1. TL;DR — The Five Material Changes
- High-risk Annex III postponed: 2 August 2026 → 2 December 2027. Covers biometrics, critical infrastructure, education, employment, law enforcement, border management.
- High-risk Annex I (products): separate, later compliance date of 2 August 2028 for AI systems embedded in regulated products.
- Machinery exempted: full carve-out from direct AI Act applicability where the Machinery Regulation already applies. Commission gains delegated-act power to add AI-specific health and safety requirements through the Machinery Regulation itself.
- Nudifier ban: AI systems generating child sexual abuse material or non-consensual sexually explicit content are explicitly prohibited from 2 December 2026.
- Transparency grace period shortened: from 6 months to 3 months. New deadline for AI-generated content disclosure obligations: 2 December 2026. AI sandbox establishment deadline moved to 2 August 2027.
2. The New Timeline (Old vs New)
| Obligation | Original date | New date (post-Omnibus) |
|---|---|---|
| Prohibited practices (Article 5) | 2 February 2025 | Unchanged — in force |
| GPAI obligations | 2 August 2025 | Unchanged — in force |
| Nudifier ban | — | 2 December 2026 |
| AI-generated content transparency (Article 50) | 2 August 2026 (6mo grace) | 2 December 2026 (3mo grace) |
| High-risk Annex III enforcement | 2 August 2026 | 2 December 2027 |
| National AI regulatory sandboxes established | 2 August 2026 | 2 August 2027 |
| High-risk Annex I (AI in regulated products) | 2 August 2027 | 2 August 2028 |
| Machinery (where Machinery Regulation applies) | Direct AI Act applicability | Exempted — handled via Machinery Regulation |
3. High-Risk Postponement: Annex III and Annex I
The headline change is the split of high-risk enforcement into two distinct compliance dates. Under the original AI Act, Annex III high-risk systems (the standalone categories: biometrics, critical infrastructure, education and vocational training, employment and worker management, access to essential public and private services, law enforcement, migration/asylum/border control, administration of justice) were due to comply by 2 August 2026. The Omnibus moves that date to 2 December 2027.
Annex I high-risk systems — AI embedded in products already regulated under existing EU product safety legislation (medical devices, machinery, automotive, toys, lifts, radio equipment, cableways, etc.) — receive an additional eight months on top, with a 2 August 2028 deadline. The split reflects the operational reality that conformity assessment for AI in regulated products requires alignment with sectoral notified bodies and existing CE-marking pipelines, which take longer to adapt than standalone software systems.
Why the delay?
A looming compliance crisis. Industry signalled in late 2025 and Q1 2026 that documentation, risk management systems, post-market monitoring infrastructure, and conformity assessment capacity were not on track for the original date. Germany pushed particularly hard to ease the burden on industrial AI; Chancellor Friedrich Merz publicly stated his intent to “ease the regulatory burden” on AI in April 2026. The Commission's Digital Omnibus initiative, launched in late 2025, formed the legal vehicle for the delay.
Notably, the Omnibus also brings back the obligation for providers to register AI systems in the EU's high-risk systems database — a provision that had been narrowed in earlier drafts. The database becomes a more central enforcement instrument, particularly given the longer preparation window before substantive obligations bite.
4. Machinery Regulation Exemption
For AI-powered machinery, the Omnibus is unambiguously good news. Machinery is now fully exempted from direct AI Act applicability where overlap with the Machinery Regulation exists. The European Commission gains the power to adopt delegated acts under the Machinery Regulation that add health and safety requirements for AI systems classified as high-risk under the AI Act. In other words: one regulation, one set of rules, one compliance pathway.
For other sectoral overlaps — medical devices, connected cars, toys — the Commission is charged with creating implementing acts to clarify how AI Act requirements interact with existing sectoral regimes. This is a slightly weaker instrument than delegated acts, but provides the same procedural channel for harmonising obligations rather than stacking them.
Practical impact for industrial AI manufacturers
If you build AI-driven control systems, robotics, or AI-enabled industrial equipment that fall under the Machinery Regulation, your AI compliance work now flows through your existing CE-marking and notified-body process. You no longer need to operate two parallel conformity assessment streams. Documentation requirements may still grow (via delegated acts), but the procedural entry point is one, not two.
5. Nudifier Ban & Transparency Grace Period
The Omnibus introduces a new explicit prohibition: AI systems that create child sexual abuse material, or that use identifiable aspects of a person engaged in sexually explicit activities without consent — commonly called “nudifier” apps — are banned. The compliance start date is 2 December 2026.
Article 50 transparency obligations for AI-generated synthetic content also tighten on this front: the grace period providers had to implement disclosure mechanisms is shortened from six months to three months. The new effective date is 2 December 2026. Combined, this makes 2 December 2026 the first hard, binding new deadline produced by the Omnibus deal.
The reform also explicitly permits organisations to process personal data “where strictly necessary to detect and correct biases, with proper safeguards” in both high-risk and non-high-risk AI systems — a quietly significant clarification that addresses a long-standing GDPR/AI Act tension. See our existing analysis on bias detection under Article 10.
6. AI Sandboxes Deadline Pushed
Under Article 57 of the AI Act, every Member State must establish at least one national AI regulatory sandbox — a controlled environment for testing AI systems under regulator supervision before market deployment. The original deadline was 2 August 2026. The Omnibus pushes it back by exactly one year, to 2 August 2027. This aligns sandbox availability with the new high-risk Annex III enforcement date (2 December 2027), giving Member States time to operationalise the sandboxes before they become useful as a compliance staging ground.
7. What Did Not Change
- Article 5 prohibitions remain in force unchanged (in effect since 2 February 2025).
- GPAI core obligations remain in force (in effect since 2 August 2025).
- Penalties under Article 99 are unchanged: up to €35M or 7% of global annual turnover for prohibited practice violations; up to €15M or 3% for other infringements.
- Risk classification logic under Article 6 and Annex III categories — the substance of what makes a system high-risk — is unchanged.
- Documentation requirements under Articles 9, 10, 11, 13, 14, 15 remain. The bar is the same; the date is later.
- Article 50 transparency obligations themselves are not removed — only the grace period and the effective date shift.
8. What This Means for Your Compliance Programme
The Omnibus is a postponement, not a cancellation. The substantive obligations — risk management, documentation, human oversight, post-market monitoring, conformity assessment — are unchanged. What changes is the runway.
If you had paused your programme:
Restart it. 19 months to 2 December 2027 is not generous — it is the realistic preparation window for a tier-1 enterprise high-risk programme. Industry benchmarks for full conformity assessment, technical documentation, risk management system, and post-market monitoring infrastructure remain at 12–18 months.
If you were on track:
You are now early. Use the additional time to deepen post-market monitoring, automate evidence generation, and align your AI Act compliance evidence with ISO/IEC 42001 and the NIST AI RMF where overlap exists. See our ISO 42001 mapping and NIST AI RMF crosswalk.
The 2 December 2026 deadline (nudifier ban + Article 50 transparency) is now your first binding new deadline. Organisations producing or distributing AI-generated content — in marketing, media, customer service, or product surfaces — should treat this as the operational priority for 2026.
For the redrawn complete picture, see our updated EU AI Act Key Dates & Deadlines article. For implementation planning, the implementation guide walks through the new milestones in operational detail.
9. Sources
All dates and provisions in this article are cross-referenced across the following primary and secondary sources, all reporting consistent terms:
- Council of the EU — Artificial Intelligence: Council and Parliament agree to simplify and streamline rules (consilium.europa.eu, 7 May 2026, primary).
- European Parliament — press release on the provisional agreement (7 May 2026).
- IAPP — EU agrees to amend AI Act, clarifies overlap with machinery rules (iapp.org, 7 May 2026).
- Politico Europe — EU clinches deal to roll back AI restrictions (politico.eu, 7 May 2026).
- Hogan Lovells — EU legislators agree to delay for high-risk AI rules (legal analysis).
- Lewis Silkin — The Council and Parliament agree to slim down and delay parts of the EU AI Act.
- Linklaters TechInsights — Omnibus Agreement: How the EU AI Act changes.
- Proskauer — EU AI Act Update: Provisional Deal Would Delay High-Risk AI Rules.
10. FAQ
What did the EU agree on 7 May 2026 about the AI Act?
On 7 May 2026, the European Parliament and the Council of the European Union reached a provisional agreement under the Digital Omnibus. The reform postpones the original 2 August 2026 high-risk AI deadline and creates two new dates: 2 December 2027 (Annex III: biometrics, critical infrastructure, education, employment, law enforcement, border) and 2 August 2028 (Annex I: AI embedded in products). It also bans nudifier apps from 2 December 2026, exempts the Machinery Regulation from direct AI Act applicability, and shortens the transparency grace period from 6 to 3 months.
Is the 2 August 2026 EU AI Act deadline still in force?
No. Annex III high-risk systems now have until 2 December 2027. Annex I product-embedded AI has until 2 August 2028. Formal adoption is still pending but is expected to be procedural. Organisations should plan against the new dates.
What does the Machinery Regulation exemption mean for AI manufacturers?
Machinery is fully exempted from direct AI Act applicability where the Machinery Regulation already applies. AI-specific health and safety requirements will be added to the Machinery Regulation through delegated acts. The result: one set of rules, one compliance pathway, one notified-body process for AI-powered machinery.
When does the nudifier ban come into force under the amended AI Act?
Compliance with the prohibition on AI systems that generate child sexual abuse material or non-consensual sexually explicit content begins on 2 December 2026 — the same date the new Article 50 transparency obligations for AI-generated content become effective (3-month grace period).
What changes for general-purpose AI (GPAI) models under the Omnibus?
GPAI core obligations (in force since 2 August 2025) remain. The Omnibus streamlines enforcement of GPAI where the model and the system are developed by the same provider, aligns enforcement of GPAI embedded in very large online platforms and search engines under the EU AI Office, and re-introduces the obligation to register AI systems in the EU high-risk systems database.
Does the AI sandbox deadline still apply on 2 August 2026?
No. National AI regulatory sandboxes must be established by 2 August 2027 (one year later than originally required), aligning with the new high-risk Annex III enforcement date.
How should we restructure our EU AI Act compliance roadmap after the Omnibus?
Re-baseline against three milestones: (1) 2 December 2026 — nudifier ban + Article 50 transparency. (2) 2 December 2027 — high-risk Annex III enforcement. (3) 2 August 2028 — Annex I high-risk AI in regulated products. Restart any paused programmes; 12–18 months remains the realistic preparation horizon for a full high-risk programme.