On 7 May 2026, the European Parliament and the Council of the European Union reached a provisional agreement on the Digital Omnibus on AI, the legislative instrument intended to amend Regulation (EU) 2024/1689 (the “AI Act”) within the broader regulatory simplification package launched by the European Commission through proposal COM(2025) 836. The agreed text introduces amendments concerning compliance deadlines, transparency obligations, prohibited practices and coordination with sector-specific legislation. The agreement remains provisional and is subject to formal approval by both institutions.
The context: a review process preceding the application deadlines
The AI Act entered into force on 1 August 2024 with a phased implementation timeline calibrated according to the level of risk posed by AI systems. Even before the most burdensome provisions became fully applicable, the European Commission initiated a review process as part of a broader programme aimed at reducing regulatory burdens, consistently with the objectives outlined in the reports on European competitiveness.
Proposal COM(2025) 836 gave rise to the Digital Omnibus, a horizontal legislative initiative affecting, inter alia, rules concerning personal data and European Digital Identity Wallets. A central issue in the interinstitutional negotiations concerned the regime applicable to AI systems embedded as safety components within products already subject to harmonised sector-specific legislation, with industrial stakeholders advocating for a substantial exemption from the obligations set out in the AI Act.
New deadlines for high-risk AI systems
The agreement postpones the compliance deadlines applicable to high-risk AI systems listed in Annexes I and III of the AI Act, also with a view to allowing the completion of harmonised technical standards.
For standalone AI applications — including systems used in the fields of biometrics, employment, education, law enforcement and the administration of justice — the new compliance deadline is postponed to 2 December 2027.
For AI systems integrated as safety components into regulated products (including machinery, medical devices and toys), the deadline is extended to 2 August 2028.
The Commission will also be empowered to adopt implementing acts aimed at reducing overlaps between the AI Act and sector-specific legislation, including operational guidance addressed to economic operators.
Transparency, registration and watermarking obligations
The agreement reintroduces the obligation to register AI systems in the EU database also for providers that consider their systems exempt from classification as “high-risk”, thereby strengthening traceability of AI systems within the European market.
Furthermore, the transitional period applicable to watermarking obligations for AI-generated content — including synthetic images, audio and video — is reduced from six months to three months, with a compliance deadline set for 2 December 2026.
Businesses already relying on generative AI systems are therefore required to prioritise and accelerate their compliance efforts.
The new prohibition: nudifier tools
At the initiative of the European Parliament, the agreed text introduces into Article 5 of the AI Act — concerning prohibited AI practices presenting unacceptable risk — an explicit prohibition on systems designed to generate sexually explicit images, videos or audio depicting identifiable individuals without their consent (so-called nudifier tools), as well as systems capable of generating artificially created child sexual abuse material.
The prohibition extends not only to providers, but also to distributors marketing such systems without adequate preventive safeguards and to deployers using them for the production of such content.
The entities concerned will be required to comply with the new prohibition by 2 December 2026.
Conclusions
The agreement reached on 7 May 2026 grants businesses additional time to structure their compliance programmes, without however altering the substantive architecture of the AI Act or the risk-based proportionality framework upon which it is founded.
The core requirements — including ex ante risk assessment, technical documentation, registration obligations, human oversight and transparency measures — remain unchanged: the timelines are modified, but the underlying rules are not.
Indeed, the postponement of the deadlines does not reduce the substance of the obligations; rather, it provides organisations with the time necessary to address them appropriately. Commencing the compliance process today therefore means transforming a regulatory obligation into an opportunity for internal governance and organisational development.
Lawyer Stefano Leanza and Lawyer Gerardo Sessa