EU AI Act After the Omnibus Vote: What Changed and What’s Due

The European Parliament voted on 17 June 2026 to approve the Digital Omnibus simplification package, reshaping the compliance calendar for the EU AI Act in ways that will define corporate strategy for the next two years. The plenary passed the package by 412 votes to 189, with 34 abstentions, following a political agreement reached on 7 May. The Council is expected to rubber-stamp the text within a fortnight, placing publication in the Official Journal before the end of June.

The most consequential change concerns Annex III high-risk AI systems. Employment and HR tools — including CV screening and performance evaluation software — now face a compliance deadline of 2 December 2027, pushed back from the original 2 August 2026. The same extension applies to credit scoring and insurance models, critical infrastructure management systems, education and vocational training platforms, law enforcement biometrics, and border management applications. Critically, the blanket ban on real-time biometric mass surveillance in public spaces remains intact and unaffected by the omnibus amendments.

Annex I systems — AI embedded in regulated products such as medical devices, machinery, and vehicles — receive a separate reprieve, with their deadline shifting from 2 August 2027 to 2 August 2028. Smaller companies gain a further advantage: firms with fewer than 250 employees receive an additional six-month grace period on top of all extended deadlines, a carve-out designed to prevent regulatory asymmetry from crushing European technology start-ups.

General-purpose AI providers face no such relief. Foundation model operators whose training runs exceed 10²⁵ FLOPs must comply with their original obligations, and the systemic risk rules that entered force in August 2025 remain fully operative. The GPAI Code of Practice is now in its final, binding version.

Despite the sweeping extensions, the 2 August 2026 date still carries genuine legal weight. Article 50 transparency obligations require all AI systems interacting with humans to disclose their artificial nature from that date. Watermarking of AI-generated content faces a further three-month delay to 2 December 2026, but every other transparency duty activates as scheduled. The AI Office, which launched in February 2026, is fully operational and holds authority to impose fines of up to €35 million or seven per cent of global annual turnover on non-compliant GPAI providers.

The Commission moved quickly to support implementation. On 18 June it published new guidance documents covering prohibited practices and GPAI transparency requirements. An SME helpdesk becomes operational on 1 July, and the regulatory sandbox programme — mandated under Article 57 — is expanding to all 27 member states by August 2026. National market surveillance authorities carry enforcement responsibility for most compliance categories, and Ireland, home to the European headquarters of most major technology firms, is recruiting 80 additional AI inspectors.

Industry response split along predictable lines. Digital Europe welcomed the extensions as essential for legal certainty and competitiveness, while EuroCloud Europe argued that cloud providers require the additional runway to help clients achieve compliance at scale. The insurance sector specifically endorsed the credit scoring reprieve, citing the time needed to validate actuarial models under the new framework. AccessNow offered a sharply different verdict, describing further delays for high-risk systems as unacceptable given documented AI harms already occurring across the bloc.

The omnibus amendments resolve immediate pressure on compliance teams but do not alter the Act’s fundamental architecture. Prohibited uses — social scoring, subliminal manipulation, and real-time biometric surveillance — have been in force since February 2025 and face no revision. Organisations that treated the original deadlines as distant targets now have more time, but the trajectory is fixed: Brussels will not offer a third extension.