AI Act and “Omnibus VII” package: what changes between new deadlines, simplifications and prohibitions

Contenido

On 29 June 2026, the Council of the European Union definitively approved the new “Digital Omnibus on AI” Regulation.  This is a measure amending Regulation (EU) 2024/1689 (the “AI Act”) and other related legislation, with the main objective of simplifying the application of artificial intelligence rules and reducing bureaucratic burdens for businesses, providers and users, referred to as “deployers”, while maintaining a high level of protection of fundamental rights.

Key dates to remember

2 December 20262 August 20272 December 20272 August 2028
The two new prohibitions added to Article 5 of the AI Act become applicableDeadline for establishing regulatory sandboxes in the Member StatesRules applicable to standalone high-risk AI systems (“non-embedded”)Rules applicable to high-risk AI systems embedded in products

Deferral of deadlines for high-risk systems

One of the most significant changes concerns the deferral of the deadlines laid down for high-risk artificial intelligence systems.  In particular, the rules will become applicable: on 2 December 2027 for standalone high-risk systems, i.e.  systems that operate independently, referred to as “non-embedded” systems; on 2 August 2028 for systems embedded in products. The deadline by which Member States must also establish at least one “AI regulatory sandbox”, i.e.  a controlled environment for testing new technologies, has been postponed to 2 August 2027. 

Two new prohibitions from 2 December 2026

The Regulation also introduces two new prohibitions, in addition to those already provided for under Article 5 of the AI Act, which will become applicable from 2 December 2026. These prohibitions concern the use of artificial intelligence to create or manipulate, without the consent of the person concerned, realistic intimate images or videos, namely sexual deepfakes, and child sexual abuse material.

Simplification and coordination with sector-specific legislation

From a simplification perspective, the Regulation addresses the issue of overlaps between the AI Act and sector-specific legislation, such as rules on medical devices or toys.  In such cases, duplication may be avoided: where special legislation already ensures equivalent or higher safeguards, certain obligations under the AI Act may not apply. 
In addition, Regulation (EU) 2023/1230 on machinery is now included in the list of sector-specific legislation in Annex I to the AI Act. This means that safety requirements relating to artificial intelligence will be directly integrated into the machinery regulatory framework.

Personal data protection developments

The Regulation also addresses the relationship with personal data protection legislation.  In particular, two key developments are introduced. The first concerns a new legal basis allowing providers of high-risk AI systems to process, in exceptional cases and subject to strict safeguards, personal data belonging to special categories of data within the meaning of Article 9 GDPR, for the purpose of detecting and correcting potential algorithmic distortions, commonly referred to as “bias”. 
The second development provides for the possibility of coordinating the fundamental rights impact assessment (FRIA) with the data protection impact assessment already provided for under the GDPR (DPIA), thereby avoiding unnecessary duplication. 

Entry into force

The Regulation will enter into force on the third day following its publication in the Official Journal of the European Union.

Download Area
Download the PDF
Download
Fecha
Habla con nuestros expertos