Early Thursday morning, Parliament and Council negotiators reached a provisional deal on amending certain rules within the EU’s Artificial Intelligence Act as part of the digital omnibus package.
New deadlines
The law postpones the application of certain parts of the AI Act to ensure that necessary standards and support measures, needed to clarify the application of the rules, are in place. Following the agreement, obligations on high-risk AI systems will apply:
- From 2 December 2027 for AI systems with a high-risk use case (including those involving biometrics, and those used in critical infrastructure, education, employment, law enforcement, and border management)
- From 2 August 2028 for AI systems used as safety components and covered by EU sectoral legislation on safety and market surveillance
The law also delays the application of watermarking obligations on AI-generated content until 2 December 2026 (instead of 2 February 2027 in the Commission proposal). Watermarking techniques allow for the detection and tracing of AI-generated content.
Ban on nudifier apps
Parliament and Council also agreed to ban AI systems that create child sexual abuse material or depict the intimate parts of an identifiable person, or them engaged in sexually explicit activities, without that person’s consent.
The prohibition applies to:
- placing AI systems on the EU market with the purpose of creating such content;
- placing them on the EU market without reasonable safety measures to prevent such creation;
- deployers using these systems for the purpose of creating such content.
The content in question can be images, video or audio. Companies will have until 2 December 2026 to bring their systems in line.
Reducing overlaps, centralised enforcement
The following changes to the AI Act were also agreed:
- Removing overlapping requirements on AI for machinery products by clarifying that they only need to comply with sectoral safety rules (instead of both the AI Act and sectoral rules); with safeguards that ensure an equivalent level of health and safety;
- Narrowing down what qualifies as “safety component”, meaning that products with AI functions that only assist users or optimise performance will not automatically face high-risk obligations, if their failure or malfunction does not create health or safety risks;
- Possibility to process personal data where strictly necessary to detect and correct biases, with proper safeguards, both in high-risk and non-high-risk AI systems ;
- Extending SME exemptions from certain rules to small mid-cap enterprises (SMCs), to support their growth;
- Streamlining enforcement of certain general-purpose AI systems within the EU’s AI Office.
Quotes
Co-rapporteur for the Internal Market and Consumer Protection committee Arba Kokalari (EPP, SE) said: “With this agreement, we show that politics can move just as quickly as technology. We now make the AI rules more workable in practice, remove overlaps and pause the high-risk requirements. In order for Europe to become an AI continent, we need to promote innovation, support startups and scaleups and make it easier to build AI in Europe”.
Co-rapporteur for the Civil Liberties, Justice and Home Affairs committee Michael McNamara (Renew, IE) said: “I’m pleased that this morning we reached an agreement on the AI Omnibus. Alongside simplification measures, we are banning nudification apps, a key part of the Parliament’s mandate, and, of course, the creation of child sexual abuse material using AI systems. This way, we have the tools to act if providers do not address AI systems that compromise fundamental rights or human dignity.”
Next steps
The provisional agreement needs to be formally adopted by both Parliament and Council before it can enter into law. The co-legislators intend to adopt it before 2 August 2026, the start date for current rules on high-risk systems.
Press conference
Co-rapporteurs Arba Kokalari (EPP, Sweden) and Michael McNamara (Renew, Ireland) will answer journalists’ questions on the details of the trilogue agreement at a press conference on Thursday at 11.00 CEST. Details on how to follow are available here.
Background
The legislation agreed today is part of the seventh omnibus package on simplification proposed by the European Commission on 19 November 2025 (“the digital omnibus”). Parliament is also currently working on the other proposals in the package: the digital omnibus on amending laws on data use and data protection, and the proposal establishing European business wallets.