Latest Posts:
Search for:

Analyzing critical legal trends and developments across data, cyber, AI and digital regulations from around the world and beyond borders

In AI Cybersecurity, Data and Tech Data EU Data Privacy

Political Agreement reached on Digital Omnibus on AI, amending the EU AI Act, Consistent with Evolving Global Trends on AI Regulation 

by , , , , , , , and 4 Mins Read

On Thursday 7 May 2026 the European Parliament and Council of the EU reached political agreement on the Digital Omnibus on AI, which will amend the EU AI Act.  

The European Commission published the Digital Omnibus on AI proposal on 19 November 2025, with the aim of “simplifying the AI Act while maintaining its level of protection”.  

What is going to change?  

Timeline for high-risk AI 

The timeline for when obligations under the EU AI Act for high-risk systems apply has been extended.   

Obligations under the EU AI Act for high-risk AI systems under Annex III (such as biometrics, critical infrastructure, and employment) were due to come into force on 2 August 2026, and for high-risk AI systems under Annex I (AI systems that are safety components of certain regulated products such as lifts or toys) were due to come into force on 2 August 2027. 

Political agreement has now been reached to extend those deadlines as follows: 

  1. for high-risk AI systems under Annex III, the obligations come into force on 2 December 2027; and 
  1. for high-risk AI systems under Annex I, the obligations come into force on 2 August 2028. 

Notably, this will give the Commission enough time to adopt much-anticipated guidance on high-risk AI systems. Moreover, the European Standardisation Organisations will have time to adopt technical standards for how to implement the AI Act’s requirements for high-risk AI systems. Once these standards are endorsed by the Commission, providers of AI systems will benefit from a presumption of compliance to the extent that they comply with these standards. 

Prohibition on non-consensual explicit content 

The Digital Omnibus on AI will prohibit AI systems that generate non-consensual sexually explicit and intimate content or child sexual abuse material, such as AI ‘nudification’ apps. 

Simplification and clarification  

The Digital Omnibus on AI will also make certain amendments to the EU AI Act to simplify and clarify compliance, such as:  

  • extension of privileges for small and medium sized enterprises to also cover small mid-cap companies; 
  • clarification of the interplay between the EU AI Act and EU product safety laws, such as the Machinery Regulation, to avoid duplication between sectoral and AI requirements;  
  • increasing access to regulatory sandboxes, including an EU-level sandbox, to test AI solutions in real world conditions; and  
  • strengthening of the enforcement powers of the Commission’s AI Office to support oversight of certain AI systems, including systems built on general-purpose models and those embedded in very large online platforms and very large search engines.  

What happens next?  

Although a political agreement on the Digital Omnibus on AI proposal has now been reached by the European Parliament and Council of the EU, the next steps are: 

  • for the Parliament and Council to formally adopt the political agreement which is likely to happen in June; and  
  • once adopted and translated into all official languages of the EU, the amendments will be published in the Official Journal of the European Union and enter into force three days later – this is likely to happen at the end of July and therefore just in time before the original 2 August deadline. 

There is also a separate Digital Omnibus package, published by the European Commission on 19 November 2025, which would amend the EU GDPR and E-Privacy Directive. However, political agreement has not yet been reached on those proposals. 

Takeaways 

The political agreement on the Digital Omnibus on AI mirrors the legislative trend of streamlining proposals for AI regulation and extending compliance deadlines to allow stakeholder consensus to crystallize. In these respects, the agreement mirrors recent developments concerning Colorado’s AI Act, the enforcement of which has been paused while lawmakers weigh proposals to amend the statute to ease some of its compliance burdens on developers and deployers. These demonstrate that, even as lawmakers seek to balance individual rights with innovation, the regulatory environment for AI is quickly evolving. Business should therefore continue to closely monitor the Digital Omnibus proposals as they advance through the legislative and adoption processes.

Categories:
Tags:
Author

Dr. Lukas Feiler, SSCP, CIPP/E, heads the Firm’s Commercial, Data, IPTech and Trade practice in Vienna. He is specialized in technology litigations, focusing on regulatory and civil disputes in the areas of data protection, AI, and platform regulation. Building on his litigation expertise, Lukas advises clients on strategic compliance issues in the areas of cyber security, data protection, and AI. Lukas also leads the AI Desk in Vienna and is a member of the Firm’s EMEA Data Privacy & Security leadership team. Lukas regularly represents clients before the Austrian Supreme Court, the Austrian Administrative Supreme Court, the European Commission, and the EU’s General Court and the CJEU.

Author

Ben advises clients in a wide range of industry sectors, focusing in particular on data protection compliance, including healthcare, financial services, adtech, video games, consumer and business-to-business organisations. Ben regularly assists clients with global data protection compliance projects and assessments as well as specific data protection challenges such as international transfers and data security breaches. Ben is also regularly involved in drafting and negotiating data protection clauses in agreements for various clients in a wide range of industry sectors. Ben also regularly advises clients on electronic direct marketing and cookies.

Author

John is a media and technology lawyer and is currently EMEA Head of Regulatory at Baker McKenzie. He is a Partner in Baker McKenzie's London office, having spent 12 months in the San Francisco office in 2018. John’s practice has three main strands: (1) technology and content regulation; (2) product counselling on new technologies; and (3) copyright and digital media. Most of his time is currently spent advising clients on the EU DSA and UK OSA, including representing clients on RFIs and Investigations in front of the European Commission and Ofcom. He also regularly helps clients launch new AI products, navigating risk and regulation (like the EU AI Act). He is ranked in Chambers UK and Legal500 across various Technology and Media categories. Managing IP ranks him as a "rising star" for copyright. He is also included in Thomson Reuters "Stand-out Lawyers" rankings, and Best Lawyers ranks him as "one to watch" for TMT. In 2020 John was elected to TechUK's Data Analytics and AI Leadership Committee.

Author

Magalie Dansac Le Clerc is a partner in Baker McKenzie's Paris office. A member of the Firm's Information Technology and Communications Practice Group, she is a Certified Information Privacy Professional (CIPP).

Author

Prof. Dr. Michael Schmidl is co-head of the German Information Technology Group and is based in Baker McKenzie's Munich office. He is an honorary professor at the University of Augsburg and specialist lawyer for information technology law (Fachanwalt für IT-Recht). He advises in all areas of contentious and non-contentious information technology law, including internet, computer/software, data privacy and media law. Michael also has a general commercial law background and has profound experience in the drafting and negotiation of outsourcing contracts and in carrying out compliance projects.

Author

Francesca Gaudino is the Head of Baker McKenzie’s Information Technology & Communications Group in Milan. She focuses on data protection and security, advising particularly on legal issues that arise in the use of cutting edge technology.

Author

Eva-Maria Strobel is a Partner in Baker McKenzie's Zurich office, and chairs the Firm's EMEA Intellectual Property, Data & Cyber, Commercial, Tech & Transactions, Regulatory and Trade Practice Groups. With dual qualifications in Switzerland and Germany, she advises clients across industries on the strategic development, protection, and commercialization of intellectual property assets and legal intersections between emerging technologies, artificial intelligence, and data regulation. Eva-Maria regularly contributes to thought leadership on AI and IP, and is a trusted advisor to multinational clients navigating complex regulatory and innovation-driven landscapes.

Author

Adam Aft helps global companies navigate the complex issues regarding intellectual property, data, and technology in product counseling, technology, and M&A transactions. He leads the Firm's North America Technology Transactions group and co-leads the group globally. Adam regularly advises a range of clients on transformational activities, including the intellectual property, data and data privacy, and technology aspects of mergers and acquisitions, new product and service initiatives, and new trends driving business such as platform development, data monetization, and artificial intelligence.

Author

Brian Hengesbaugh is Global Chair of Baker McKenzie's Data & Cyber Practice. Formerly special counsel to the general counsel of the US Department of Commerce, Brian played a key role in the development and implementation of the US Government’s domestic and international policy in the area of privacy and electronic commerce. In particular, he served on the core team that negotiated the US-EU Safe Harbor Privacy Arrangement (Safe Harbor) and earned a Medal Award from the US Department of Commerce for this service.

Related Posts