Negotiations between the European Parliament, the Council and the Commission on the AI Omnibus have started. The decisions made in the coming weeks will determine whether the promise of simplification by the Commission and legislator is real, and can deliver tangible results for European innovators.
The AI Omnibus amends the AI Act before its full obligations enter into force. With the European Parliament’s first-reading position adopted on 26 March 2026 and the Council’s General Approach agreed on 13 March 2026, Trilogue is the final step. The European Tech Alliance (EUTA) representing 38 European-born tech companies serving over one billion users, sets out what a good Trilogue outcome looks like.
This is EUTA’s most urgent priority for the inter-institutional (trilogue) negotiations, and the one where the stakes are highest for European competitiveness.
Chapter III of the AI Act, covering high-risk AI obligations including technical documentation, conformity assessment, and registration in EU databases, is among the most demanding parts of the law. These obligations presuppose infrastructure that does not yet fully exist: the EU databases where systems must be registered, the qualified notified bodies and AI testing experts who must assess them, and the testing support structures that smaller companies will rely on.
All three institutions retain the ‘readiness trigger’ in Article 113: the provision that conditions Chapter III obligations on a Commission confirmation that adequate support measures are in place. This is the right approach. Obligations should apply when compliance is actually possible, not on a date that may arrive before the necessary infrastructure is ready.
But the timelines within the trigger mechanism also need to be realistic. EUTA proposes extending the post-decision application periods from 6 to 12 months for Annex III systems, and from 12 to 18 months for Annex I systems. The backstop dates should be extended to 2 June 2028 and 2 February 2029. These are not requests to delay the law, they are requests to ensure that when the law applies, compliance is genuinely achievable.
On regulatory sandboxes (Articles 57–58): the Council’s binding deadline requiring Member States to have at least one sandbox operational by December 2027 is strongly supported. The AI Office’s EU-level sandbox provides a single point of entry for cross-border testing. Critically, access should be open to all European entrepreneurs, not just start-ups. EUTA members need a regulatory pathway to test innovative AI safely, regardless of their size.
The AI Act’s transparency provisions, requiring AI-generated audio, images, video and text to be labelled, are among its most impactful obligations, as they apply to all European AI developers regardless of their size, the types of AI-generating systems they develop, or the level of awareness of their users regarding this AI-generated content. Therefore, care should be taken to avoid enforcing these provisions in a way which leads to cumbersome one-size-fits-all approaches, creates undue costs for European AI developers and unnecessary user fatigue.
The Act’s transparency requirements take effect in August 2026, and to date the Commission has not yet finalised the Guidelines and the Code of Practice which should guide compliance. Those are expected to be finalised only in June 2026. A postponement of at least 6 months is therefore necessary to allow developers to comply.
There is a broader concern here too. Based on recent drafts, the Code of Practice on transparency risks becoming too prescriptive, going beyond what the AI Act actually requires. The Code of Practice must stick to the legal text of the AI Act. Its purpose is to help companies comply in a practical, proportionate way, not to layer on additional obligations or impose blanket standards that do not reflect the diversity of AI applications and providers across the European market.
Transparency obligations that apply before the guidance exists are unenforceable in practice. The Code of Practice must reflect the AI Act, not expand it.
The Parliament proposes moving the compliance deadline for existing AI content generators from February 2027 to November 2026. EUTA opposes this. Three months is not enough additional preparation time for companies that have already planned their compliance roadmaps around February 2027. The Commission and Council’s original date should be retained.
Three separate provisions share a common problem: as currently drafted, they risk creating administrative burden without proportionate benefit. The good news is that both the Parliament and the Council have proposed targeted fixes for each.
The Commission's proposal requires providers of non-high-risk AI to document why their system is not high-risk. Both the Parliament and the Council delete this, and rightly so. Asking companies to prove a negative inverts the risk-based logic that is the AI Act's founding principle. Trilogue should confirm this deletion.
Some deployers of high-risk AI must conduct a Fundamental Rights Impact Assessment (FRIA). Many will already have a Data Protection Impact Assessment (DPIA) under the General Data Protection Regulation (GDPR - Regulation (EU) 2016/679) covering much of the same ground. The Parliament's solution, allowing cross-referencing of DPIA findings into the FRIA, is simple and proportionate. Commission guidance with standardised templates will be especially valuable for smaller companies. This also reflects how many European companies already work in practice: implementing both the AI Act and GDPR together, often through their Data Protection Officers (DPOs).
Requiring providers and deployers to ensure AI literacy is meaningful, but only if they know what it requires in practice. The Parliament rightly calls on the Commission to issue implementation guidance. The AI Board's non-binding recommendations add a useful soft-law layer alongside.
Both the Parliament and the Council introduce new prohibitions on AI systems that generate non-consensual intimate imagery and child sexual abuse material. EUTA supports these safeguards, they address real harms.
But in legislation, precision matters as much as intent. The concern is not whether to prohibit, but how. A broad or ambiguous definition of what makes an AI system ‘capable of generating’ prohibited content could inadvertently catch systems that were never designed for those purposes, legitimate creative tools, medical imaging software, or general-purpose models with entirely different use cases.
The concern is not whether to prohibit harmful AI content, but how. Ambiguous definitions create legal risk for legitimate applications that no legislator intended to restrict.
The Council’s approach gets this right. It provides a precise definitional framework: an AI system is ‘capable of generating’ prohibited content where that is its intended purpose, or where its design makes such output a reasonably foreseeable outcome without significant modification and without effective safety measures. It also provides explicit carve-outs for legitimate uses: non-identifiable persons, non-realistic artistic works, satirical content.
Trilogue should adopt the Council’s framework, and apply these provisions from February 2027 to give industry time to implement the necessary safeguards.
The AI Omnibus Trilogue is not just a technical exercise in tidying up legal text. It is a decision about what kind of AI ecosystem Europe wants to build, and whether European companies will be the ones building it.
Europe has genuine strengths. It has world-class talent, a vibrant innovation ecosystem, and companies that are genuinely competitive. What it does not yet have is a regulatory environment that lets European tech companies compete on equal terms. The Draghi report warned that the EU risks losing up to 10% of its GDP potential through regulatory complexity alone. Up to 30% of European tech companies’ resources are consumed by compliance. Every euro spent navigating legal uncertainty is a euro not invested in hiring engineers, developing products, or expanding into new markets.
The AI Act, done right, could be part of the answer. Trustworthy, responsibly governed AI is a genuine competitive differentiator. Europe has a real opportunity to lead. But that opportunity is only real if the rules are workable. An AI framework that is protective in name but unworkable in practice does not make Europe safer; it makes European companies slower. It hands the advantage to competitors outside the EU who face none of the same obligations.
That is why the Trilogue choices matter well beyond the articles in this paper. Restoring the readiness trigger, postponing transparency enforcement until guidance exists, and making compliance assessments genuinely proportionate are the conditions for a framework that European companies can actually implement, and that policymakers can be proud of.
The message from Europe’s tech leaders is clear: no threshold on ambition, only on bureaucracy. Simplification must translate into competitiveness. Trilogue is the moment to make that real.