EU reaches provisional deal on targeted AI Act changes

The Council presidency and European Parliament negotiators have reached a provisional agreement on targeted changes to the EU AI Act as part of the Omnibus VII package, which aims to simplify parts of the Union’s digital rulebook and ease implementation burdens.

According to the announcement, the deal broadly preserves the thrust of the Commission’s proposal on high-risk AI systems. The provisional agreement sets new application dates of 2 December 2027 for stand-alone high-risk AI systems and 2 August 2028 for high-risk AI systems embedded in products.

The agreement also extends certain simplification measures beyond SMEs to small mid-caps, while keeping some safeguards. It reinstates the obligation for providers to register AI systems in the EU database where they consider those systems exempt from high-risk classification, and restores the requirement of strict necessity for processing special categories of personal data for bias detection and correction.

At the same time, the co-legislators added a new prohibited AI practice covering the generation of non-consensual sexual and intimate content and child sexual abuse material (CSAM). The deal also postpones the deadline for national AI regulatory sandboxes to 2 August 2027 and shortens the grace period for transparency measures for AI-generated content from 6 months to 3 months, with a new deadline of 2 December 2026.

The provisional agreement further clarifies the division of supervisory powers between the AI Office and national authorities, particularly where general-purpose AI models and downstream AI systems are developed by the same provider, by listing exceptions where national authorities remain competent. It also addresses overlaps between the AI Act and sectoral legislation in areas such as medical devices, toys, machinery, lifts, and watercraft: if the sectoral law has similar AI-specific requirements to the AI Act, then the AI Act’s application is limited through implementing acts. A specific solution was found for machinery regulation by exempting it from the direct applicability of the AI Act, while the Commission is empowered to adopt delegated acts under the machinery regulation, which would add health and safety requirements in respect of AI systems that are classified as high-risk pursuant to the AI Act.

The text must still be endorsed by both the Council and the European Parliament before undergoing legal and linguistic revision and formal adoption. The proposal is part of the EU’s broader simplification agenda, which has been driven by calls from the European Council and followed by a series of Omnibus packages since early 2025.

Marilena Raouna, Deputy Minister for European Affairs of the Republic of Cyprus, elaborated: ‘Today’s agreement on the AI Act significantly supports our companies by reducing recurring administrative costs. It ensures legal certainty and a smoother and more harmonised implementation of the rules across the Union, strengthening EU’s digital sovereignty and overall competitiveness.’

Raouna added: ‘At the same time, we are stepping up the protection of children targeting risks linked to the AI systems. This agreement is clear evidence of our institutions’ ability to act swiftly and deliver on our commitments. It marks the first deliverable under the ‘One Europe, One Market’ roadmap agreed by the three institutions last week, well within the set deadline.’

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!