Key Points from the AI Omnibus Deal

By Stephen King, Irina Vasile, James Green & Laoise Claffey on May 8, 2026

Posted in Artificial Intelligence, Information Technology

The Council of the EU has announced that a provisional agreement has been reached on proposed measures to amend the EU AI Act with the aim of streamlining rules and facilitating compliance. Whilst the full text of the proposal has not yet been published, we outline below the key points which have been announced.

High-risk AI obligations delayed

Obligations for high-risk AI (HRAI) systems outlined in Annex III (such as AI systems used in recruitment and HR) which were due to come into effect on 2 August 2026 have now been delayed until 2 December 2027. The obligations for AI systems listed in Annex I (such as those contained in toys, lifts, or medical devices) have been delayed from 2 August 2027 to 2 August 2028.

The agreed proposal also reinstates the obligation (which the Commission had proposed removing) for providers to register their AI systems in a HRAI EU database where they consider their systems exempt from classification as high risk.

Overlapping Obligations

The proposal further aims to address overlapping legislative obligations:

In respect of industrial AI, it proposes to limit the AI Act’s application via implementing acts where sectoral law already contains similar AI-specific requirements.
It also proposes to exempt the Machinery Regulation from direct applicability of the AI Act whilst empowering the Commission to adopt delegated acts under the Machine Regulation to add health and safety requirements in respect of HRAI systems.
Under the proposal, the Commission is also obliged to provide guidance to assist economic operators of HRAI systems covered by sectoral harmonisation legislation in complying with the requirements of the AI Act, in a manner which minimises the compliance burden

Nudification Ban

The proposal includes a new provision under the AI Act, prohibiting AI generation of non-consensual sexual and intimate content or child sexual abuse material (CSAM). The content in question will include imagery, video and audio which will be prohibited from 2 December 2026.

Further Clarifications

Under the proposal, where providers have to implement transparency solutions like digital watermarking on AI-generated content, they will now have to do so only from 2 December 2026 onwards. These obligations align with the EDPB’s recent call for accountability in their Joint Statement on AI-Generated Imagery and the Protection of Privacy. This should allow additional time for the relevant Code of Practice on Marking and Labelling of AI-generated content to be agreed.
The proposal reinstates the ‘strictly necessary’ standard for processing special categories of personal data in relation to bias detection and correction.

The deadline for the establishment of regulatory sandboxes by competent authorities at a national level has been postponed until 2 August 2027.
Certain clarifications have been made in relation to competences. Under the proposal, it seems that the EU AI Office will be provided with certain powers to supervise general-purpose AI systems, noting however that certain areas, such as law enforcement and border management, will be reserved for National Authorities.
It has also been reported that providers and deployers will have AI literacy obligations. The Commission had previously proposed to place such an obligation on EU Member States only. That being said, AI literacy is not referenced in the press releases by the Parliament or the Council.

Next Steps

The provisional agreement will now be put before the Council and the European Parliament for approval before it is submitted for a legal and linguistic revision. Once approved, we expect to see a formal adoption of the legislative act in the coming weeks.

Comment

The deal will come as a relief to many businesses facing the burden of meeting the HRAI obligations on 2 August this year without the benefit of the required HRAI technical standards or guidance from the EU AI Office on HRAI classification.

While agreement on the AI Omnibus is welcome, beyond clarity on the dates, much of what has been agreed and how it will be implemented in practice will only emerge over the coming weeks. Requirements such as the scope of the AI literacy obligation and the revised registration requirements for HRAI providers seeking to avail of an exemption will only become clear once the text is released. For providers of GPAI systems, the exact scope of the AI office’s competency also remains unclear.

In addition, complex questions still remain, such as the scope and interplay of industrial rules with AI systems, which will require the Commission to issue implementing acts providing clarification. As before, technical standards are still due, and guidance is awaited.

For further information in relation to the AI Act please contact John Cahir, partner, Dr Stephen King, partner, Aideen Burke, partner, Chris Bollard, partner, Andrew Sheridan, partner, Irina Vasile, senior associate, or your usual ALG Technology contact.

ALG has also published a more detailed guide to the AI Act which is accessible here

menu

Tech Law Blog