On 7 May 2026, the European Parliament and the Council reached a provisional agreement on the EU’s AI Digital Omnibus package, marking the first significant legislative amendment to the AI Act since its adoption. Subsequently, on 16 June 2026 the EU Parliament gave final approval of the amendments to the AI Act and set forward the adopted text which remained largely in line with the provisional agreement. The agreement and adopted text reflect a growing focus within the European Union on ensuring that AI regulation remains effective while seeking to avoid unnecessary compliance burdens for businesses developing and deploying AI systems.

Postponement of Compliance Obligations for High-Risk AI Systems

A central feature of the agreement is the postponement of certain compliance obligations applicable to high-risk AI systems. Under the adopted text, obligations relating to standalone high risk AI systems as contained under Article 6(2) and Annex III will apply from 2 December 2027, including AI systems in the fields of biometrics, critical infrastructure, education, employment, essential private and public services. While requirements for high-risk AI systems incorporated as safety components into regulated products as contained under Article 6(1) and Annex I will apply from 2 August 2028, including systems embedded in products governed by EU product safety and market surveillance legislation, such as machinery and medical devices. The revised timeline is intended to provide additional time for the development of harmonised standards, technical guidance, and conformity assessment procedures.

The agreement also postpones obligations relating to the watermarking of AI generated content under Article 50(2) until 2 December 2026. It is indicated that the delay is designed to facilitate the development of practical and technically feasible compliance mechanisms before the requirements become enforceable.

Non-Consensual Intimate Imagery

The Parliament have confirmed the introduction of new prohibitions concerning certain harmful AI imagery applications. The adopted text prohibits AI systems designed to generate non-consensual intimate imagery, including what are known as the “nudifier” applications, as well as systems intended for the creation of child sexual abuse material. These prohibitions reflect the EU’s continued emphasis on fundamental rights protection and the prevention of harmful uses of artificial intelligence. Companies will have until 2 December 2026 to bring their systems in compliance with these requirements. The ban in relation to such applications applies where the generation of such imagery is the intended purpose of the AI system, and where providers have not enacted adequate safeguards to prevent such content being generated. While the prohibition of these applications is a welcome step, challenges may be encountered in relation to enforcement particularly where the systems underlying such applications are hosted outside of the EU.

Other Key Amendments

‘Safety Component’ Clarified: From a compliance perspective, there are several technical amendments aimed at reducing duplication and clarifying regulatory obligations. Among other measures, the agreement seeks to align the AI Act with existing EU product safety legislation, reduce overlapping requirements for machinery related products, and refining the definition of safety components within the high-risk framework. The adopted text amends the definition of a “safety component” to clarify that a component fulfils a safety function where “its intended purpose is to prevent or mitigate risks to health and safety of persons or property”.

Small and Medium Enterprises: The adopted text extends certain simplification measures beyond small and medium-sized enterprises to include small mid cap companies, acknowledging concerns raised by industry stakeholders that compliance costs may disproportionately affect growing businesses that fall outside the traditional SME definition with similar resource constraints.

Processing Personal Data for Bias Detection: Another notable development concerns the processing of personal data for bias detection and mitigation. The adopted text clarifies circumstances in which personal data may be processed where strictly necessary to identify, assess, and correct discriminatory outcomes in AI systems. The inclusion within the adopted text marks an attempt to reconcile obligations under the AI Act with broader data protection requirements under the EU legal framework, particularly in relation to the use of sensitive data.

EU AI Office: The role of the EU AI Office has been further strengthened within the adopted text as a central coordinating authority. Expanded responsibilities for the AI Office are intended to promote consistent supervision and enforcement across Member States, particularly in relation to general purpose AI models and cross border regulatory issues.

Registration Obligation on High Risk AI Systems: The AI Act requires that certain “high-risk” AI systems are registered in an EU database. The Omnibus proposed removing this obligation however, this proposal has not been maintained by the Parliament in the adopted text. As a result, providers will be required to register the relevant AI system, even where providers have concluded that such systems are not high-risk in accordance with Article 6(3), such as that they do not pose a significant risk of harm to health, safety or fundamental rights of individuals.

Machinery Products: The adopted text has removed overlapping requirements for AI-enabled machinery products by clarifying that they only need to comply with applicable sectoral safety rules, while ensuring an equivalent level of health and safety protection through appropriate safeguards to be proposed by the Commission.

Regulatory Sandboxes: Finally, the adopted text postpones the deadline for national competent authorities to establish at least one AI regulatory sandbox, being a controlled, supervised environment where developers can test innovative AI systems before bringing them to market, until 2 August 2027.

Key Takeaways

Although the political agreement and adopted text represent an important milestone, the legislative process is not yet complete. The adopted text must still be formally adopted by the EU Council. Assuming approval is secured, the amendments will become part of the evolving implementation framework for the AI Act.

The formal adoption will be closely scrutinised by organisations operating within the EU market, particularly those developing or deploying high-risk AI systems, as it will shape the next phase of compliance planning and regulatory engagement under the AI Act. While the postponements will ease immediate compliance pressures, they also introduce strategic considerations for organisations, and it is essential organisations utilise the additional time to align their processes with the multi layered EU regulatory regime.