— Edition 1.247 52 verified trackers
ES EN
Politics · Technology · Digital regulation  ·  where data speaks before headlines
AI Act · European Union · Omnibus

The European Parliament approves the AI Act Omnibus: it delays high-risk obligations and, at the same time, bans 'nudify' apps

On 16 June the European Parliament backed the simplification of the AI Regulation in plenary. The package pushes high-risk obligations and national sandboxes back by more than a year, and at the same time adds a new prohibition: the generation of non-consensual intimate images and child sexual abuse material, effective 2 December 2026. Formal Council adoption is still pending.

By Yaneth Vickari S. Digital regulation expert 9 min read
AI Act Digital Omnibus European Union European Parliament high-risk nudify CSAM sandboxes Article 5 Article 50 AI regulation
AI Act · European Union · Omnibus The AI Act'snew calendar Deadlines reshaped by the Digital Omnibus, after Parliament's 16 June vote 2 Dec 2026 New prohibitions: 'nudify' and child sexual abuse material 2 Aug 2027 National sandboxes (deferred by a year) 2 Dec 2027 Use-based high-risk (Annex III), +16 months 2 Aug 2028 High-risk embedded in products (Annex I) Deadlines from the provisional agreement approved by Parliament on 16 June 2026; they become final upon Council adoption and publication in the Official Journal. Sources: European Parliament and Council of the EU. DIÁLOGO CIUDADANO

The vote

The European Union’s flagship artificial-intelligence law received its first major adjustment since it was passed in 2024. On 16 June 2026, the European Parliament backed the Digital Omnibus on AI in plenary, on the basis of the provisional agreement reached on 7 May between Parliament and the Council. The Internal Market (IMCO) and Civil Liberties (LIBE) committees had already endorsed it on 2 June by 93 votes in favor, 4 against and 15 abstentions.

It is worth marking the exact status, because it is not yet final. What remains is formal adoption by the Council of the Union, expected before 2 August 2026; only after publication in the Official Journal will the new dates be firm, and the regulation will enter into force three days later.

The hand that loosens

The bulk of the package is a postponement. Obligations for the use-based high-risk systems of Annex III — covering, among others, recruitment, credit-scoring, education, border-control and law-enforcement tools — are pushed from 2 August 2026 to 2 December 2027, a sixteen-month delay. Those for AI embedded in regulated products under Annex I — medical devices, machinery, vehicles — move from 2 August 2027 to 2 August 2028. The requirement that each member state establish at least one national regulatory sandbox also moves to 2 August 2027.

Transparency got a shorter reprieve. For generative systems already on the market before 2 August 2026, the obligation to mark synthetic content in a machine-readable way is deferred to 2 December 2026; products placed on the market after that date must comply from day one.

The hand that tightens

On one point, the Omnibus does not loosen: it tightens. The agreement adds to Article 5 a prohibition on AI systems that generate or manipulate intimate images, video or audio of an identifiable person without their explicit consent — the so-called “nudify” apps — and on those that produce child sexual abuse material (CSAM), effective from 2 December 2026. As several firms that followed the negotiation noted, this prohibition was not in the Commission’s text: Parliament pushed it through, and it sits in the regulation’s top penalty band, up to 35 million euros or 7 percent of global turnover. For providers, the ban reaches not only systems intended for such use, but those in which such generation is a reasonably foreseeable and reproducible outcome without significant modification and which lack adequate technical safeguards.

The shortcut that closes

There was an attempt to lighten the load that did not prosper, and it is worth noting. The Commission had proposed removing the obligation to register, in the EU database, systems operating in Annex III contexts that their providers self-assess as not high-risk; Parliament and the Council rejected the deletion and kept the registration in a streamlined form. In practice, a self-assessment that used to be an internal memo becomes a public filing: whoever decides that their HR or credit tool is not high-risk will have to defend that classification before a searchable list available to authorities.

Two readings

The same package admits two narratives, and both are on the table. The Council presented the agreement as support for business that cuts recurring administrative costs and brings legal certainty and more harmonized application, in line with the Union’s simplification and competitiveness agenda. On the other side, several analysts warned that the most debatable point is the deferral of the sandboxes, precisely the tool the small players the rule says it wants to protect need most, so delaying it weakens a pro-innovation instrument. The underlying debate is the one the Draghi report on competitiveness opened: whether Europe can comply with its own regulation without giving up competing.

What remains

The picture, as this report closes, is of a text approved by one chamber and pending in the other. The prohibitions in force since February 2025 — social scoring, subliminal manipulation — still stand, and the rules for general-purpose models are untouched. No fine has been imposed under the regulation as of mid-2026. The reshaped calendar will be final only when the Council adopts it and it is published; until then, the new dates are the planning baseline used by authorities and law firms, not yet firm law.