Este artigo está disponível apenas em inglês no momento.
EU AI Act Digital Omnibus: What the May 2026 Delays Mean — and Why They're Not a Reprieve
On 7 May 2026, EU lawmakers reached provisional agreement to delay key AI Act deadlines. High-risk AI obligations pushed to December 2027 and August 2028. Transparency obligations still apply from August 2026. A new prohibition on non-consensual intimate imagery was added. What changed, what didn't, and why organisations pausing their compliance work will be massively behind when the new deadlines arrive.
Key Takeaways
Annex III high-risk AI (biometrics, employment, education, law enforcement) delayed from 2 August 2026 to 2 December 2027.
Annex I high-risk AI (embedded in regulated products) delayed to 2 August 2028.
Article 50(2) watermarking obligations delayed to 2 December 2026.
NEW prohibition: AI generating non-consensual intimate imagery and CSAM, effective 2 December 2026.
Transparency obligations for deployers STILL apply from 2 August 2026 — this part was not delayed.
Final adoption expected June 2026, publication July. Organisations should continue compliance preparation.
"Apenas para fins informativos. Este artigo não constitui aconselhamento jurídico, regulatório, financeiro ou profissional. Consulte um especialista qualificado para orientação específica."
The EU AI Act Digital Omnibus is a package of targeted amendments to the EU AI Act reaching provisional agreement on 7 May 2026 between the European Parliament, the Council of the EU, and the European Commission. It significantly delays key compliance deadlines while adding new prohibitions and clarifications. The Omnibus is not yet formally adopted — final approval is expected in June 2026 with publication in July — but the political agreement provides sufficient certainty for organisations to plan. The critical point that most coverage misses: this is not a reprieve. Transparency obligations for deployers still apply from 2 August 2026. The new prohibition on AI generating non-consensual intimate imagery applies from 2 December 2026. Organisations that pause their compliance work because of the delays will be substantially behind when the new deadlines arrive, with less time to address the technical standards and operational requirements that the delay was meant to enable.
What changed: the timeline shifts
The most significant change is the two-tiered delay of high-risk AI obligations. Annex III high-risk AI systems — those used in sensitive areas like biometrics, critical infrastructure, education, employment, law enforcement, and border management — now have until 2 December 2027 to comply (originally 2 August 2026, a 16-month deferral). Annex I high-risk AI systems — those embedded in products covered by EU safety legislation like medical devices, machinery, and lifts — have until 2 August 2028 (originally 2 August 2027, a one-year deferral).
Article 50(2) watermarking obligations on providers of AI systems that generate synthetic content have been delayed to 2 December 2026 (originally 2 August 2026, a four-month deferral). This is a shorter delay than the six-month deferral originally proposed. All other transparency obligations under Article 50, including those that apply to deployers of AI systems, continue to apply from 2 August 2026 as originally scheduled.
What was added: the new prohibition
The Omnibus adds a new prohibition on AI systems used to generate non-consensual intimate imagery and child sexual abuse material, including so-called "nudifier" applications. The prohibition applies both to providers of such AI systems and to deployers using AI to create such content. This addresses a regulatory gap highlighted by recent scandals in which AI models produced sexualised images of real people, including minors, as a product feature. The prohibition takes effect on 2 December 2026.
What was clarified: scope adjustments
The Omnibus clarifies the meaning of "safety component" — AI systems that only assist users or optimise performance will not automatically face high-risk classification, addressing concerns about overly broad scope. The agreement also tackles overlapping requirements between the AI Act and sector-specific laws. Machinery is excluded from the direct application of the AI Act where there is overlap with the Machinery Regulation (which addresses health and safety matters directly). For other sector-specific laws (such as those applicable to medical devices, financial services, and automotive), coordination mechanisms have been agreed.
Why this is not a reprieve
Three reasons organisations should continue compliance preparation despite the delays. First, the delays exist precisely because the technical standards, regulator guidance, and compliance tools needed for high-risk AI compliance were not going to be ready in time. The delays give standards bodies more time to finalise — but they also mean organisations need this same time to implement against those standards once published. Pausing now means having less time, not more, when the new deadlines arrive.
Second, transparency obligations for deployers still apply from 2 August 2026. Any organisation using AI systems that interact with people, generate content, or use emotion recognition or biometric categorisation must comply with disclosure requirements. The watermarking delay applies to providers, not deployers — deployer transparency obligations remain on the original timeline.
Third, the EU AI Act applies extraterritorially. Organisations outside the EU whose AI affects EU residents are subject to the Act. The delays do not reduce this scope — they only affect the timeline. Multinational organisations should continue planning for full EU AI Act compliance.
Primary sources: White & Case — EU Digital Omnibus Analysis | EU AI Act full text