The EU has agreed to simplify parts of its Artificial Intelligence Act, its flagship law for regulating Artificial Intelligence. The changes were agreed on May 7 through an “Artificial Intelligence omnibus”, a package of targeted amendments tied to a broader digital simplification drive. The aim is to reduce red tape, address overlapping rules, and give businesses more room to comply while keeping the law’s core risk-based structure in place.
The biggest immediate change is timing. High-risk Artificial Intelligence systems under Annex 3 of the Artificial Intelligence Act, covering employment, education, and health insurance, now face a compliance deadline of December 2, 2027, delayed from summer 2026. Artificial Intelligence embedded in physical products like medical devices or industrial machinery gets more time, with obligations delayed until August 2028. The definition of high-risk has also been narrowed, so only systems whose failure would create genuine health or safety risks face the toughest requirements. Tools that mainly assist users or optimise performance no longer automatically fall under the full regime.
The revised framework also trims overlaps with other EU laws. Where sector-specific legislation already regulates Artificial Intelligence functions in areas such as aviation, medical devices, or financial services, companies will no longer face parallel assessments under both systems. Machinery has been removed entirely from the Artificial Intelligence Act and will instead be governed by sector-specific regulation. That shift was welcomed by companies including Siemens and ASML, but it also raised concerns that the EU could start fragmenting its regulatory approach.
For businesses, especially SMEs and small mid-cap firms, the package offers lighter administrative burdens. Simplified technical documentation, extended deadlines, and broader access to regulatory sandboxes are meant to make compliance easier. The changes are intended to be proportional, with a small company using an off-the-shelf chatbot facing less scrutiny than a company selling high-risk Artificial Intelligence for hiring decisions. Even so, compliance costs remain, and fines are still possible for violations.
The package also introduces a notable new restriction. A ban on Artificial Intelligence tools that generate non-consensual sexually explicit images, including deepfakes, takes effect December 2. The broader debate now centers on whether the EU can keep pace with rapid technological change through formal legislation alone, or whether the Commission and the Artificial Intelligence Office will need to rely more heavily on guidance, codes of conduct, and enforcement. Formal approval by EU governments and the European Parliament is expected in the coming months.
