AI News

EU Digital Omnibus On AI Clears Its Final Hurdle

The Council of the European Union gave its final approval to the Digital Omnibus on AI on 29 June, completing a legislative process that began with a Commission proposal in November 2025. The European Parliament had adopted the text on 16 June.

Listen to this article

--:--
Editorial illustration for EU Digital Omnibus On AI Clears Its Final Hurdle

The Council of the European Union gave its final approval to the Digital Omnibus on AI on 29 June, completing a legislative process that began with a Commission proposal in November 2025. The European Parliament had adopted the text on 16 June. The EU Digital Omnibus on AI enters into force in July following publication in the Official Journal, and the most consequential change is a delay of sixteen months to the AI Act’s high risk obligations.

The original AI Act set 2 August 2026 as the application date for stand alone high risk systems listed in Annex III, covering employment, education, critical infrastructure, law enforcement and credit scoring. Those obligations now apply from 2 December 2027. High risk systems embedded in products already regulated under Annex I product safety legislation move to 2 August 2028. The delay was prompted by circumstances the Commission acknowledged openly: national competent authorities had not been designated in several member states, and the harmonised standards and conformity assessment tools that compliance depends on were not finished.

Several other changes deserve attention. A new prohibition enters Article 5 covering AI systems used to generate non-consensual intimate imagery, including so-called nudifiers, and child sexual abuse material. Transparency requirements under Article 50(2), including watermarking obligations for synthetic content, apply from 2 December 2026, a shorter delay than had been proposed. Providers who self assess a system as not high risk must still register it in the EU database, with a lighter administrative burden. The AI Office gains significantly expanded supervisory powers.

The obligations governing general purpose AI models under Articles 51 to 55 have applied since August 2025 and the EU Digital Omnibus on AI does not touch them. Providers of foundation models should continue working through the GPAI Code of Practice and the systemic risk thresholds as before. This point is regularly missed in coverage that treats the delay as a general reprieve.

The commercial reading depends on where a company sits. For deployers of employment screening, credit scoring or education systems, the sixteen month extension is genuine relief and removes a compliance cliff that many were not going to clear. For providers of general purpose models, nothing has changed. For the European AI industry as a whole, the delay is a mixed signal: it acknowledges that the regime was not implementable on the original timetable, which is honest, while also confirming that Europe’s flagship technology regulation required amendment within two years of adoption.

The temptation for compliance teams is to ease off, and it should be resisted for two reasons. The difficult work of AI Act compliance is inventory and classification, which does not become easier with time and which most organisations have barely started. And the timeline retains a mechanism under which the Commission may confirm completion of standards and guidance earlier, with transition periods running from that decision. The December 2027 date is a backstop and not a promise.

The wider context is a European policy environment recalibrating toward competitiveness. The delay arrives as SoftBank commits up to 75 billion euros to five gigawatts of French data centre capacity, as IQM becomes the first European quantum computing company to list on Nasdaq, and as European laboratories including Mistral push into robotics and embodied AI. The unresolved question behind the EU Digital Omnibus on AI is whether the original framework was well designed and badly timed, or whether horizontal regulation of a technology moving at this pace was always going to require repeated adjustment.

Dates that apply in the meantime: 2 December 2026 for Article 50(2) transparency requirements on legacy systems and the new prohibited practices; 2 August 2027 for member states to establish at least one national regulatory sandbox; 2 December 2027 for Annex III high risk obligations; 2 August 2028 for Annex I.

Sources

  1. Europadigital-strategy.ec.europa.eu
  2. Europaeur-lex.europa.eu
  3. Europaconsilium.europa.eu