AI Act Omnibus: EU institutions agree political deal (via Passle)
The EU Commission, Parliament and Council have each announced this morning that a political deal has been reached overnight on the AI Act Omnibus. The development comes just a week after what had been billed as a final trilogue session failed to produce agreement. It means we now (finally) have a list of the key changes to the AI Act that are expected to be fast-tracked into a final text and enter into force in the coming weeks.The political drama around the AI Omnibus has made it difficult to distinguish substantive developments from Brussels noise. Today’s news matters – this is the substantive agreement between the different policy-making groups in Brussels. We are still waiting for the draft text, but as of this morning the following key points have been disclosed: The extended compliance deadlines for high-risk AI systems are 2 December 2027 for standalone high-risk use cases, such as critical infrastructure, education and employment, and 2 August 2028 for high-risk AI systems integrated into regulated products, such as medical devices.The grace period for implementation of transparency and digital watermarking measures on AI-generated content under Article 50 will be 2 December 2026.For medical devices and other products, a “form of compromise” has been agreed to use delegated legislation to limit the applicability of the AI Act where the relevant sectoral product legislation has similar AI-specific requirements to the AI Act. The practical effect of this compromise is not yet clear.The Machinery Regulation appears to have been removed from scope of the AI Act entirely.The definition of a “safety component” has been narrowed so that AI systems that only assist users or optimise performance will not be deemed high-risk, if their failure or malfunction does not create health or safety risks.AI systems that generate non-consensual sexual and intimate content (e.g. “nudification” apps) or child sexual abuse material will be banned in the EU.The role of the Commission’s AI Office in supervising certain GPAI models appears to have been expanded, with supervisory responsibilities split between the AI Office and national authorities in certain sectors.Two specific requirements that were facing removal or dilution seem to have survived intact: (i) to register AI systems deemed non-high risk in the EU database for high-risk systems, where they fall within the general scope of the Annex III list of high-risk systems, and (ii) the strict necessity standard for processing special category data for bias detection and correction. The EU institutions appear to have salvaged a political deal on the AI Omnibus just as failure to reach agreement threatened to create further uncertainty over the scope and implementation timeline of the AI Act.While important questions remain, today’s announcement is a significant development and should give enterprises a clearer basis for planning AI Act compliance. We’ll be watching closely for the draft text to emerge: political agreements often include (convenient) ambiguity that then has to be resolved in drafting the agreed final text. The devil, as always, is in the detail.
