EU AI Act Digital Omnibus: Parliament Votes as August Deadline Looms

The European Parliament holds its formal plenary vote today, 18 June 2026, on the Digital Omnibus package — the legislative instrument that amends the AI Act’s high-risk compliance timeline and arrives with precisely 45 days remaining before the 2 August deadline that much of European industry has been racing to meet. The vote follows a political agreement reached on 7 May, itself achieved only after negotiations came perilously close to collapse on 28 April.

The centrepiece of the Omnibus amendment is a 16-month extension for Annex III high-risk AI systems — those governing employment decisions, credit scoring, critical infrastructure, education, law enforcement, and border management. Companies deploying these systems now face a revised deadline of 2 December 2027 rather than 2 August 2026. Annex I systems, covering AI embedded in regulated products such as medical devices, machinery, and vehicles, gain a separate reprieve: their deadline shifts from August 2027 to August 2028.

Crucially, Parliament has not extended everything. Transparency obligations under Article 50 remain anchored at 2 August 2026. Chatbots must disclose their AI nature; deepfake content requires clear labelling. Watermarking of AI-generated content receives only a shortened delay, with a new deadline of 2 December 2026 — three months beyond August. General-purpose AI model obligations, already in force since August 2025, continue unchanged, as do all prohibited practices that became live in February 2025.

The Omnibus also expands Article 5 prohibitions. Two new bans take effect: AI systems generating non-consensual intimate imagery — so-called nudifiers — and systems producing child sexual abuse material are explicitly outlawed. These additions reflect sustained pressure from civil liberties groups and reinforced the political consensus that ultimately rescued the May agreement from collapse.

For compliance teams, the extensions offer breathing room but carry a warning. Companies deploying Annex III systems must still complete risk classification, conformity assessments, technical documentation, human oversight mechanisms, and EU database registration. Auditors broadly advise against treating the extended deadline as permission to restart the clock. Those who began compliance programmes in earnest now sit in an unexpectedly advantageous position as competitors recalibrate.

The compliance technology sector has absorbed the uncertainty and converted it into commercial opportunity. Platforms including Credo AI, Holistic AI, and AI Verify are reporting explosive demand. The sector carried a valuation of €2.3 billion in 2026 and analysts forecast growth to €8 billion by 2028 — a trajectory driven as much by regulatory complexity as by corporate goodwill.

The European Commission’s State of the Digital Decade report, published yesterday, provides sobering context for the broader ambition surrounding the AI Act. EU business adoption of AI rose 31 per cent year on year, a headline figure the Commission is eager to deploy. Yet structural deficits persist: cloud sovereignty stands at 28 per cent against a 2030 target of 65 per cent, 5G coverage reaches 84 per cent against a target of full deployment, and 42 per cent of the workforce faces a digital skills gap serious enough to constrain adoption.

Internationally, the G7’s updated Hiroshima AI Process code of conduct, agreed at Evian, signals tentative convergence between Brussels and Washington on AI safety principles — though without binding commitments from the United States. The EU’s enforcement-backed architecture remains the only binding framework of global scale, a position that lends today’s vote weight beyond European borders. Whether Parliament’s adoption of the Omnibus strengthens or slightly dilutes that architecture will define the immediate narrative. The vote result is expected this afternoon.