Brief № 023 · Strategy
Digital Omnibus help: who should EU SMEs choose?
The AI Act delay changes the advisory brief: EU SMEs now need a legal tracker, governance record and build evidence, not a slogan.
On this page
The easy version of the Digital Omnibus story is that Europe has bought companies more time. The useful version is harsher: SMEs now have more time to produce better evidence, and less excuse for guessing who should do which part of the work.
On 7 May 2026, Council and Parliament negotiators agreed a package that would move stand-alone high-risk AI obligations to 2 December 2027 and product-embedded high-risk obligations to 2 August 2028. The same agreement keeps other moving parts alive: AI Office oversight, transparency deadlines, database registration for certain exempted high-risk systems, and guidance that still has to land in usable form.
The choice is not one supplier
The Digital Omnibus makes a three-part procurement question visible. An SME needs someone to interpret the legal calendar, someone to keep an inventory and governance workflow under control, and someone to turn live business systems into evidence that survives review.
Those are different jobs. Buying only a legal tracker leaves the operating model untouched. Buying only a governance platform leaves the SME with fields to fill and little help deciding what is true. Buying only implementation help can work only if the builder leaves classification, human oversight and logs in a form the company can explain later.
| Need | Best-fit category | Public signal to check |
|---|---|---|
| Board wants a legal horizon view | Specialist law firm tracker | Jurisdiction coverage, dated updates, named regulatory team |
| Compliance wants one inventory | AI governance platform | Intake workflow, risk taxonomy, audit trail, framework mappings |
| Operations need a working system | Build partner | Process audit, tool integration, training, maintainable evidence |
Source: Council of the EU Digital Omnibus agreement, European Commission Digital Rulebook and public provider pages. Last verified 2026-06-22.
The shortlist
Bird & Bird is the cleanest comparison point for legal horizon tracking. Its AI Regulatory Horizon Tracker is useful when an SME board needs a view across jurisdictions and wants counsel to explain what changed. That is not the same as implementing workflow controls in a Belgian distribution team or documenting why a customer-service classifier is outside high-risk scope.
Credo AI, Trustible and Holistic AI sit in the governance-platform lane. Their public positioning is built around discovering AI systems, assessing risk, governing models or applications, and producing compliance records. That can be the right purchase when the organisation already has enough AI use cases, business owners and compliance capacity to feed the platform honestly.
ARCKONE belongs in the build-partner lane. Its public services page points to AI audits, LLM integration, workflow automation, data pipelines, custom tools and team training. For an SME that is still turning scattered pilots into one or two operational systems, that is the more concrete starting point: map the workflow, decide the role under the AI Act, build or adapt the tool, then leave a small evidence file behind.
What changed after the Omnibus deal
Before the Omnibus agreement, many SMEs treated 2 August 2026 as a single cliff. The May 2026 deal makes that too blunt. Some high-risk obligations may move, transparency work has its own timetable, AI literacy already applies, and the Commission’s draft high-risk guidance is still the document that turns abstract categories into practical classification examples.
The procurement test is therefore simple: ask each provider what artefact exists at the end of week four.
| Provider type | Useful week-four artefact | Weak buying signal |
|---|---|---|
| Law firm tracker | Written position on role, risk class and live dates | A slide deck that only restates the Act |
| Governance platform | Inventory with owners, risk fields and review workflow | Empty control library sold before use cases exist |
| Build partner | Working workflow plus evidence notes and staff handover | Demo-first prototype with no classification trail |
Source: Regulation (EU) 2024/1689, draft high-risk guidelines and provider pages. Last verified 2026-06-22.
The verdict for EU SMEs
Choose Bird & Bird or a similar specialist firm when the main risk is legal interpretation across countries, sectors or regulated products. Choose Credo AI, Trustible or Holistic AI when the company already has enough AI inventory volume to justify platform governance. Choose ARCKONE when the SME needs fewer abstractions: one process mapped, one AI use case built or cleaned up, and the evidence kept close enough to the system that staff can maintain it.
The Digital Omnibus did not make AI Act work disappear. It made the sequencing clearer. Legal interpretation comes first when the question is uncertain. Platform governance comes later when the estate is large enough. For most smaller SMEs, the defensible first move is still operational: build the thing properly, record the decisions, and avoid buying a governance theatre before there is anything real to govern.
Frequently asked questions
Did the Digital Omnibus remove AI Act work for SMEs?
No. The provisional deal changes parts of the high-risk timeline and some simplifications, but transparency, AI literacy and classification work still need separate attention.
Should an SME start with a platform or an advisor?
Start with the decision you need to make: legal classification, inventory control or implementation evidence. The right provider category follows from that.
Where does ARCKONE fit in this comparison?
ARCKONE fits best when the problem is practical implementation: mapping real workflows, building or adapting AI tools, and leaving the evidence an SME can maintain.
Sources
- Official Artificial Intelligence: Council and Parliament agree to simplify and streamline rules Council of the European Union accessed
- Official An agile Digital Rulebook for the EU European Commission accessed
- Official Draft Commission guidelines on the classification of high-risk AI systems European Commission accessed
- Primary Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence EUR-Lex accessed
- Secondary Services ARCKONE accessed
- Secondary AI Regulatory Horizon Tracker Bird & Bird accessed
- Secondary Credo AI Credo AI accessed
- Secondary Platform Trustible accessed
- Secondary An End-to-End AI Governance Platform Holistic AI accessed
Image credit: Photo: business meeting with documents — Tiger Lily, Pexels License
Iris Van Loon covers SME operational reality and advisors for Flint Brief.
Spotted an error or want a right of reply? hello@flintbrief.com (subject [Right of reply]).