IT Get in touch

EU AI Act: the Digital Omnibus heads toward formal adoption — what companies should do now

The Digital Omnibus on AI is heading toward formal adoption but is not law yet: until publication in the EU Official Journal the new dates are not binding and the August 2026 threshold formally stands. What companies should do now.

AIComplianceGovernance
AIComplianceGovernance EU AI ActAI GovernanceComplianceDigital OmnibusGovernanceAI
Artificial Intelligence

Artificial Intelligence

EU AI Act consulting: system classification, policies, AI governance, training.

Discover →

Where we are

In our previous article we described the provisional political agreement reached in trilogue between the European Parliament and the Council on the Digital Omnibus on AI: the first targeted amendment package to Regulation (EU) 2024/1689 — the AI Act — since its adoption in 2024.

These days the procedure is in its final stretch, but with a caveat that matters more than it seems: the Digital Omnibus is not law yet. There is a provisional agreement, not a text in force. Three steps are still missing: the final plenary vote of the European Parliament, expected in the course of June, the formal adoption by the Council, and publication in the EU Official Journal.

Provisional does not mean in force

This distinction is the operational core of this update. A provisional political agreement fixes the negotiated content, but produces no legal effect. The postponed dates agreed in the Omnibus become binding only after formal adoption and publication in the Official Journal, with entry into force on the standard timeline.

Until that step happens, the practical consequence is clear: the original 2 August 2026 deadline for high-risk AI systems formally still stands. A company that today slowed down or demobilised its compliance programme counting on the postponement would expose itself to a real risk, because it would be betting on a text that does not yet exist as law.

Formal adoption is expected before August 2026, precisely so as not to leave the original threshold uncovered. That is a well-founded expectation, not a certainty: the margin between the legislative procedure and the deadline is narrow, and should be treated as such.

The agreed deadlines, to be confirmed

The new dates negotiated in the Omnibus — which will only become operative once publication has taken place — remain those already outlined:

  • 2 December 2027 — high-risk stand-alone AI systems (Annex III).
  • 2 August 2028 — high-risk systems embedded in already-regulated products (Annex I, for example medical devices).
  • 2 August 2027 — establishment of national regulatory sandboxes.
  • 2 December 2026transparency for artificially generated content, with the grace period reduced from 6 to 3 months.

To these is added the new prohibition (Article 5 of the AI Act) on non-consensual intimate images generated by AI and on artificial CSAM, with a transitional period until December 2026.

These remain dates of agreed regulatory content: we report them because they guide planning, but they should be verified against the final text once it is published.

The real next operational deadline

There is a point that the debate over the high-risk postponement risks overshadowing. The nearest deadline, and the one affecting the largest number of companies, is not the high-risk one: it is transparency for AI-generated content, set for 2 December 2026.

It concerns anyone producing or distributing AI-generated content — text, images, audio, video — and mandates marking and provenance solutions (watermarks, metadata such as C2PA or equivalent). With the grace period cut to 3 months, it is the first real operational test of the new framework. For many companies it is also the easiest to underestimate, because it touches content pipelines that often fall outside traditional AI compliance programmes.

What it means in practice

For those with AI systems in production or on the roadmap, the message of this update is to not confuse expectation with law in force:

  • Do not demobilise compliance programmes. Until publication in the Official Journal, the August 2026 deadline is formally the reference. Proceeding as planned is the prudent posture.
  • Treat the postponement as a hypothesis, not a fact. Updating the roadmap against the new dates is fine; making it the only course of action is not.
  • Shift attention to AI-generated content transparency (2 December 2026): it is the next genuinely imminent deadline and should be addressed now, regardless of the Omnibus outcome.
  • Track the procedure through to publication: that — not the provisional agreement — is the moment the dates become binding.

For a general framing of the obligations, our overview of what changes with the AI Act remains useful; on the organisational side, the integration between GDPR and the AI Act and the role of the DPO is worth keeping in view. The cross-regulation gap analysis between frameworks and the monitoring of the regulatory procedure are practices noze keeps active across every compliance project.

Links: EU Council press release — 7 May 2026 · European Parliament — Legislative Train, Digital Omnibus on AI

Need support? Under attack? Service Status
Need support? Under attack? Service Status