The European Parliament and the Council have reached a provisional political agreement on targeted amendments to the EU AI Act as part of the Commission’s “Digital Omnibus” simplification package. The deal seeks to reduce regulatory burdens and legal uncertainty for AI providers while preserving the AI Act’s core architecture and risk-based approach.
Although the final text still needs to be formally adopted, the agreement already provides a clear indication of the direction EU policymakers are taking: maintaining strong safeguards for high-risk and harmful AI systems, while making compliance more workable in practice.
A Pragmatic Pause for High-Risk AI Obligations
One of the most significant aspects of the agreement is the postponement of key obligations applicable to high-risk AI systems.
Under the provisional deal:
- Obligations for AI systems classified as high-risk because of their intended use (including biometrics, critical infrastructure, education, employment, law enforcement and border management) will apply from 2 December 2027.
- Obligations for AI systems used as safety components under EU sectoral legislation will apply from 2 August 2028.
The rationale behind the postponement is straightforward: regulators and industry alike have expressed concerns that the technical standards, guidance and implementation tools necessary to operationalise the AI Act are not yet sufficiently developed. The delay is therefore intended to avoid fragmented implementation and legal uncertainty.
Importantly, the agreement does not reopen the AI Act’s risk-based framework. Instead, it temporarily slows down the application of certain obligations in order to make compliance more realistic and predictable.
Watermarking Requirements Also Delayed
The agreement also postpones the application of watermarking obligations for AI-generated content until 2 December 2026.
Watermarking mechanisms are intended to facilitate the identification and traceability of AI-generated content. Policymakers appear to have recognised that the technical maturity and interoperability of such solutions still require further development before mandatory implementation becomes feasible.
Ban on “Nudifier” Applications and AI-Generated Abuse Material
Alongside simplification measures, the co-legislators introduced an important substantive expansion of prohibited AI practices.
The agreement bans AI systems that generate:
- child sexual abuse material; or
- depictions of the intimate parts of an identifiable person, or sexually explicit content involving that person, without consent.
This directly targets so-called “nudifier” applications and similar tools used to create non-consensual intimate imagery.
The prohibition applies not only to the use of such systems, but also to:
- placing them on the EU market for those purposes;
- placing them on the market without adequate safeguards preventing such misuse; and
- deployers using the systems to create such content.
The prohibition covers images, video and audio content.
This is a notable development in the evolution of the AI Act. While the original Regulation already prohibited certain manipulative or harmful AI practices, the Omnibus package introduces a much more explicit and targeted restriction addressing AI-enabled sexual abuse and deepfake exploitation.
Providers will reportedly have until 2 December 2026 to ensure compliance.
Reducing Regulatory Overlap
Another key objective of the Omnibus package is reducing duplication between the AI Act and existing sectoral legislation.
The provisional agreement clarifies that AI-enabled machinery products subject to sector-specific safety legislation should not have to comply simultaneously with overlapping AI Act requirements, provided equivalent levels of health and safety protection are ensured.
The agreement also narrows the definition of “safety component.” AI functionalities that merely assist users or optimise performance should not automatically trigger high-risk classification unless malfunction could create health or safety risks.
This clarification may significantly reduce the number of AI-enabled products captured by the most burdensome compliance obligations.
Greater Flexibility on Bias Monitoring
The deal also introduces a limited possibility to process personal data where strictly necessary to detect and correct biases in AI systems, subject to safeguards.
Interestingly, this possibility would apply both to high-risk and non-high-risk systems.
This reflects increasing recognition among policymakers that meaningful bias detection and mitigation may sometimes require access to sensitive or representative datasets that would otherwise be difficult to process under existing constraints.
Support for SMEs and Centralised Enforcement
The agreement further extends certain exemptions to small mid-cap enterprises (“SMEs”), expanding support beyond traditional SMEs in an effort to facilitate scaling and innovation within the European AI ecosystem.
In parallel, enforcement of certain general-purpose AI models will become more centralised through the EU AI Office, potentially reducing fragmentation across Member States.
A Delicate Political Balance
Politically, the provisional agreement illustrates the EU’s attempt to strike a delicate balance between innovation and regulation.
On the one hand, the amendments respond to concerns raised by industry stakeholders regarding overlapping requirements, implementation timelines and legal uncertainty. On the other hand, the co-legislators have maintained the AI Act’s core risk-based structure and introduced additional prohibitions targeting specific forms of harmful AI-generated content, including non-consensual intimate imagery and AI-generated child sexual abuse material.
The agreement therefore does not fundamentally alter the architecture of the AI Act. Rather, it adjusts certain timelines, clarifies aspects of scope and compliance, and introduces targeted substantive amendments intended to facilitate implementation while maintaining existing regulatory objectives.
What Comes Next?
The provisional agreement must still be formally adopted by both the European Parliament and the Council before entering into force.
The co-legislators intend to finalise adoption before 2 August 2026, which was originally the date on which obligations for high-risk AI systems were scheduled to begin applying.
Given the significance of these changes, companies developing or deploying AI systems in the EU should closely monitor the final legislative text and reassess their compliance timelines and product qualification analyses accordingly.
