Quick update on the EU AI Omnibus proposal

Rock Consultancy
May 7
2 min read

Updated: May 8

In the early hours of the 7 May, EU negotiators reached provisional political agreement on amendments to the EU AI Act as part of the Digital Omnibus simplification package.

The agreement, reached between the Council of the European Union and the European Parliament, represents a significant step toward simplifying and streamlining the implementation of the EU’s AI regulatory framework.

Key Developments:

📅 More time for high-risk AI systems

A central outcome of the AI Omnibus agreement is the extension of compliance timelines for high-risk AI systems under the EU AI Act.

AI systems classified as high-risk under Annex III, including those used in employment, education, and insurance-related decision-making, will now become applicable from 2 December 2027. Similarly, AI systems integrated into regulated products under Annex I, such as medical devices, toys, and industrial equipment, will benefit from an additional one-year transition period, with obligations now applying from 2 August 2028.

🏷️ AI Transparency/Watermarking obligations delayed

The agreement reduces the grace period for transparency obligations relating to AI-generated content. Requirements for machine-readable watermarking and disclosure mechanisms now have a new deadline of 2 December 2026, providing organisations with additional time to develop compliant governance and technical frameworks for generative AI deployment.

🚫 New prohibited AI uses

The agreement strengthens safeguards against harmful AI misuse by introducing explicit prohibitions on systems designed or used to generate non-consensual intimate imagery or child sexual abuse material. The restrictions apply both to providers placing such systems on the market and to deployers using them unlawfully, reinforcing the EU’s commitment to responsible and human-centric AI governance. These prohibitions will apply from December 2026 and represent one of the clearest examples of the EU responding directly to emerging and tangible AI-related harms.

⚖️ What this means for organisations

The additional time will help organisations strengthen governance, documentation, risk assessments and implementation planning.

The agreement also signals a continued focus on:

Simpler and more practical AI rules
Greater consistency in enforcement
Clearer implementation expectations across the EU

For organisations managing GDPR, AI governance and wider digital compliance obligations, the message is becoming clearer: expectations around accountability remain high, but regulators are increasingly focused on practical implementation and enforceability.

The agreement remains provisional, pending formal approval from the European Parliament and Council.

Further Reading:

https://www.consilium.europa.eu/en/press/press-releases/2026/05/07/artificial-intelligence-council-and-parliament-agree-to-simplify-and-streamline-rules/

At Rock Consultancy, we can support your organisation with creating AI policies, AI governance structures and training your personnel.

For any queries on this post or how Rock Consultancy can support your organisation, please contact us at info@rockconsultancy.ie