On May 7, 2026, European Union legislators reached an agreement on the AI Omnibus, a regulatory amendment to the EU AI Act. The deal delays compliance deadlines for high-risk AI systems and introduces significant changes to data use and content controls ahead of the original August 2026 implementation timeline.
Revised Compliance Deadlines and Expanded Data Use
The agreement postpones the application of requirements for AI systems classified as high risk. AI systems affecting fundamental rights must now comply by December 2, 2027, while AI embedded in regulated products such as medical devices and machinery has until August 2, 2028, to meet the rules. Transparency and watermarking obligations remain due this August, but existing systems on the market have additional time until December 2.
One notable amendment expands the use of sensitive personal data for bias detection and correction across all AI systems, including those operated by both providers and deployers. This represents a shift from the original AI Act, which limited such data processing under GDPR rules. The provision faced opposition from civil society over privacy concerns but was ultimately justified by legislators as necessary for bias mitigation—a legitimate public interest comparably weighted against data protection rights.
New Ban on Nudifier Tools and Content Safeguards
The AI Omnibus introduces a ban on “nudifier tools,” AI technologies that generate sexual deepfake content, including a focus on child sexual abuse material (CSAM). The ban, not included in the Commission’s initial proposal, addresses a surge in AI-generated sexual deepfakes that proliferated in late 2025, involving millions of cases. This measure builds on existing digital regulations and will take effect from December 2026, requiring AI providers to proactively prevent such content generation.
Industrial AI and Sectoral Regulations
The negotiations faced a significant standoff over industrial AI systems embedded in regulated products, such as toys and machinery. Industry advocates, supported notably by German Chancellor Merz, pushed for exempting these sectors entirely from the AI Act, arguing that existing regulations suffice. Although Parliament initially favored deferring AI requirements to sector-specific legislation, the final agreement rejected wholesale exemption.
Only the machinery sector was partially excluded from the AI Act framework but remains indirectly regulated via bridging standards and must comply with AI-related requirements by August 2028. This compromise preserves the horizontal approach of the AI Act, avoiding fragmented oversight and potential legal uncertainty.
Other Changes and Future Steps
The deal also streamlines certain obligations and certification procedures, enhances enforcement centralization through the EU AI Office, establishes an EU-wide regulatory sandbox, and extends small and mid-cap company privileges. Despite simplifications, core AI Act requirements largely remain intact.
The AI Omnibus serves as a preliminary step toward a broader EU digital simplification effort, including the forthcoming Data Omnibus, which aims to modify GDPR provisions affecting AI data processing. This future legislation is expected to bring more consequential changes regarding personal data definitions and legitimizing AI training activities, with implications for fundamental rights and industry regulation.
Why it matters
The EU’s amendment to the AI Act addresses critical industry concerns by delaying compliance deadlines, preventing rushed application of rules before standards are finalized. The expanded allowance for sensitive data use in bias mitigation marks a notable shift in balancing fundamental rights, while the ban on AI-driven sexual deepfakes responds to emerging harms linked to generative AI technologies. The industrial AI compromise maintains regulatory consistency essential to legal clarity and market stability.
Looking ahead, the AI Omnibus introduces responsibilities for regulators and standardization bodies that will require close oversight as the AI sector evolves. The subsequent Data Omnibus promises to reshape AI data governance, with potentially broader impacts on privacy and innovation across the EU.
Background
The original EU AI Act, adopted to regulate artificial intelligence systems by risk level, identified high-risk AI applications for strict compliance, with an initial deadline of August 2026. However, standards necessary for compliance were not yet finalized, prompting industry concerns about feasibility and legal uncertainty. The AI Omnibus emerged as a fast-tracked legislative adjustment to reconcile these issues and simplify overlapping rules under the EU’s wider competitiveness agenda, guided by insights from the Draghi Report.
Sources
This article is based on reporting and publicly available information from the following source:
Read more AI Regulation stories on Goka World News.