Brussels has reached an agreement to modify the AI Act and prohibit nudification applications.

Brussels has reached an agreement to modify the AI Act and prohibit nudification applications.

      After two unsuccessful trilogues, Parliament and the Council have finally reached a compromise that extends the compliance deadline for high-risk AI systems to December 2027, reduces the paperwork burden for smaller companies, and incorporates a long-anticipated ban on non-consensual intimate imagery into Europe's main AI legislation.

      On Wednesday, the European Commission announced that negotiators for both the Parliament and the Council had come to a political agreement on the AI Omnibus, a package of amendments aimed at easing the implementation of the bloc's primary Artificial Intelligence Act, which also includes a ban on AI-generated non-consensual intimate imagery.

      It took three attempts to arrive at this Agreement. The trilogue held on April 28 collapsed after about twelve hours of discussions regarding the conformity assessment of AI integrated into regulated products. A Wednesday session, called on short notice ahead of a fallback date of May 13, successfully bridged the gaps.

      Henna Virkkunen, the Executive Vice-President for tech sovereignty who championed the simplification initiative through the College of Commissioners last November, emphasized that the agreement would allow companies to “focus on building, not on paperwork.” She framed it as evidence that Europe can maintain its rules-based approach while ensuring they remain feasible for businesses.

      Key adjustments include an extension of deadlines and a reduction in paperwork. The most significant change involves the timeline. The obligations related to standalone high-risk AI systems outlined in Annex III—covering areas like biometrics, education, employment, essential services, law enforcement, justice, and border management—will now begin on December 2, 2027, instead of August 2, 2026. Rules for AI integrated into regulated products under Annex I will take effect on August 2, 2028.

      For companies that are partially through their compliance programs, this adjustment provides approximately an additional sixteen months. Brussels asserts that the delay is due to incomplete standards development rather than a withdrawal; the implementation of harmonized standards from CEN-CENELEC and a more comprehensive set of guidance documents is a prerequisite for activating these obligations.

      Smaller businesses will receive specific relief as well. The agreement expands existing simplifications available to small and medium-sized enterprises (SMEs) to include small mid-cap companies, offering templated technical documentation, reduced fees, and easier access to regulatory sandboxes. The goal, reiterated in the Commission’s press release, is to align obligations with organizational size instead of imposing a uniform compliance model across all entities in the value chain.

      One of the most politically significant aspects is the new prohibition on AI systems that create child sexual abuse material or produce non-consensual intimate images of identifiable individuals. Lawmakers have advocated for this since the late-2025 debate surrounding Grok’s nudification controversy, and Parliament deemed it a crucial point in the trilogue negotiations.

      The legislation now forbids the marketing and use of AI tools primarily aimed at undressing individuals in images or depicting identifiable people in sexually explicit situations without their consent. Companies have until December 2, 2026, to ensure existing products comply.

      This ban does not apply if developers implement effective safety measures to prevent generation and misuse, a provision designed to protect general-purpose models that already filter such outputs.

      TNW reported on the political agreement regarding intimate deepfakes when Parliament incorporated it into its mandate in late March; the trilogue text mostly aligns with that stance, though enforcement now rests primarily with national market-surveillance authorities and the AI Office, not with specific sector regulators.

      Critics may point out that the package retains the core structure of the AI Act. The risk-based pyramid remains intact. Rules for foundation models, effective since August 2025, are unaffected. The Code of Practice for general-purpose AI providers continues to be voluntary. Watermarking requirements for AI-generated content have shifted from February to December 2026 but will remain mandatory.

      Civil-society organizations, over forty of which sent a letter opposing the Omnibus in April, contend that the simplification narrative hides significant reductions in fundamental rights protections, especially concerning biometric identification and AI applications in education. Their concerns remain post-agreement: the trilogue did not revisit the substantial obligations, only their timing and paperwork.

      In contrast, the industry views the package as part of a larger competitiveness initiative that includes the GDPR simplification and the Data Act review. The agreement reflects this outlook: each concession in the AI Omnibus is procedural rather than substantive.

      The political agreement still requires formal approval from the Parliament’s plenary and the Council’s ministers, which is expected before the summer recess. If this does not occur, the initial August 2, 2026, deadline for high-risk compliance will stand—a situation the Commission has worked for six months to avert.

      Meanwhile, national authorities have their own responsibilities: the simplified documentation forms, sandbox templates, and guidance for small mid-cap companies must be established well ahead of the new deadlines, or the intended relief in paperwork will not translate into practical relief.

Other articles

Brussels reaches an agreement to simplify the AI Act and prohibit nudification applications. Brussels reaches an agreement to simplify the AI Act and prohibit nudification applications. Parliament and the Council have reached an agreement to extend the deadline for high-risk classifications under the EU AI Act to December 2027 and to prohibit AI nudification tools, resolving a prolonged stalemate. Silex, a pure-play MEMS foundry, has set the price for its IPO in Stockholm. Silex, a pure-play MEMS foundry, has set the price for its IPO in Stockholm. Silex Microsystems started strong on its Nasdaq Stockholm debut on 7 May 2026, following a pricing of SEK 81 per share. Quantum Motion secures $160 million in the EU's initial significant late-stage investment. Quantum Motion secures $160 million in the EU's initial significant late-stage investment. The new Scaleup Europe Fund of the European Union has spearheaded a $160 million investment round in Quantum Motion, a UK-based company specializing in silicon-CMOS spin-qubits. Pure-play MEMS foundry Silex sets price for its IPO in Stockholm. Pure-play MEMS foundry Silex sets price for its IPO in Stockholm. Silex Microsystems saw a significant rise in its share price during its debut on Nasdaq Stockholm on 7 May 2026, following a pricing of SEK 81 per share. Amazon steps back from the grocery market in Singapore and focuses on cross-border operations instead. Amazon steps back from the grocery market in Singapore and focuses on cross-border operations instead. Amazon will discontinue Amazon Fresh and local fulfillment in Singapore on July 6, 2026, resulting in a limited number of layoffs. Why Nexus Luxembourg has established itself as a staple in Europe’s AI calendar. Why Nexus Luxembourg has established itself as a staple in Europe’s AI calendar. Nexus Luxembourg will take place from June 10 to 11, 2026, featuring over 150 speakers, 250 competing startups, and a grand prize of €100,000.

Brussels has reached an agreement to modify the AI Act and prohibit nudification applications.

Parliament and the Council have reached an agreement to extend the EU AI Act's high-risk deadline to December 2027 and prohibit AI nudification tools, resolving a lengthy impasse.