EU Parliament and Council negotiators have now reached a provisional agreement on amendments to the EU AI Act as part of the broader Digital Omnibus Package. The agreement still needs to be formally approved by both institutions, so it is not yet final law. But it gives a clearer indication of where the AI Act timetable and related compliance obligations are likely heading:

1. Some AI Act deadlines are being pushed back

The proposed package would extend several key compliance dates:

High-risk AI systems — including systems used in biometrics, critical infrastructure, education, employment, law enforcement and border management — would now be subject to the relevant obligations from2 December 2027.

AI safety components covered by EU sectoral legislation would move to2 August 2028.

Watermarking obligations for AI-generated content would apply from 2 December 2026.

This gives organisations more time to prepare, particularly where standards and guidance are still being finalised. That said, the extension should not be treated as a reason to pause AI Act readiness work. For high-risk systems, the classification, governance, documentation and testing work can still be substantial.

2. A new ban on non-consensual AI-generated intimate imagery

The agreement would introduce a new prohibition on AI systems used to create AI-generated child sexual abuse material, or intimate / sexually explicit depictions of identifiable people without consent. This is particularly relevant for providers of generative AI tools, especially image, video and audio services. The expected compliance date is2 December 2026.

3. Some simplification for machinery and safety components

The package would reduce overlap between the AI Act and existing product safety rules for certain AI-enabled machinery and safety components. It also narrows the “safety component” concept, so AI features that merely assist users or optimise performance should not automatically trigger high-risk classification.

4. Clearer basis for bias testing

Providers would be able to process personal data where strictly necessary to detect and correct bias, subject to appropriate safeguards. This should help with fairness testing and bias auditing, while still requiring data protection controls.

5. Some lighter treatment for smaller businesses

Some lighter-touch rules previously limited to SMEs would be extended to small mid-cap enterprises. The precise scope will need to be checked once the final text is available.

6. More centralised GPAI enforcement

Enforcement of certain general-purpose AI rules would be streamlined through the EU AI Office. The aim is more consistent oversight across the EU.

That’s next

For planning purposes, the direction of travel now appears to be:

Deal moving forward: Extended AI Act timelines likely to be adopted, with targeted simplification and new safeguards added.

Residual uncertainty: This is still a provisional agreement. Formal endorsement by Parliament and Council is required before the changes enter into force. Final legal text and implementation guidance still need to be reviewed carefully.