Agefi Luxembourg - mars 2026

AGEFI Luxembourg 10 Mars 2026 Banques / Assurances L uxembourg’s financial and technology sectors are ente- ring a newphase ofArtificial Intelligence (AI) governance. The European Union’sArtificial Intel- ligenceAct (AIAct), formally adopted in 2024, establishes the first comprehensive legal fra- mework forAI worldwide. At the same time, the European Commission has introduced the Digital Omnibus proposal, designed to simplify and align digital regulations, including theAIAct, data protection rules, and cybersecurity legislation. For Luxembourg, where AI adoption is ac- celerating infinancial services, fintech, anddigital in- novation, these developments bring both new complianceobligationsandstrategicopportunities . Organisations must now build structuredAI gover- nance frameworks to manage regulatory risk while ensuring innovation remains competitive within the EU’s evolvingdigital ecosystem. The EUAIAct:A risk-based framework forAI governance TheAI Act (Regulation (EU) 2024/1689 (1) ) introduces a risk-basedregulatoryapproach ,whereobligations depend on the potential impact of an AI system on safetyandfundamentalrights.Itsobjectiveistoensure trustworthyAIwhile supporting technological inno- vation across the European singlemarket. AI risk categories TheAI Act classifies AI systems into four risk levels, withobligations increasingaccording to thepotential impact on safety and fundamental rights. 1. Unacceptable risk: CertainAI practices are prohib- ited because they pose unacceptable risks to individ- uals or society. Examples include government social scoringandcertainformsofreal-timebiometriciden- tification inpublic spaces. 2. High risk: AI systems used in sensitive domains suchasfinancialservices,healthcare,employment,or critical infrastructure, are allowed but subject to strict requirements. Providers must implement risk man- agement processes, ensure high-quality data gover- nance, maintain technical documentation, enable human oversight, and undergo conformity assess- ments before deployment. 3. Limited risk (Transparencyobligation):AI systems that interact directly with individuals must meet transparencyobligations.Forexample,usersmustbe informedwhen they are interactingwithAI orwhen content isAI-generated. 4. Minimal risk: Most AI applications fall into this category and face no specific regulatory obligations under theAct. Implementation timeline The AI Act entered into force in August 2024, with obligations phased ingradually. Keymilestones include: - February 2025: prohibition of bannedAI practices and introductionofAI literacy expectations - August 2025: governance obligations and rules for general-purposeAImodels -August 2026 –August 2027: full applicationof high- riskAI requirements Non-compliance may result in significant penalties, with fines reaching up to €35million or 7%of global annual turnover depending on the violation. These enforcementlevelselevateAIgovernancefromatech- nicalmatter to a board-level compliance priority . The digital Omnibus: simplifying the EUAI regulatory landscape Shortly after the adoption of the AI Act, the Euro- pean Commission recognised that the growing body of EU digital legislation could create opera- tional complexity for organisations navigating overlapping compliance obligations. In response, the Commission introduced the Digital Omnibus Regulation Proposal (2) in 2025 , aimed at streamlining the EU digital regulatory framework. The initiative focuses primarily on areas such as data protection, data governance, and cybersecurity, in- cluding legislation such as the GDPR, the Data Act, andNIS2,withthegoalofimprovingconsistencyand reducingduplication across digital regulations. As part of this package, the Commission also pro- posedtargetedamendmentstothe AIAct ,referredto asthe DigitalOmnibusonAIRegulation (3) .Thepro- posal aims to ease implementation challenges while preserving the core safeguards of theAct. Importantly, the proposal does not alter theAI Act’s risk-basedframework .Instead,itfocusesonimprov- ing implementationby: - phasing the application of the high-riskAI regime more realistically; - reducing operational burden for SMEs and small mid-cap companies ; -strengtheningsupervisorycoordinationthroughthe AIOffice ; and - enabling more flexible implementation through guidance, regulatory sandboxes, and streamlined procedures . Key amendments proposed The following sections outline some of the most sig- nificant amendments proposed to support a more practical implementationof theAIAct. 1.ConditionalanddelayedapplicationofHigh-Risk AI requirements The Omnibus proposal introduces greater flexibility inthetimelineforapplyingtheAIAct’srequirements for high-riskAI systems . Instead of fixed dates, the application of the main obligations in Chapter III wouldbe linked to the availability of key im- plementationtools,suchasharmonisedstan- dards, common specifications, and regulatory guidance. Once the European Commission confirms that these compli- ance tools are in place, organisations would be given a transition period before the re- quirements become applicable. In prac- tice, thismechanismcould shift the effective implementation of high- riskobligationsby approximately one to two years comparedwith the original timeline , depending onwhen the necessary standards andguidance are finalised. The aim of this amendment is to ensure that organisations are not required to comply with complex technical obligations before the supporting regulatory framework is sufficiently developed. 2. AI literacy obligation becomes a policy encour- agement rather than a direct duty The proposal also revises the AI Act’s provisions on AI literacy. The current Article 4 requires providers anddeployers ofAI systems to ensure that their staff have a sufficient level of AI literacy. Under the Om- nibusproposal,thisobligationwouldbesoftened.In- stead of imposing a direct compliance duty on organisations,theprovisionwouldplaceresponsibil- ity on the European Commission and Member States toencourageAI literacy initiatives amongor- ganisationsthatdeveloporuseAIsystems.Theinten- tion behind this change is to reduce horizontal compliance obligations that may be difficult to oper- ationalise across diverse sectorswhile still promoting awareness and competence in the use ofAI. 3. New legal basis for processing sensitive data to detect bias Another significant amendment introduces a new legal framework for the processing of sensitive per- sonal data in the context of biasdetectionandmitiga- tion. The proposal inserts a new Article 4a , which allowsproviders anddeployersofAI systems topro- cess special categories of personal data when this is necessarytodetectandcorrectbiasinAIsystems.This change responds to concerns that organisations may currently lack a clear legal basis to analyse demo- graphicdataneeded toassess algorithmic fairness.At thesametime,theproposalincludessafeguardstoen- sure that suchprocessing remains proportionate and subject to appropriate protections. 4.ExtensionofSMEsupportmeasurestosmallmid- cap enterprises The Omnibus proposal expands several proportion- alitymeasurescurrentlyavailabletoSMEssothatthey alsoapplyto smallmid-capenterprises(SMCs) .This newcategory reflects the reality that manyAI devel- opers and technology companies fall between tradi- tional SME thresholds and large corporations.Under the proposal, SMCs would benefit fromseveral sim- plificationmechanismsalreadyprovidedtoSMEs,in- cluding: - simplified technical documentation requirements, - proportional quality management system obliga- tions, - access to regulatory supportmechanisms, and - adjusted approaches to administrative fines. By extending these provisions, the proposal seeks to reducecompliancebarriersforinnovativetechnology companies while maintaining the overall regulatory safeguards of theAIAct. 5. Expansion of AI regulatory sandboxes and creation of an EU-level sandbox TheOmnibusproposalstrengthenstheAIAct’sinno- vation framework by expanding the use of AI regu- latory sandboxes . In addition to national sandboxes run by Member States, the proposal enables the Eu- ropeanAIOfficetoestablishanEU-levelregulatory sandbox , allowing certain AI systems to be tested under coordinatedEuropean supervision. The amendment also encourages cross-border coop- eration between national authorities and simplifies administrative processes by allowing the sandbox plan and real-world testing plan to be combined whereappropriate.Theobjectiveistofacilitateexper- imentation and support the safe development of in- novative AI systems within a supervised regulatory environment. 6.ClarificationofthegraceperiodforexistingHigh- RiskAI systems The Omnibus proposal clarifies how the AI Act’s transitional provisions apply to high-risk AI sys- tems already placed on the market before the rele- vant obligations take effect. The graceperiodwould apply to the specific type or model of an AI sys- tem ,meaning that additional units of the same sys- tem may continue to be deployed without triggering new compliance obligations. However, if the systemundergoes a significantmodification , the transitional protection would no longer apply and the updated system would need to comply with theAI Act requirements. Strategic outlook for organisations While the Omnibus proposal may adjust timelines and clarify certain implementation aspects of theAI Act, its adoption and final scope remain subject to the EU legislative process. What is already clear, however, is that the core direction of the AI Act will remain unchanged . For organisations, this means that waiting for the final outcome of the Omnibus discussions should not delaypreparation. The EU is firmlymoving to- wards a risk-based governance model for AI , re- quiring organisations to understand their AI use cases, classify risks, and establish appropriate gov- ernance, oversight, and documentation practices. Companies that wish to adopt AI confidently and at scale should therefore already beginbuilding fit- for-purpose AI governance frameworks . Estab- lishing elements such as AI inventories, risk assessment processes, and clear internal responsi- bilitieswill not only support future regulatory com- pliance but also enable organisations to deploy AI systems more responsibly and strategically. Dr. Saharnaz DILMAGHANI, Advisory Manager, AI & Data Analytics, PwC Luxembourg Sébastien SCHMITT, Advisory Partner, PwC Luxembourg 1) Regulation (EU) 2024/1689,Artificiel IntelligenceAct, https://urls.fr/HzAHsf 2) Digital Omnibus Regulation Proposal, 19November 2025, https://urls.fr/OcSg8J 3) Digital Omnibus onAI Regulation Proposal, 19November 2025, https://miniurl.be/r-6p6p AI governance in Luxembourg: Navigating theAIAct and the Digital Omnibus L eministre des Finances, Gilles Roth, a participé aux réunions de l'Eurogroupe et duConseil des affaires écono- miques et financières (Ecofin) à Bruxelles les 9 et 10mars 2026. Lors de la réunion de l'Eurogroupe, les ministres ont examiné les évolutions macroéconomiques ainsi que la compéti- tivité de la zone euro. Les discussions se sont déroulées dans un contexte marqué par les tensions auMoyen-Orient et l’évo- lution des prix de l’énergie. En outre, les participants ont abordé les développe- ments dans le domaine de la finance numérique, notamment la diffusion des technologies de registres distribués, la tokenisation et les stablecoins. Le président de l’Eurogroupe, Kyriakos Pierrakakis, a souligné : « L’économie européenne reste solide malgré un contexte international plus incertain. La croissance enregistrée en 2025 a été sou- tenue par une inflation stabilisée, une demande intérieure dynamique et des marchés du travail robustes. Toutefois, les tensions géopolitiques, notamment au Moyen-Orient et la guerre en Ukraine, pourraient entraîner des per- turbations sur les marchés de l’énergie et le transport maritime. Dans ce contexte, les États membres doivent maintenir une action coordonnée afin de protéger les citoyens et les entre- prises face aux chocs économiques. » Dans le cadre de la réunion du Conseil Ecofin, les ministres ont également dis- cuté des répercussions économiques et financières de l'agression de la Russie contre l'Ukraine. Ils ont aussi échangé sur le paquet relatif à l'intégration des marchés financiers et à la supervision. Le ministre des Finances Gilles Roth a déclaré : « Pour renforcer la compétiti- vité, nous devons donner la priorité aux initiatives qui contribuent réellement à l'approfondissement de nosmarchés de capitaux. La transformationde l'Autorité européenne des marchés financiers (ESMA) en autorité de surveillance cen- tralisée ne contribuera pas à la réalisa- tionde nos objectifs. Il s'agit de renforcer l'efficacité de la supervision, et non d'ajouter de la complexité, de la bureau- cratie et des coûts. » De plus, les ministres des Finances ont échangé en préparation des réunions de printemps du Fonds monétaire international (FMI) et de la Banque mondiale à Washington, D.C.. Une approche et un message communs contribuent à afficher l'unité. Source : Eurogroupe et ministère des Finances Gilles Roth aux réunions de l’Eurogroupe et du Conseil Ecofin L’économie européenne face aux tensions géopolitiques (de g. à dr.) Kyriakos Pierrakakis, président de l'Eurogroupe ; Gilles Roth, ministre des Finances ©MFIN