Client Alert: EU AI Act: Council Gives Final Green Light to the Digital Omnibus on AI

On June 29, the Council of the European Union (EU) formally adopted the amendments to the EU AI Act as part of the Digital Omnibus on AI simplification package, following the European Parliament’s endorsement on June 16. The legislative act will be published in the Official Journal of the European Union shortly and will enter into force three days after publication.

These amendments represent the first substantive changes to the AI Act since its adoption in 2024, building on the provisional political agreement reached by EU co-legislators on May 7, 2026. Below are the key changes organizations should be tracking.

  1. New Application Dates for High-Risk AI Obligations

The most significant change is the postponement of high-risk AI system obligations:

  • December 2, 2027 — High-risk AI systems listed in Annex III (standalone use cases such as recruitment, credit scoring, law enforcement, education, and border control)
  • August 2, 2028 — High-risk AI systems listed in Annex I (AI embedded in regulated products such as medical devices, toys, lifts, and vehicles)
  • August 2, 2027 — New deadline for the establishment of AI regulatory sandboxes by competent authorities at the national level
  • December 2, 2026 — Grace period ends for providers to implement transparency solutions (e.g., watermarking) for AI-generated content
  1. New Prohibited AI Practice: Non-Consensual Intimate Imagery and CSAM

The co-legislators added a new prohibited practice under Article 5 of the AI Act:

  • The placing on the market, putting into service, or use of AI systems that generate or manipulate non-consensual sexual and intimate content (NCII) or child sexual abuse material (CSAM) is now prohibited
  • This specifically targets so-called “nudifier” applications, or AI systems that generate nude images of real, identifiable persons or edit existing photos to reveal intimate parts without consent
  • The prohibition takes effect on December 2, 2026. Infringement can result in fines up to EUR 15 million or 7 percent of annual worldwide turnover.
  1. Clarification of the AI Office’s Competences

The amendments clarify and reinforce the supervisory role of the EU AI Office:

  • The AI Office now has exclusive competence for the supervision and enforcement of AI Act obligations in relation to AI systems based on general-purpose AI (GPAI) models where the model and the system are developed by the same provider (or providers within the same undertaking).
  • Certain carve-outs apply where national authorities remain competent, including:  Annex I products (e.g., medical devices, machinery); Annex III, point (2) use cases (critical infrastructure), and AI systems provided by law enforcement, border management, judicial authorities, and financial institutions.
  1. Interplay Between Sectoral Rules and the AI Act

For high-risk AI systems covered in Annex I (those already regulated by EU product safety legislation such as medical devices, toys, lifts, and watercraft), the amendments introduce a compromise mechanism:

  • The commission is empowered to limit the application of specific AI Act requirements, via implementing acts, in situations where sectoral law already imposes AI-specific requirements similar to those of the AI Act.
  • This addresses longstanding concerns about regulatory duplication and double compliance burdens.
  1. Machinery Regulation Exemption
  • Products covered by the Machinery Regulation (EU) 2023/1230 have been exempted from direct applicability of the AI Act. The Machinery Regulation has been moved from Annex I Section A to Section B.
  • The EU Commission is empowered to adopt delegated acts under the Machinery Regulation to add AI-specific health and safety requirements to machinery systems that would otherwise be covered by the AI Act.
  • Machinery manufacturers will face a single conformity assessment regime, with AI-specific requirements layered on top through sector-specific legislation.
  1. Minimizing Compliance Burden
  • The commission now has an obligation to publish guidance to assist economic operators of high-risk AI systems covered by Annex I (those already subject to sectoral harmonization legislation) in complying with the AI Act’s high-risk requirements in a manner that minimizes the compliance burden.
  • This guidance obligation complements the broader mechanism limiting the AI Act’s application where sectoral law already covers similar grounds.

Next Steps

Publication in the Official Journal is expected imminently. The amendments will enter into force on the third day after publication and will be binding in their entirety and directly applicable in all Member States. Organizations should update their compliance calendars to reflect the revised deadlines and begin assessing the impact of the new prohibited practice and supervisory clarifications.

Stay informed on evolving regulatory changes by subscribing to our monthly newsletter, the Digital Risk Report.

Related Insights

View All Insights