EU AI Act Digital Omnibus: What Actually Changed
For over a year, every EU AI Act plan carried an asterisk: “unless the Omnibus changes the dates.” That asterisk is gone. The Digital Omnibus on AI was formally endorsed by the European Parliament on June 16, 2026, received the Council’s final green light on June 29, 2026, and is expected in the Official Journal in July 2026 — entering into force on the third day after publication.
Since then we’ve seen two equally wrong readings of it: “the AI Act is postponed, we can stop” and “nothing really changed, ignore it.” Neither survives contact with the text. Here is what the Omnibus actually does — and what it deliberately leaves alone.
See HowWhat Happened, in Four Dates
- November 19, 2025 — the European Commission proposes the Digital Omnibus on AI, a targeted amendment package for Regulation (EU) 2024/1689.
- May 7, 2026 — Parliament and Council negotiators reach a provisional political agreement in trilogue.
- June 16 and June 29, 2026 — the European Parliament adopts the text; the Council gives its final approval.
- July 2026 — publication in the Official Journal expected; the amending regulation enters into force on the third day after publication, in time for the original August 2 date.
The headline change: the high-risk obligations that were due on August 2, 2026 move to December 2, 2027. But that is one row of the timeline — and the rest of the rows are where teams are now making mistakes.
Before and After: Every Deadline That Matters
| Obligation | As enacted (2024) | After the Omnibus |
|---|---|---|
| Art. 5 prohibited practices | February 2, 2025 | Unchanged — in force |
| Art. 4 AI literacy | February 2, 2025 | Unchanged — in force (wording softened, see below) |
| GPAI model obligations | August 2, 2025 | Unchanged — in force |
| Art. 50 transparency | August 2, 2026 | Unchanged — applies from August 2, 2026; grace period for 50(2) machine-readable marking until December 2, 2026 (only systems on the market before August 2, 2026) |
| High-risk, Annex III (standalone systems: HR, credit, education…) | August 2, 2026 | December 2, 2027 |
| High-risk, Annex I (AI embedded in regulated products) | August 2, 2027 | August 2, 2028 |
One detail worth underlining: the new high-risk dates are fixed. The Commission’s original proposal tied them to a confirmation that harmonised standards and support tools were available — a “readiness check” that could have moved the dates again in either direction. The final agreed text drops that mechanism. December 2, 2027 and August 2, 2028 are calendar dates, not conditions.
What Does Not Change
The bans. The Article 5 prohibitions — social scoring, manipulative AI, emotion recognition at work and school, and the rest — have applied since February 2, 2025 and carry the Act’s highest fine tier (€35M or 7% of global turnover). Nothing in the Omnibus touches them.
AI literacy. The Article 4 duty also stays current. The Omnibus does soften its wording — providers and deployers must now take appropriate measures to “support the development” of AI literacy, an obligation of effort rather than of result — but it remains a present-tense obligation, not a 2027 one.
GPAI rules. The general-purpose AI model obligations have applied since August 2025 and are not deferred.
Article 50 transparency — the August 2026 deadline that survived. This is the one most teams are getting wrong right now. The Article 50 obligations — telling people they are talking to a chatbot, labelling deepfakes, disclosing AI-generated public-interest text, marking synthetic content — still apply from August 2, 2026. The Omnibus left them on schedule, with a single, narrow concession: generative AI systems already on the market before August 2, 2026 get until December 2, 2026 to implement the Article 50(2) machine-readable marking — systems launched on or after August 2, 2026 must mark from day one. If you run a customer-facing assistant or publish AI-generated content, your next deadline is weeks away, not next year.
What Is New
The Omnibus is not only deferrals. Two additions matter in practice:
- Two new prohibitions. AI systems for generating non-consensual intimate imagery and child sexual abuse material (CSAM) are banned, applicable from December 2, 2026. For intimate imagery the drafting is foreseeability-based: it reaches beyond purpose-built “nudifier” tools to systems whose functionality makes such misuse reasonably foreseeable.
- A clearer legal basis for bias detection. The package addresses a long-standing tension between the AI Act and the GDPR: processing special categories of personal data for the purpose of detecting and correcting bias is permitted, subject to a strict-necessity standard and safeguards. For teams doing fairness testing on models that touch protected attributes, this removes a genuine legal ambiguity.
What This Means for Compliance Teams
Honestly: more time is not a cancelled obligation. Three things follow from the new timeline.
1. The work that was due first is still due first. The parts of the Act that already apply — the bans, the literacy duty, and Article 50 in August — all depend on the same prerequisite: knowing which AI systems you run, what they do, and who is exposed to them. You cannot screen for Article 5 practices, train the right people under Article 4, or find every chatbot that owes an Article 50 disclosure without an inventory. That was step zero before the Omnibus, and it is step zero after.
2. Classification did not become optional — it became unhurried. The Article 6 classification question — which of your systems fall into Annex III employment and HR, education, credit, or the other high-risk areas — still decides the bulk of your obligations. The difference is that you can now do it properly: documented intended purpose, recorded Article 6(4) assessments where you claim the exception, and a defensible rationale per system, instead of a panicked spreadsheet in the last quarter before the deadline.
3. The organizations that use the extra time will feel it in 2027. Surveys consistently put AI governance implementation at a year or more. December 2027 minus eighteen months is roughly now. Teams that treat the deferral as a starting gun — inventory this quarter, classification next, governance workflows after — will hit the new date with slack. Teams that treat it as a snooze button will re-run the 2026 scramble with bigger AI portfolios. Our 90-day sprint plan still works as written; only the anchor date moved.
Step Zero Has Not Moved
Every path through the amended Act — the bans in force today, Article 50 in August, Annex III in December 2027 — starts from the same artifact: a complete, current, auditable register of your AI systems. If your team runs Jira, Model Inventory for Jira gives you that register inside the tool you already have: every AI system recorded, classified against the EU AI Act risk tiers, with owners, lifecycle states and an immutable audit trail. No new vendor, no procurement cycle — and eighteen months of runway to use it well.
Try FreeSources
- Council of the EU — Artificial intelligence: Council gives final green light to simplify and streamline rules (June 29, 2026)
- Gibson Dunn — EU AI Act Omnibus Agreement: Postponed High-Risk Deadlines and Other Key Changes
- White & Case — EU agrees Digital Omnibus deal to simplify AI rules
- William Fry — EU AI Act Omnibus Deal Reached: Postponed Deadlines, Watermarking Compromise, and the Nudification Prohibition
This article is a practical explanation, not legal advice. Always confirm requirements against the official text of Regulation (EU) 2024/1689 as amended and, where the stakes warrant it, qualified counsel.