News-EU-AI-Act-Omnibus-Deal-May-2026

Delayed High-Risk AI ComplianceEdit

The deal postpones compliance deadlines for high-risk AI systems originally set to take effect August 2, 2026:

• Standalone high-risk AI systems (biometrics, critical infrastructure, education, employment, law enforcement, border management): compliance deadline moved to December 2, 2027
• AI systems embedded as safety components in products: compliance deadline moved to August 2, 2028

Negotiations lasted approximately nine hours, starting the evening of May 7 and concluding around 4:30 a.m.^[1][2]

Industrial AI ExemptionEdit

Following intensive lobbying from Germany and companies including Siemens and ASML, the deal largely exempts AI in machinery products from dual regulation under both the AI Act and the Machinery Regulation. Chancellor Friedrich Merz personally pushed for the exemption, arguing that overlapping requirements would make European manufacturers uncompetitive. Medical devices were not exempted and remain subject to both regulatory frameworks.^[1][3]

Ban on "Nudifier" Apps and AI-Generated CSAMEdit

The deal introduces an explicit prohibition on AI systems that:

• Generate child sexual abuse material (CSAM)
• Create non-consensual sexually explicit images of identifiable persons (so-called "nudifier" apps)

The prohibition responds to global outrage over AI-generated deepfakes, including content from Elon Musk's xAI chatbot Grok. Companies have until December 2, 2026 to comply.^[4]

Watermarking and TransparencyEdit

The deal modifies AI-generated content watermarking obligations:

• Watermarking deadline set for December 2, 2026 (previously February 2, 2027 under the Commission proposal)
• Grace period reduced from six months to three months
• Mandatory registration of high-risk AI systems in the EU database is restored

SME and Mid-Cap ExemptionsEdit

Regulatory exemptions previously available only to small enterprises are extended to small mid-cap companies (SMCs), intended to support European AI startup growth.^[3]

Bias Detection and Personal Data ProcessingEdit

The deal allows organizations to process personal data where strictly necessary to detect and correct biases in both high-risk and non-high-risk AI systems, with appropriate safeguards — a significant change from the original Act's stricter data minimization approach.^[4]

The EU AI Act entered into force in August 2024 after years of negotiations, with a phased rollout that was originally set to impose high-risk compliance requirements on August 2, 2026. Only a handful of countries worldwide followed the EU's lead on comprehensive AI regulation, leading to criticism that Europe was cracking down too early and failing to become a global standard-setter.^[1]

This deal represents the first significant rollback of EU digital regulation, driven by:

• US pressure on tech regulation under the Trump administration
• Industry complaints about overlapping regulations and red tape hampering competitiveness
• German Chancellor Friedrich Merz's personal intervention to exempt industrial AI
• Looming August 2026 compliance deadline that concentrated minds on all sides^[2]

The provisional agreement requires formal adoption by both the European Parliament and EU member states. Co-legislators intend to adopt it before August 2, 2026, the date high-risk obligations were originally scheduled to begin.^[4]