In a significant regulatory development, the European Parliament and Council reached a provisional agreement on May 7, 2026, under the “Digital Omnibus on AI” package aimed at simplifying the implementation of the EU’s landmark AI Act. The deal introduces key adjustments to timelines, compliance mechanisms, and protections for vulnerable groups.

Key changes include:

• Delayed enforcement of high‑risk AI rules: Stand‑alone high‑risk systems (Annex III) will now be subject to compliance from December 2, 2027, while high‑risk AI embedded in products (Annex I) will take effect from August 2, 2028 (consilium.europa.eu).

• Shortened grace period for watermarking AI‑generated content: Providers must comply by December 2, 2026, instead of the originally planned February 2027 (lobsterpack.com).

• New prohibitions on AI systems generating non‑consensual intimate content and child sexual abuse material (CSAM), with compliance required by December 2, 2026 (consilium.europa.eu).

• Extension of simplified compliance tools to small mid‑cap companies (SMCs), defined as firms with up to approximately €150 million turnover or 750 employees, granting them access to regulatory sandboxes, reduced documentation requirements, and proportional quality management systems (lobsterpack.com).

• Reinforced obligations for providers to register AI systems in the EU database, even when claiming exemption from high‑risk classification, and retention of the strict necessity standard for processing sensitive personal data for bias detection (consilium.europa.eu).

• Strengthened guidance and support: The European Commission must publish practical guidelines by August 1, 2027, on integrating AI risk and quality management into sectoral frameworks, and post‑market monitoring templates by September 2, 2027 (dentons.com).

• The agreement also underscores the EU’s commitment to balancing innovation with safety and fundamental rights, marking the first deliverable under the “One Europe, One Market” roadmap (consilium.europa.eu).

This provisional compromise now awaits formal adoption by both the European Parliament and the Council. If approved, it will recalibrate the AI Act’s operational timeline and compliance landscape, offering businesses more time to prepare while maintaining robust protections.

For companies deploying AI in the EU, the message is clear: high‑risk obligations are delayed, but transparency, safety, and ethical standards remain non‑negotiable. The extended timelines and support mechanisms offer breathing room—but not a reprieve—from compliance.