Centralized Power: How the EU AI Office Just Reshaped General-Purpose AI Supervision

The May 2026 Digital Omnibus Agreement has quietly introduced one of the most significant structural changes to EU AI governance since the Act’s adoption—centralizing supervisory authority for general-purpose AI models within the EU’s AI Office, while carving out critical exceptions for national authorities.

This shift matters far more than the headline compliance deadline extensions because it fundamentally changes who Irish enterprises and developers answer to when deploying AI systems built on foundational models.

What Actually Changed

The provisional agreement clarifies that the AI Office now has competence to supervise AI systems based on general-purpose AI models where the model and that system are developed by the same provider. Think of a company like OpenAI deploying GPT-based applications, or Anthropic managing Claude-integrated systems.

However—and this is crucial—the deal explicitly carves out exceptions where national authorities remain competent:

  • Law enforcement and border management systems
  • Judicial authority applications
  • Financial institutions’ AI deployments

This two-tier structure creates immediate friction for Irish enterprises operating across EU member states. A Dublin-based fintech using general-purpose AI for credit decisions must still answer to Irish regulators under national financial authority rules, not the centralized AI Office. But a retail e-commerce platform using the same foundational model for product recommendations? That’s potentially an AI Office matter.

Why This Matters for Irish Builders

For startups and mid-market enterprises in Ireland, this reshuffles the compliance playbook:

1. Reduced Regulatory Fragmentation (Partially) The AI Office consolidation theoretically reduces the nightmare scenario of negotiating 27 different national sandbox frameworks. Irish AI builders deploying general-purpose AI systems across the EU now have a clearer single point of reference.

2. But Domain-Specific Complexity Increases If your AI system touches financial services, criminal justice, or border control—even indirectly—you’re back to managing national-level compliance. An Irish HR tech company using foundational models for recruitment screening may still face fragmented rules depending on which EU member states its clients operate in.

3. The Sandbox Problem Remains The agreement deferred the mandatory national sandbox requirement from August 2026 to August 2027. Irish enterprises still need to understand how Ireland’s regulatory sandbox will interact with EU Office supervision. Will Ireland maintain its own sandbox framework? How will dual-track compliance work?

Practical Implications for Implementation

Irish AI teams building with general-purpose models should:

  • Audit your supply chain: Determine whether your foundational model provider and system integration happen under the same legal entity. If not, national rules may apply.
  • Map regulatory domains: Even within a single AI system, different components may fall under different supervisory regimes (AI Office vs. national authority).
  • Prepare for the 2027-2028 compliance wave: The deferred HRAIS timelines give breathing room, but the AI Office supervisory framework may tighten before those deadlines arrive.

Open Questions Heading Into Formal Adoption

The July 2026 formal adoption will need to clarify:

  • How will the AI Office coordinate with national authorities when a single AI system spans multiple regulatory domains?
  • What does “same provider” actually mean legally—does it require identical corporate ownership, or contractual integration?
  • Will Ireland’s regulatory sandbox operate as a complementary mechanism to AI Office oversight, or as a parallel track?

The centralized AI Office model is a pragmatic step toward coherent EU AI governance. But for Irish builders, it trades fragmentation risk for domain-mapping complexity—requiring deeper technical compliance architecture from day one.

Source: artificialintelligenceact.eu