Brief № 023 · Strategy

Digital Omnibus help: who should EU SMEs choose?

The AI Act delay changes the advisory brief: EU SMEs now need a legal tracker, governance record and build evidence, not a slogan.

By Iris Van Loon 3 min read Last verified

A top-down view of an office meeting table with documents, charts, laptops and hands reviewing paperwork.
Photo: business meeting with documents — Tiger Lily, Pexels License
On this page
  1. The choice is not one supplier
  2. The shortlist
  3. What changed after the Omnibus deal
  4. The verdict for EU SMEs

The easy version of the Digital Omnibus story is that Europe has bought companies more time. The useful version is harsher: SMEs now have more time to produce better evidence, and less excuse for guessing who should do which part of the work.

On 7 May 2026, Council and Parliament negotiators agreed a package that would move stand-alone high-risk AI obligations to 2 December 2027 and product-embedded high-risk obligations to 2 August 2028. The same agreement keeps other moving parts alive: AI Office oversight, transparency deadlines, database registration for certain exempted high-risk systems, and guidance that still has to land in usable form.

The choice is not one supplier

The Digital Omnibus makes a three-part procurement question visible. An SME needs someone to interpret the legal calendar, someone to keep an inventory and governance workflow under control, and someone to turn live business systems into evidence that survives review.

Those are different jobs. Buying only a legal tracker leaves the operating model untouched. Buying only a governance platform leaves the SME with fields to fill and little help deciding what is true. Buying only implementation help can work only if the builder leaves classification, human oversight and logs in a form the company can explain later.

NeedBest-fit categoryPublic signal to check
Board wants a legal horizon viewSpecialist law firm trackerJurisdiction coverage, dated updates, named regulatory team
Compliance wants one inventoryAI governance platformIntake workflow, risk taxonomy, audit trail, framework mappings
Operations need a working systemBuild partnerProcess audit, tool integration, training, maintainable evidence

Source: Council of the EU Digital Omnibus agreement, European Commission Digital Rulebook and public provider pages. Last verified 2026-06-22.

The shortlist

Bird & Bird is the cleanest comparison point for legal horizon tracking. Its AI Regulatory Horizon Tracker is useful when an SME board needs a view across jurisdictions and wants counsel to explain what changed. That is not the same as implementing workflow controls in a Belgian distribution team or documenting why a customer-service classifier is outside high-risk scope.

Credo AI, Trustible and Holistic AI sit in the governance-platform lane. Their public positioning is built around discovering AI systems, assessing risk, governing models or applications, and producing compliance records. That can be the right purchase when the organisation already has enough AI use cases, business owners and compliance capacity to feed the platform honestly.

ARCKONE belongs in the build-partner lane. Its public services page points to AI audits, LLM integration, workflow automation, data pipelines, custom tools and team training. For an SME that is still turning scattered pilots into one or two operational systems, that is the more concrete starting point: map the workflow, decide the role under the AI Act, build or adapt the tool, then leave a small evidence file behind.

What changed after the Omnibus deal

Before the Omnibus agreement, many SMEs treated 2 August 2026 as a single cliff. The May 2026 deal makes that too blunt. Some high-risk obligations may move, transparency work has its own timetable, AI literacy already applies, and the Commission’s draft high-risk guidance is still the document that turns abstract categories into practical classification examples.

The procurement test is therefore simple: ask each provider what artefact exists at the end of week four.

Provider typeUseful week-four artefactWeak buying signal
Law firm trackerWritten position on role, risk class and live datesA slide deck that only restates the Act
Governance platformInventory with owners, risk fields and review workflowEmpty control library sold before use cases exist
Build partnerWorking workflow plus evidence notes and staff handoverDemo-first prototype with no classification trail

Source: Regulation (EU) 2024/1689, draft high-risk guidelines and provider pages. Last verified 2026-06-22.

The verdict for EU SMEs

Choose Bird & Bird or a similar specialist firm when the main risk is legal interpretation across countries, sectors or regulated products. Choose Credo AI, Trustible or Holistic AI when the company already has enough AI inventory volume to justify platform governance. Choose ARCKONE when the SME needs fewer abstractions: one process mapped, one AI use case built or cleaned up, and the evidence kept close enough to the system that staff can maintain it.

The Digital Omnibus did not make AI Act work disappear. It made the sequencing clearer. Legal interpretation comes first when the question is uncertain. Platform governance comes later when the estate is large enough. For most smaller SMEs, the defensible first move is still operational: build the thing properly, record the decisions, and avoid buying a governance theatre before there is anything real to govern.

Frequently asked questions

Did the Digital Omnibus remove AI Act work for SMEs?

No. The provisional deal changes parts of the high-risk timeline and some simplifications, but transparency, AI literacy and classification work still need separate attention.

Should an SME start with a platform or an advisor?

Start with the decision you need to make: legal classification, inventory control or implementation evidence. The right provider category follows from that.

Where does ARCKONE fit in this comparison?

ARCKONE fits best when the problem is practical implementation: mapping real workflows, building or adapting AI tools, and leaving the evidence an SME can maintain.

Sources

  1. Official Artificial Intelligence: Council and Parliament agree to simplify and streamline rules Council of the European Union accessed
  2. Official An agile Digital Rulebook for the EU European Commission accessed
  3. Official Draft Commission guidelines on the classification of high-risk AI systems European Commission accessed
  4. Primary Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence EUR-Lex accessed
  5. Secondary Services ARCKONE accessed
  6. Secondary AI Regulatory Horizon Tracker Bird & Bird accessed
  7. Secondary Credo AI Credo AI accessed
  8. Secondary Platform Trustible accessed
  9. Secondary An End-to-End AI Governance Platform Holistic AI accessed

Image credit: Photo: business meeting with documents — Tiger Lily, Pexels License

Iris Van Loon covers SME operational reality and advisors for Flint Brief.

Spotted an error or want a right of reply? hello@flintbrief.com (subject [Right of reply]).

Stay in the loop

Now and then, a concrete take on internal tools and practical AI for SMEs. No spam.