European Union lawmakers and member states reached a provisional agreement on 7 May to significantly revise the EU Artificial Intelligence Act as part of a broader “Digital Omnibus on Artificial Intelligence” simplification package. The changes are aimed at easing compliance pressure on businesses by delaying enforcement, reducing overlap with sector-specific rules, and extending some relief measures to a wider group of companies. For employers using Artificial Intelligence in hiring, worker monitoring, or management decisions in the EU, the most important shift is that the compliance deadline for high-risk systems moves from August 2026 to December 2027.
The biggest change for employers pushes back enforcement of rules covering high-risk Artificial Intelligence systems in areas such as employment, biometrics, critical infrastructure, education, migration, and border control until December 2, 2027, a 16-month delay from the previous August 2, 2026, deadline. For Artificial Intelligence systems that qualify as regulated products or safety components, the deadline is extended to August 2, 2028. The reform also clarifies that organizations may process special category data, including race, health, or sexual orientation, where strictly necessary for bias detection and correction in both high-risk and non-high-risk Artificial Intelligence systems. That legal basis now covers both providers and deployers, while safeguards such as pseudonymization and access controls remain mandatory.
Several additional revisions reshape how the law will apply in practice. Machinery products will generally need to comply with sectoral safety rules rather than both the EU Artificial Intelligence Act and sectoral rules. The European Commission will also be able to limit the Act’s application in other sectors, including medical devices, toys, and connected cars, where existing laws already contain similar Artificial Intelligence-specific requirements. The definition of “safety component” is narrowed so systems that only assist users or optimize performance will not automatically be treated as high-risk if failure does not create health or safety risks. Some exemptions previously available to Small and Medium-sized Enterprises are also extended to small mid-cap companies.
The agreement also adjusts transparency and enforcement provisions. The application of watermarking obligations on Artificial Intelligence-generated content has been delayed until December 2, 2026, giving companies using generative Artificial Intelligence tools more time to implement labeling solutions. The update reinstates the obligation for providers to register systems in the EU’s high-risk systems database, including where providers believe an exemption applies. It also adds a new prohibition on systems that create child sexual abuse material or depict, without consent, the intimate parts of an identifiable person or an identifiable person engaged in sexually explicit activities. Compliance with this prohibition begins December 2, 2026. The European Parliament and the Council must still formally adopt the agreement before the amendments are published in the EU’s Official Journal and enter into force three days later.
