On 29 June 2026, the Council of the EU adopted the Digital Omnibus Regulation on AI, introducing targeted amendments to the AI Act. The package includes the postponement of key compliance deadlines, new prohibitions and clarifications to a number of definitions. Below, we outline the changes relevant to entities developing, deploying or procuring AI systems.
New deadlines for the application of requirements for high-risk systems
The original date of entry into force of the requirements for high-risk systems, 2 August 2026, is replaced by two new dates, depending on how the system is classified:
- 2 December 2027 – stand-alone systems classified under Annex III of the AI Act, including systems used in biometrics, recruitment, education, lending, law enforcement and the administration of justice.
- 2 August 2028 – systems embedded in products covered by EU harmonisation legislation (Annex I), e.g. medical devices, machinery and toys.
The postponement of the deadlines is mainly due to delays in standardisation work and the insufficient readiness of national supervisory authorities.
New prohibitions on AI generating illegal sexual content
From 2 December 2026, it will be prohibited to make available or use AI systems that:
- generate child sexual abuse material (CSAM);
- without the consent of the person depicted, create or manipulate images, audio or video depicting that person’s intimate body parts or their activities of an unambiguously sexual nature (so-called non-consensual sexual deepfakes).
The ban applies both to providers of AI systems, who may not place them on the market without appropriate technical safeguards, and to entities that use these systems for prohibited purposes. The provisions apply from 2 December 2026.
Obligation to label synthetic content in a machine-readable format
Providers of AI systems that generate synthetic content (audio, video, images or text), whose systems were placed on the market before 2 August 2026, have until 2 December 2026 to comply with the obligation to apply machine-readable watermarks to such content. This also applies to GPAI models. The transition period has been reduced from 6 to 3 months.
Clarification of the definition of a ‘safety component’
The AI Act applies to AI systems performing a ‘safety function’, i.e. those intended to prevent risks to the health or safety of persons or property. The amendment clarifies that systems used solely to assist the user, optimise performance or automate processes are not classified as safety components, provided that their failure does not pose a health or physical risk. In practice, this amendment narrows the scope of AI systems classified as safety components, which directly affects the risk assessment of systems embedded in industrial and consumer products.
Processing of special categories of data to detect and correct bias
Until now, the processing of sensitive personal data (e.g. data relating to ethnic origin or health) for the purpose of detecting and correcting algorithmic bias was permitted only for providers of high-risk systems. The Digital Omnibus extends this possibility to providers and deployers of AI systems outside the high-risk category, provided that the processing is strictly necessary and subject to appropriate safeguards (Article 10(5) of the AI Act).
Extension of SME relief to small mid-cap companies and other systemic changes
The preferential rules for the application of the AI Act, previously reserved for SMEs, will be extended to so-called small mid-cap companies (SMCs) – entities that have exceeded the SME thresholds but still operate on a scale comparable to smaller entities. At the same time, enforcement mechanisms for selected GPAI models by the European AI Office will be strengthened, whilst sectors such as machinery will be able to avoid duplication of compliance requirements where sector-specific legislation provides an equivalent level of protection.
National AI regulatory sandboxes
Member States have until 2 August 2027 to launch national AI regulatory sandboxes. These are controlled environments in which companies can test innovative AI systems under the supervision of the competent authority, with the possibility of a temporary exemption from selected requirements.
If you are implementing, procuring or developing AI systems and wish to assess what obligations under the AI Act apply to your organisation, we are here to help. Please contact us: Aneta Kiser, Marcin Kroll, Rafał Wieczerzak.


