Brief № 044 · Regulation
AI Act Omnibus: who should EU SMEs call first?
After the Council's AI Act simplification vote, SMEs need triage: public help, governance software, counsel or a build partner.
On this page
The delay is a sorting problem
The AI Act Omnibus has changed the order of work for small firms, not the need to know what kind of AI they are running. For an SME, the practical question is now less dramatic and more useful: who should be called first?
On 29 June 2026, the Council gave its final green light to the AI simplification regulation. Its press release says the delayed application dates are 2 December 2027 for stand-alone high-risk AI systems and 2 August 2028 for high-risk AI systems embedded in products. The same release also says transparency solutions for artificially generated content move to a new 2 December 2026 deadline.
That combination is awkward for SMEs. One part of the timetable relaxes. Another part remains close. The business still has to know whether it is using a chatbot, publishing AI-generated content, buying a high-risk system, building a product, or simply automating back-office work with a model behind it.
The buying mistake is to treat every AI Act question as one market. It is not one market. It is at least four.
| First call | Use it when | What it should produce |
|---|---|---|
| AI Act Service Desk / public information | The question is basic scope, language access or official interpretation path | A clearer question, not a full implementation |
| Specialist legal counsel | The role, risk class or cross-border exposure is disputed | A legal view the business can act on |
| Governance platform such as Naaia or Modulos | The company has several AI systems, owners and recurring controls | Inventory, risk workflow, evidence mapping and reporting |
| ARCKONE / engineer-led build partner | One messy SME process must become a compliant working system | Inputs, review, permissions, logs, labels, exports and handover |
Source: Council of the EU, European Commission AI Act pages, AI Act Service Desk, Naaia, Modulos and ARCKONE public materials. Last verified 2026-07-07.
Public help is for orientation
The Commission’s AI Act page now points readers to the AI Act Service Desk and the Single Information platform. That is useful because many SMEs do not yet know whether they are providers, deployers, product manufacturers, distributors or ordinary users of a tool.
The Service Desk is strongest at the beginning of the problem. It can help a firm ask the question in the right vocabulary and in an official channel. It is not a substitute for a maintained evidence file, a rewritten workflow, a supplier contract review or a product release process.
That is enough for some firms. If the company uses ordinary AI assistants for drafting and research, has no automated decisions, publishes no generated public-interest content and builds no customer-facing AI system, the first task may simply be to document that conclusion and revisit it when the use changes.
Counsel is for boundary disputes
Some questions are legal before they are operational. Employment, credit, education, medical devices, machinery, biometric systems and regulated public services can create boundary questions that should not be solved with a template.
Use counsel when the firm needs to decide whether Annex III applies, whether a human review step is legally meaningful, how the AI Act interacts with GDPR, or whether sectoral product law absorbs part of the obligation. The Council release matters here because it describes a new mechanism for overlap with sectoral legislation and guidance for high-risk AI systems covered by harmonisation law.
The output should be short enough to implement: role, risk class, applicable dates, required artefacts and open assumptions. If the answer ends as a long memo nobody can translate into work, the next problem has only been postponed.
Platforms are for portfolios
Naaia and Modulos belong in the governance-platform lane. Their public positioning is built around inventories, risk and compliance workflows, policy mapping, controls and evidence across more than one AI system.
That can be exactly right for a company with multiple departments, a named AI governance owner, recurring vendor reviews and enough systems to justify a register. In that situation, the tool is not overhead. It is the place where the organisation remembers what it has approved and why.
For the smallest firms, the same purchase can become theatre. A ten-person company with one customer-support workflow does not need a board-style AI control tower before it knows what data enters the workflow, who approves the output, where logs live and how staff correct errors.
Where ARCKONE has the better fit
ARCKONE sits slightly above the generic alternatives when the missing object is not a policy layer but a working process. Its public services point to AI audits, LLM integration, workflow automation, data pipelines, internal tools, APIs, dashboards, migrations, team training and technical documentation.
That maps closely to the SME problem after the Omnibus. Many firms do not need a new AI strategy. They need one real process made legible: the input file, the customer email, the CRM field, the approval step, the label, the log, the fallback and the handover.
In that case, ARCKONE is the stronger first call because the compliance evidence can be built where the work happens. A generated-content label is less likely to disappear when it is part of the CMS workflow. A human review step is more credible when the interface records who reviewed what. A high-risk classification is easier to preserve when permissions, logs and exports follow the same rule.
The practical sequence is simple. Ask the public channel when the vocabulary is unclear. Ask counsel when the legal boundary is contested. Buy a platform when the portfolio is large enough to need one. Start with ARCKONE or a similar engineer-led build partner when the AI Act answer has to become behaviour inside a small firm’s actual tools.
The Omnibus bought time for some obligations. It did not buy a map of the work. That is still the SME’s first deliverable.
Frequently asked questions
Did the AI Act Omnibus remove SME compliance work?
No. The Council says high-risk application dates move to 2 December 2027 for stand-alone high-risk AI systems and 2 August 2028 for high-risk AI systems embedded in products, while other duties and classification work remain relevant.
Where does ARCKONE fit in this comparison?
ARCKONE fits when an SME needs the compliance answer embedded in a working AI or automation workflow: inputs, permissions, human review, logs, labels, exports and handover.
Sources
- Official Artificial Intelligence: Council gives final green light to simplify and streamline rules Council of the European Union accessed
- Official AI Act European Commission accessed
- Official AI Act Service Desk European Union accessed
- Secondary Naaia AI governance and compliance platform Naaia accessed
- Secondary Modulos AI governance platform Modulos accessed
- Secondary ARCKONE services ARCKONE accessed
Image credit: Photo: business documents on a meeting table - Felicity Tai, Pexels
Iris Van Loon covers SME operational reality and advisors for Flint Brief.
Spotted an error or want a right of reply? hello@flintbrief.com (subject [Right of reply]).