The European Parliament and the Council of the EU have agreed the Digital Omnibus on AI. This follows their original failure to agree last month.
The Digital Omnibus on AI was proposed on 19 November 2025, aiming to simplify the AI Act while maintaining its level of protection. It was published with another digital omnibus aimed at streamlining rules on cybersecurity and data, complemented by a Data Union Strategy to unlock high-quality data for AI and European Business Wallets.
The agreed changes include a clear implementation timeline for the rules governing high-risk AI systems. Rules for systems used in certain high-risk areas such as biometrics, critical infrastructure, education, employment, migration, asylum and border control will apply from 2 December 2027.
For systems integrated into products such as lifts or toys, the rules will apply from 2 August 2028.
The law also delays the application of watermarking obligations on AI-generated content until 2 December 2026 (instead of a delay until 2 February 2027 in the Commission proposal). Watermarking techniques allow for the detection and tracing of AI-generated content.
The European Commission says that this sequencing will help to make sure that technical standards and other support tools are in place before the rules start to apply.
The Parliament and Council also agreed to ban AI systems that create child sexual abuse material or depict the intimate parts of an identifiable person, or them engaged in sexually explicit activities, without that person’s consent. The prohibition applies to placing AI systems on the EU market with the purpose of creating such content; placing them on the EU market without reasonable safety measures to prevent such creation; and deployers using these systems for the purpose of creating such content.
They also agreed the following changes to the AI Act:
- Removing overlapping requirements on AI for machinery products by clarifying that they only need to comply with sectoral safety rules (instead of both the AI Act and sectoral rules); with safeguards that ensure an equivalent level of health and safety;
- Narrowing down what qualifies as “safety component”, meaning that products with AI functions that only assist users or optimise performance will not automatically face high-risk obligations, if their failure or malfunction does not create health or safety risks;
- Ability to process personal data where strictly necessary to detect and correct biases, with proper safeguards, both in high-risk and non-high-risk AI systems ;
- Extending SME exemptions from certain rules to small mid-cap enterprises (SMCs), to support their growth;
- Streamlining enforcement of certain general-purpose AI systems within the EU’s AI Office.
Next steps
The European Parliament and the Council must now formally adopt the political agreement. After that, the amendments will be published in the Official Journal of the European Union and enter into force three days later. The co-legislators intend to adopt it before 2 August 2026, the start date for current rules on high-risk systems.
