⚡ Key Takeaways

The May 7, 2026 EU AI Omnibus deal introduces a new Small Mid-Cap (SMC) category — companies with up to 750 employees or €150 million turnover — that qualifies for a simplified self-assessment pathway instead of the full conformity assessment required for large enterprises. Combined with the deadline extension to December 2, 2027, the Omnibus creates a meaningfully differentiated compliance architecture by company size.

Bottom Line: Enterprise AI buyers and SMC-category vendors should conduct an Annex III classification analysis in 2026 to determine conformity assessment pathway, and verify whether their specific use case is in the mandatory third-party assessment carve-out regardless of company size.

Read Full Analysis ↓

🧭 Decision Radar

Relevance for Algeria
Medium
Algerian companies with EU-facing AI products or European operations are subject to the AI Act on the same timeline as EU companies; the SMC exemption may apply to Algerian-incorporated entities operating in the EU market or to their EU subsidiaries.
Infrastructure Ready?
Partial
Algerian companies typically lack in-house EU AI Act conformity assessment expertise; EU-based legal and technical advisors will be required, particularly for mandatory third-party assessment categories.
Skills Available?
No
EU AI Act notified body certification and conformity assessment expertise is scarce globally; Algerian companies will need to engage EU-based specialists.
Action Timeline
12-24 months
For Algerian companies with EU-facing AI deployments, classification analysis and conformity assessment planning should begin in 2026 to avoid the notified body backlog expected in 2027.
Key Stakeholders
CTOs, compliance officers, legal teams, Algerian AI companies with EU operations
Decision Type
Educational
This article provides a framework for understanding the SMC exemption structure and its practical implications for compliance planning — the regulatory text still requires legal interpretation for specific deployments.

Quick Take: Algerian AI companies with EU-facing products should determine whether their company structure and employee count make them eligible for the SMC simplified pathway, and begin Annex III classification analysis regardless of pathway. The December 2027 deadline provides runway, but notified body capacity constraints mean early movers in 2026 access better availability and service than those who defer to 2027.

Advertisement

What the May 7 Agreement Introduced Beyond the Deadline Extension

Coverage of the EU AI Omnibus deal has focused heavily on the headline: the high-risk AI compliance deadline for standalone Annex III systems moves from August 2, 2026 to December 2, 2027. That is correct and significant. But the more analytically important change for the European AI startup and scale-up ecosystem is the small mid-cap (SMC) exemption framework — a provision that has received considerably less attention. The European Commission’s press release on the Omnibus agreement explicitly highlights the SMC provisions as a core deliverable of the simplification package, framing them as a response to industry feedback that the original AI Act’s conformity requirements were disproportionate for growth-stage companies.

According to the Council press release confirming the May 7, 2026 agreement, the Omnibus package explicitly introduces the SMC category as a distinct tier in the AI Act’s regulatory architecture. The SMC definition — companies with up to 750 employees and annual turnover up to €150 million or balance sheet up to €129 million — sits between the existing SME definition (up to 249 employees, €50 million turnover) and large enterprise. This is not a trivial distinction: there are thousands of European AI companies that exceed the SME threshold but fall below large-enterprise scale, and the original AI Act treated them identically to companies with tens of thousands of employees.

The Tech Policy Press analysis of the Omnibus deal notes that the SMC exemption addresses a specific complaint from the European AI industry: conformity assessment requirements for high-risk AI systems (technical documentation, risk management systems, quality management systems, EU database registration) were designed with large enterprise compliance teams in mind. The documentation burden alone — which can take a compliance team of 3-5 specialists 6-12 months to complete — was viewed as disproportionate for companies with fewer than 100 engineers total.

The SMC Exemption: What It Actually Covers

The SMC exemption framework operates on a proportionality principle rather than a categorical exemption. SMCs deploying high-risk AI systems are not exempt from the AI Act’s obligations — they are subject to a simplified version of those obligations that reduces the documentation burden without eliminating the substantive safety requirements.

Simplified conformity assessment. SMCs below the threshold can complete a self-assessment for most Annex III high-risk AI categories, rather than engaging a notified body for third-party conformity assessment. The self-assessment must still document the system’s purpose, intended use, risk management measures, and performance characteristics — but the format requirements are simplified, and the assessment does not require the full quality management system documentation that the original AI Act mandated for third-party assessments. The categories where third-party assessment remains mandatory regardless of company size — AI systems used in law enforcement, biometric identification, and certain critical infrastructure applications — are explicitly carved out of the SMC simplified pathway.

Reduced technical documentation requirements. The standard technical file for a high-risk AI system under the original AI Act runs to dozens of pages covering training data governance, model architecture, performance benchmarks, post-market monitoring procedures, and incident reporting protocols. The SMC pathway reduces this to a core documentation set: a clear statement of the system’s purpose and intended use; a description of the risk mitigation measures applied; performance data for the intended use case; and the post-market monitoring plan. The full documentation set remains available as an option, and SMCs seeking to contract with large enterprises or public sector customers may find that those customers require the full documentation regardless of what the regulation mandates.

Deferred registration timeline. The EU database for high-risk AI systems, established under Article 71 of the AI Act, requires registration before deployment. For SMCs, the Omnibus introduces a deferred registration pathway: SMCs can deploy their high-risk AI system before full registration, provided they submit a preliminary registration within 30 days of deployment and complete the full registration within 6 months. This addresses a practical bottleneck that affected early-stage companies: the database registration process was a deployment blocker even for companies whose systems were otherwise ready, creating revenue delays that disproportionately affected SMCs with limited operating runway.

Advertisement

What Platform Operators and Enterprise AI Buyers Should Understand

The SMC exemption creates a two-speed compliance landscape that enterprise AI buyers and platform operators need to factor into their vendor risk management.

1. Map Your Vendors Against the SMC/Large Enterprise Threshold

Enterprise customers deploying high-risk AI — for HR screening, credit assessment, or customer service automation — will increasingly receive AI systems from SMC vendors operating under the simplified conformity assessment pathway rather than the full conformity assessment. The risk for enterprise customers is that a vendor’s simplified self-assessment may not identify risks that a third-party conformity assessment would catch. Enterprise risk management should include a vendor classification step: is this AI vendor an SME, SMC, or large enterprise? What assessment pathway did they follow? Does the simplified pathway cover the specific use case in your deployment context (which may be more sensitive than the vendor’s intended use case)? For Annex III applications where third-party assessment is mandatory regardless of company size, the vendor’s size is irrelevant — the third-party assessment is always required, and enterprise customers should verify this documentation exists.

2. Verify Whether Your High-Risk AI Category Is in the SMC Pathway or the Mandatory Third-Party Carve-Out

The Omnibus does not create universal SMC relief for all Annex III categories. The categories where third-party conformity assessment remains mandatory regardless of company size are: AI used by public authorities in law enforcement; AI used for biometric identification and categorization in public spaces; AI used in critical infrastructure (energy, water, transport) for safety-critical functions; and AI used in the administration of justice. If your AI system falls into any of these categories, the SMC threshold does not apply — you need a notified body assessment regardless of your employee count or revenue. Companies operating in the grey area between SMC eligibility and mandatory third-party categories should seek legal advice before committing to a self-assessment pathway.

3. Use the December 2027 Window to Build Compliance Infrastructure, Not to Defer Compliance

The 16-month extension (August 2026 to December 2027) is the most widely discussed element of the Omnibus deal, and it carries a predictable risk: companies that treat the extension as permission to defer compliance work until late 2027 will face the same bottleneck they faced before the extension, compressed into a shorter window. Digital Strategy EU’s analysis of the Omnibus proposal estimates that European AI companies will collectively generate approximately 8,000 high-risk AI system registrations under Annex III. Notified body capacity — the technical experts authorized to conduct third-party conformity assessments — is already limited across Europe, with an estimated 18-month backlog at current demand. Companies that begin their conformity assessment process in Q3 2026 will access notified body capacity that will be unavailable by Q2 2027 when the deadline rush begins.

The Antitrust Question the Omnibus Raises

There is a structural tension in the SMC exemption framework that compliance officers and competition lawyers should monitor: the simplified pathway creates a competitive asymmetry between AI vendors of different sizes. Large enterprise AI vendors — who must complete the full conformity assessment, maintain comprehensive technical documentation, and use notified bodies for the mandatory categories — face significantly higher compliance costs than SMC competitors. In markets where the compliance differential is large enough, this can become an argument for strategic size management: companies may structure legal entities to remain below the SMC threshold, or may resist growth that would push them above it.

The EU Commission is aware of this dynamic, and the Omnibus text includes anti-avoidance provisions: companies that structure their operations specifically to remain below the SMC or SME threshold for AI Act purposes — while functioning economically as a larger entity — are not eligible for the simplified pathway. The implementing guidance on the anti-avoidance rules is expected in Q4 2026 and will clarify how economic substance tests will be applied in practice. Companies in the 700-800 employee range or the €130-160 million turnover range should seek clarity on how they will be classified before their classification becomes contested.

Follow AlgeriaTech on LinkedIn for professional tech analysis Follow on LinkedIn
Follow @AlgeriaTechNews on X for daily tech insights Follow on X

Advertisement

Frequently Asked Questions

What is the difference between an SME and an SMC under the EU AI Omnibus deal?

An SME (Small and Medium Enterprise) under EU definitions has up to 249 employees and annual turnover up to €50 million. The EU AI Omnibus introduces the SMC (Small Mid-Cap) category for companies with up to 750 employees and turnover up to €150 million (or balance sheet up to €129 million). Both SMEs and SMCs benefit from simplified conformity assessment pathways under the Omnibus, but SMCs had no distinct regulatory category under the original AI Act — they were treated as large enterprises despite being significantly smaller than the enterprise companies the full conformity assessment was designed for.

Which Annex III high-risk AI categories are excluded from the SMC simplified pathway?

The categories where third-party conformity assessment remains mandatory regardless of company size are: AI systems used by public authorities for law enforcement; AI used for biometric identification and categorization of individuals in publicly accessible spaces; AI used in critical infrastructure (energy, water, transport, finance) for safety-critical functions; and AI used in the administration of justice and democratic processes. Companies operating AI systems in these categories cannot use the self-assessment pathway regardless of their employee count or revenue, and must engage an EU-accredited notified body for conformity assessment before deployment.

Can non-EU companies benefit from the SMC exemption?

Yes — the AI Act’s extraterritorial scope means that non-EU companies whose AI systems are placed on the EU market or affect EU-based users are subject to the full AI Act obligations. The SMC exemption applies to the provider of the AI system regardless of where it is incorporated, based on the company’s total employee count and global revenue. A Algerian or US company with 400 employees and €80 million in global revenue that provides a high-risk AI system to EU customers can claim the SMC simplified pathway for EU compliance purposes, provided it meets the eligibility criteria and no anti-avoidance rules apply.

Sources & Further Reading