On May 7, 2026, the EU approved the Digital Omnibus on AI, simplifying the AI Act even before its full application. Here’s what changes for businesses.
Sixteen months. That’s how long it took for the European artificial intelligence regulation to be reopened and partially rewritten. Published in the EU’s Official Journal in July 2024, the AI Act has just been the subject of a political agreement reached on May 7, 2026, between the European Parliament and the Council of the EU. This text, designated as the Digital Omnibus on AI, profoundly modifies compliance deadlines and extends several administrative reliefs to a broader category of companies. No structuring Union regulation, neither the GDPR nor the Digital Services Act, had undergone such treatment so quickly after its adoption.
A completely revised timetable for high-risk systems
The most concrete element of the agreement concerns the deadlines. The Council of the EU and the European Parliament have set two different dates depending on the nature of the AI systems concerned:
-
Autonomous high-risk AI systems (biometrics, education, employment, essential services, border control, justice): application of rules on December 2, 2027.
-
AI systems integrated into regulated products (elevators, toys, machinery, medical devices): application of rules on August 2, 2028.
This two-tiered structure responds to a persistent criticism: companies whose AI systems are already governed by sectoral regulation felt that the superposition of obligations represented a disproportionate burden. The provisional agreement provides for a mechanism to resolve conflicts between the horizontal framework of the AI Act and existing sectoral legislation, according to information published by the Council of the EU on May 7, 2026.
Furthermore, the transparency rules on labeling AI-generated content, initially planned for August 2, 2026, will benefit from a short grace period. Providers of generative AI systems will have until December 2, 2026, to make their content detectable as artificially generated, which is three months longer than the original schedule, according to the official press release from the European Commission published on May 7, 2026.
SMEs are no longer alone in benefiting from reliefs
Until now, certain regulatory privileges (simplified documentation, modulated penalties) were reserved for small and medium-sized enterprises. The agreement of May 7, 2026, extends these exemptions to companies with fewer than 750 employees, a category designated as « small mid-cap companies. » For startups and scale-ups in the technology sector, this threshold represents a direct signal: compliance with the rules on AI regulation in Europe should no longer be the sole preserve of large platforms capable of absorbing dedicated legal teams.
The agreement also provides for the establishment of a European-level regulatory sandbox. This mechanism will allow AI systems to be tested in real-world conditions before being placed on the market, with an operationalization target set for August 2, 2027. At the same time, the European AI Office will have its prerogatives strengthened to supervise general-purpose AI models, while maintaining the competence of national authorities in sensitive sectors such as law enforcement, border management, and financial supervision.
An expanded ban, two new prohibited practices
The agreement is not limited to flexibilities. The European Parliament has obtained the addition of two new prohibitions in Article 5 of the AI Act. Systems capable of generating or manipulating sexual images of an identifiable person without their consent are explicitly targeted. Child sexual abuse material produced by AI systems is also prohibited in the final text, according to information from the European Parliament published on May 7, 2026. These additions respond to recent scandals involving consumer tools and non-consensual uses.
Why Brussels rewrote its own law in less than two years
The revision of the AI Act is not the result of a simple technical adjustment. It is the result of unprecedented industrial and political pressure exerted between the summer of 2025 and the beginning of 2026. In July 2025, forty-five major European companies (including Airbus and Axa) formally requested a moratorium on the application of the text. Two months later, fifty-six AI players, led by Mistral AI, called for a substantial simplification of obligations.
The Draghi report on European competitiveness had estimated the global cost of regulatory compliance for the continent’s businesses at €500 billion per year. This figure weighed heavily in the decisions made in Brussels. External pressure also played a role: the Trump administration, which signed an executive order in January 2025 aimed at removing obstacles to technological development in the United States, had signaled its opposition to any regulation deemed excessive that could affect American companies operating in the European market.
Marilena Raouna, Cyprus’ Deputy Minister for European Affairs, welcomed the speed of the process in a statement from the Council of the EU published on May 7, 2026: « Streamlining the AI rules is essential for ensuring the EU’s digital sovereignty. As presidency, we worked on this proposal with urgency. » (Rationalizing AI rules is essential for ensuring the EU’s digital sovereignty. As presidency, we worked on this proposal with urgency.)
Competitiveness, the other issue that regulation does not solve
The May 7 agreement provides an additional sixteen months for companies concerned by the rules on high-risk systems. This deadline is concrete and immediately useful, particularly for French and European startups whose teams are not sized to achieve compliance in a few months.
However, it does not close the investment gap between Europe and its competitors. In 2025, investments in AI technologies reached approximately $8 billion on the European side, compared to $109 billion in the United States, according to data available before the conclusion of this agreement. This gap reflects a structural reality that goes beyond the scope of the AI Act: availability of capital, depth of the single market for digital services, access to chips and computing infrastructure.
The Digital Omnibus on AI confirms that European regulation is capable of adapting quickly when the pressure is sufficient. For legal teams and compliance officers, the priority now is to integrate the new deadlines into their roadmaps, while preparing for the obligations whose entry into force has not been modified, particularly the rules on AI literacy and transparency requirements already applicable since August 2025.