Digital Omnibus and AI Act: Has the EU just softened the AI Act?
On June 29, 2026 the EU Council agreed to certain targeted amendments to the EU AI Act as part of its Digital Omnibus Regulation on AI, which stirred significant debate on whether the EU is altering its course on AI regulation.
Since then, a lot of headlines have focused on one thing: deadlines have been postponed. But that’s only part of the story.
Yes, certain key compliance dates have shifted:
2 December 2026 - New prohibitions against AI systems generating child sexual abuse material and nonconsensual intimate deepfakes become effective. In addiction, developers of synthetic content AI put on the market prior to 2 August 2026 must conform to the requirements for machine-readable watermarking.
2 December 2027 - Full EU AI Act obligations come into effect for Annex III high-risk AI systems (e.g., those for recruitment, biometrics, education, credit scoring, law enforcement).
2 August 2027 - Member States must launch national AI sandboxes.
2 August 2028 - Full obligations apply to AI systems incorporated into regulated products under Annex I (e.g., medical devices, machinery, toys).
Additionally:
- The definition of a "safety component" has been tightened, clarifying the scope of embedded AI systems that are considered high-risk;
- The use of special categories of personal data to detect and address algorithmic bias has been broadened beyond solely high-risk AI, contingent on appropriate safeguards;
- Small and medium-sized enterprises will receive more regulatory relief; and
- Enforcement and governance frameworks for General-Purpose AI models have been further refined.
At first glance, this might look like Europe is pausing or stepping back from AI regulation in favor of competitiveness. I see it differently.
The foundations of the AI Act remain unchanged. The risk-based approach is still there. Transparency, accountability, governance and human oversight are still central to the framework. What has changed is the recognition that meaningful compliance requires realistic implementation.
For organisations, the message should not be "we have more time." It should be "we have an opportunity." An opportunity to move beyond treating AI governance as a compliance exercise and instead build governance structures that are sustainable, practical and embedded within the business.
This is the moment to understand where AI is already being used across the organisation, establish governance structures, define roles and responsibilities, review procurement and vendor arrangements, and ensure documentation and risk management processes are proportionate and practical.
I' interested to see how others are advising their organisations and clients. Are you treating the revised timelines as breathing space, or as an opportunity to build stronger AI governance from the outset?
#AIAct #ArtificialIntelligence #AICompliance #EUAIAct #Governance #ResponsibleAI