Some public commentary has described the Digital Omnibus on AI as delaying the EU AI Act. That is not the full picture.

In May 2026, the EU institutions reached a provisional political agreement on the Digital Omnibus on AI, a package of targeted amendments to the EU AI Act originally proposed by the European Commission in November 2025. The Omnibus focuses mainly on adjusting the application timeline for certain high-risk AI systems. The general framework and many other deadlines remain unchanged. And if you manage a law firm, an accountancy practice, or any professional services business using AI tools, the obligations that affect you most directly are still firmly on the August 2026 schedule.

Read on for a plain-English breakdown of what moved, what did not, and the five practical steps any professional services firm can take before August.

What is the EU AI Act Omnibus?

The EU Digital Omnibus on AI is not a rewrite of the AI Act. It is a package of targeted amendments proposed by the European Commission in November 2025 and agreed in principle between the Parliament and the Council on 1 May 2026.[1]

The Commission proposed the Digital Omnibus to better align the application of high-risk AI rules with the availability of harmonised standards and other compliance tools, and to introduce backstop dates for cases where such tools are delayed.

It is also important to note that the agreement is provisional. The formal legislative process is not yet complete. The new deadlines represent the current best estimate, not a guaranteed fixed date.

In summary

The Omnibus is a targeted adjustment to how and when certain high-risk AI rules apply. It is not a general relaxation of the AI Act.

What did the Omnibus actually change?

The main AI Act-related change in the Digital Omnibus proposal concerns the timing for high-risk AI systems listed in Annex III of the EU AI Act.[7] Annex III covers a specific category of AI: systems used to filter job applicants, score creditworthiness, manage access to education, support decisions in the administration of justice, and similar high-stakes applications. Under the original AI Act timeline, Annex III rules would have applied from 2 August 2026, with rules for high-risk AI embedded in regulated products following in August 2027.

The Omnibus would introduce a mechanism that links the application of these high-risk requirements to the availability of support tools, including harmonised standards. If the Commission adopts a decision confirming that adequate support measures are available, high-risk rules would apply from a set period after that decision. If no such decision is adopted, backstop deadlines of 2 December 2027 for Annex III stand-alone systems and 2 August 2028 for Annex I (embedded) systems would apply instead. These timelines are still provisional until the Omnibus is adopted and published in the Official Journal.[2]

EU co-legislators have also discussed targeted adjustments to transparency rules (including phased implementation of certain Article 50 watermarking obligations) and additional content-related prohibitions such as measures addressing non-consensual intimate imagery. The precise wording, scope and compliance timelines for these elements will only be clear once the final Omnibus text is adopted and published in the Official Journal. Treat them as indicative rather than fixed compliance dates until then.

In summary

The Digital Omnibus proposal adjusts timelines and technical details for certain high-risk systems, subject to formal adoption. It does not change the overall risk-based structure or general obligations of the AI Act.

For the full compliance obligations this creates for organisations deploying Annex III high-risk AI systems in financial services, HR technology, or health technology, see What the August 2026 EU AI Act Deadline Means for Irish SMEs.

What did not change, and why this matters for your firm

AI literacy obligations (Article 4) are in force now

Article 4 of the EU AI Act requires providers and deployers of AI systems to take measures to ensure a sufficient level of AI literacy for their staff and other persons dealing with AI systems on their behalf. This obligation entered into application on 2 February 2025, and national market-surveillance authorities will begin supervising and enforcing it from 3 August 2026.[3]

If your firm uses AI tools, whether Microsoft Copilot, a ChatGPT-style service, or AI built into your practice management or document review system, you are already required to ensure the people using those tools understand what AI is, how it works, and what the risks are. There is no formal certificate required, but regulators will look at what training has been documented.

The EU is not asking everyone to become AI engineers. It is asking organisations to make sure the people driving AI in their work know what they are doing and what the rules are.

One note on Article 4: in the Digital Omnibus proposal, the Commission suggested shifting the general AI literacy obligation away from individual organisations towards a duty on Member States and the Commission to promote AI literacy and skills, according to the Commission's own AI literacy Q&A.[3] This proposal is not yet law and may change during negotiations. Until the Omnibus is formally in force, Article 4 as enacted continues to require organisations to take measurable steps on AI literacy. Do not treat the proposal as a reason to deprioritise staff training.

Deployer obligations still apply

If your firm uses an AI system in a professional context within the EU, you will generally be a "deployer" under the Act. This means: a natural or legal person, public authority, agency or other body using an AI system under its authority, other than for purely personal, non-professional activities. For deployers of high-risk AI systems, the Act requires measures such as appropriate human oversight, use of the system in line with the provider's instructions, monitoring during operation, and reporting certain serious incidents to the competent authorities. For other AI systems subject to transparency rules, deployers must meet those specific transparency obligations and should adopt appropriate internal controls as part of responsible governance.

For many professional services firms, the most immediate EU AI Act priorities are Article 4 AI literacy and oversight of AI used in client-facing or decision-support work. Annex III high-risk obligations, including conformity assessment requirements, will apply only if the firm deploys an AI system that falls within an Annex III category. Under the current Omnibus proposal, these obligations are expected to apply, at the latest, by 2 December 2027 for relevant Annex III systems, but these dates remain subject to formal adoption.

You cannot assume your software vendors handle compliance for you. If your people are using AI tools in client work, your firm has duties regardless of whether the vendor is compliant.

In summary

Article 4 AI literacy obligations are already in force (since February 2025), with national supervision beginning from 3 August 2026. That is the date that matters most for Irish professional services firms right now.

What does the EU AI Act mean for Irish law firms and accountancy practices?

Ireland has adopted a distributed regulatory model. Rather than one mega-regulator for all AI, S.I. No. 366 of 2025 designates multiple national competent authorities, including existing sectoral regulators, to supervise AI use within their current areas of responsibility. The Government's General Scheme of the Regulation of Artificial Intelligence Bill 2026 proposes establishing a new statutory independent body, the AI Office of Ireland, as a central coordinating authority for AI Act implementation, with the intention that it will be operational around 1 August 2026.[6]

For a law firm, AI use will often involve client personal data, so the Data Protection Commission is a key regulator. Under Ireland's proposed distributed model, sectoral bodies such as the Law Society of Ireland are expected to play a role in supervising AI use within their existing oversight remit. Given the AI Act's and GDPR's accountability requirements, firms should expect regulators to seek explanations of how AI is used in their practice and what safeguards are in place. In practice, this typically means having clear internal rules on when AI can be used in client work, who reviews AI-generated content, and how client confidentiality is protected.

For an accountancy practice, the same DPC lens applies. Under Ireland's distributed model, both the DPC and IAASA (Irish Auditing and Accounting Supervisory Authority) are likely to have supervisory roles in AI Act implementation in the sector. Firms should monitor IAASA's official publications for AI-related guidance. In practice, this typically means being able to demonstrate how you prevent staff from inputting client data into uncontrolled AI tools, and how you define acceptable AI use in audit, tax, or advisory work.

Recent Irish market research suggests that only 14% of Irish organisations are fully prepared to comply with the EU AI Act, and 53% cite limited internal expertise as their main barrier.[4] Fewer than 44% have a formal AI policy in place, even as 92% of Irish organisations use or plan to use AI.[5] These figures come from commercial market surveys, not official government or EU statistics, and should be treated as indicative.

In summary

The DPC and your sectoral regulator are both relevant. The gap between AI adoption and AI governance in Irish professional services is significant, and August is not far away.

What do you have to do before August 2026?

Your pre-August AI Act starter pack: five steps any professional services firm can take now.

Step 1: Make an AI inventory

Write down, on one page, where AI shows up in your firm. Include tools like Copilot, AI built into your practice or case management systems, any document review or drafting tools, and any experimental projects your team has been running. Do not overlook shadow AI: tools that staff may be using on their own initiative without formal approval.

Certain high-risk AI systems used in financial services, such as those involved in creditworthiness assessment or risk scoring, are subject to additional obligations under the AI Act, including registration in an EU database and compliance with Annex III requirements. These go beyond a basic internal inventory and should be checked against the specific provisions that apply to your use case. See Does Your Financial Services Firm Have an AI Register? for the detailed treatment.

Step 2: Set your red lines

List three to five rules that apply to everyone, with no exceptions. Examples: never paste client confidential information into a public AI tool; never send AI-generated advice to a client without human review; never use an AI tool that has not been reviewed by the firm.

Step 3: Write a one-page AI policy

In plain English, answer four questions: What tools are permitted? Who can use them? For what tasks? What must a human check before it leaves the firm? A one-page policy that is actually read and followed is more valuable than a fifty-page document that is not.

Step 4: Train your people

Run one session for all staff that covers: the tools the firm uses and permits, the red-line rules, and two or three practical examples drawn from real work in your firm. This does not need to be a full-day course. It needs to be documented.

Step 5: Assign a named owner

Choose one partner or senior manager who is responsible for keeping the AI inventory up to date, updating the policy when tools change, and keeping a simple record of who has been trained and when. Given the AI Act's and GDPR's accountability requirements, firms should expect regulators to seek explanations of how AI is used in their operations, what safeguards are in place, and who is responsible for overseeing AI governance.

In summary

Five practical steps you can complete in a week. None of them require external expertise to start.