exactly where the Omnibus aims to ease the pressure.
The key players are the European Commission under Ursula von der Leyen, Cyprus’s Council Presidency, and a cross-party majority in Parliament. Opposition comes, predictably, from digital rights and consumer protection groups, who see excessive deregulation as a watering-down of the AI Act and DSA. The Trilogue compromise won’t deliver everything industry associations are demanding, but substantial relief is on the table.
Source: European Commission, Impact Assessment Digital Omnibus, March 2026
What’s set to change in practice
Three core adjustments will directly impact SME tech teams. First, the AI Act: For existing AI systems deployed before 2 August 2026, high-risk obligations will be phased in gradually instead of all kicking in on the deadline. That gives teams breathing room if they’re still knee-deep in risk classification and documentation come spring 2026. Second, DSA reporting: Online services below a certain threshold will see simplified, harmonised annual transparency reports. Third, watermarking for AI-generated content: Requirements will be streamlined and focused on clearly identifiable use cases.
For Germany’s SMEs, the AI Act relief is the headline change. If you’re running an existing customer-service chatbot, an e-commerce recommendation engine, or an AI-powered HR tool, you’ve had just three months to achieve full compliance—until now. The Omnibus stretches that timeline into phased deadlines up to 2027 or 2028, depending on the risk class. It’s not a free pass, but it’s a realistic schedule.
At the same time, the AI Act’s core requirements remain intact. High-risk systems in sensitive areas like hiring, credit scoring, or law enforcement still demand full conformity assessments, transparency documentation, and human oversight. If you’re operating such a use case and think the Omnibus lets you off the hook, you’ve misunderstood the package.
Timeline to Agreement
The timeline is ambitious. If trilogue talks drag on or individual member states raise objections, agreement could slip into the second half of the year. For SME teams, this means: don’t wait for the Omnibus, but keep your implementation plan flexible.
Three Questions That Need Answers Now
First: Which in-house AI use cases are potentially high-risk? If you haven’t inventoried these, you have a gap that must be closed regardless of the Omnibus. Classifying according to the AI Act’s risk categories is mandatory work that can’t be postponed—high-risk obligations will remain in place even with the Omnibus.
Second: Where can I rely on Omnibus relief? For systems below the high-risk threshold and existing AI applications, the new deadlines are realistically manageable once the final text is set. If you’re already preparing documentation, nothing is wasted—the core structure will still be required under the Omnibus.
Third: What costs can I realistically save? The Commission’s €600,000 estimate won’t apply to every company. If you have just two or three medium-risk use cases, you’re looking at a five-figure sum. With ten or more use cases and your own ML platform, costs easily reach six figures. An honest inventory reveals where the real expenses lie.
What Remains for SMEs
The pragmatic take from a business perspective: The Digital Omnibus is a step in the right direction, but not a free pass. AI regulation is coming—and it’s coming hard. The Omnibus buys time, provides breathing room, and introduces more nuanced thresholds. But it doesn’t replace the internal homework. Companies that start building clean AI governance, documenting data classes, and classifying their use cases now will benefit regardless of the final Omnibus text.
Those who wait for the Omnibus and push their own classification to autumn risk losing three to four months—time that could become critically tight under legal pressure. The honest answer to management is: build structure, stay flexible, don’t speculate. Do this now, and you’ll be on the safe side come 2 August 2026, no matter how the trilogue plays out.
Conclusion
The April 2026 Digital Omnibus trilogue presents a real opportunity for Germany’s SME sector to cut compliance costs on a meaningful scale. But let’s keep a level head. High-risk AI will remain strictly regulated, and classifying your own systems is non-negotiable. Implementation takes time. If you wait until May to read the final text and only then start structuring your approach, you’ll lose the entire summer. Start your inventory now, and you’ll have room to manoeuvre by August.
Frequently Asked Questions
Has the Digital Omnibus been finalised yet?
Not yet. Parliament adopted its position in April 2026, trilogue negotiations with the Commission and Council are underway, and a deal is targeted for May 2026. The official text may still change in the fine print.
Does the Omnibus affect small businesses that don’t use AI?
Hardly at all. If you don’t operate AI systems or a significant online platform, you won’t be impacted by the AI Act or DSA components of the Omnibus. However, indirect adjustments under the Data Act and other regulations may still apply.
Should we pause our AI Act compliance project or keep going?
Keep going. Classifying your AI use cases, auditing your data flows, and building a governance framework are mandatory regardless of the Omnibus. Only the final deadlines for full implementation may shift.
Does the Omnibus change the high-risk classification for certain systems?
The core risk classification remains intact. Changes primarily affect transition periods for existing systems and the specifics of watermarking and transparency requirements. High-risk categories like recruitment or credit scoring will stay fully regulated.
How can I stay updated without reading every Brussels document myself?
Bitkom, BDI, and DIHK publish trilogue updates, the Commission’s Directorate-General for Connect provides direct briefings, and law firms with Brussels offices offer client updates. Subscribing to two or three trusted sources is enough to track the negotiation status.
Editor’s Picks
Source: Pexels / Petrit Nikolli (px:22046935)
