The EU AI Act Omnibus Deal - New Rules, Deadlines, and the 'Nudifier' Ban

As the world grapples with the rapid advancement of AI, the European Union is moving forward with its landmark regulatory framework. On May 7, 2026, EU lawmakers reached a political agreement on the AI Omnibus package, a set of significant amendments designed to simplify and clarify the AI Act while introducing new, urgent prohibitions.

The New Deadlines: A Breath of Relief for Businesses

One of the most significant changes is a delay in compliance deadlines for certain high-risk systems. This gives companies more time to prepare for the new rules.

• High-Risk AI Systems: The application deadline is now December 2, 2027 (previously August 2026). This includes systems used in biometrics, critical infrastructure, education, and employment.
• High-Risk Safety Components: These have until August 2, 2028 to comply.
• AI-Generated Content Watermarking: The deadline has been brought forward to December 2, 2026, from the previously proposed February 2027.

The Headline Ban: Nudifier Apps Are Out

Beyond the timeline shifts, the Omnibus deal introduces a critical new prohibition that has captured global attention. EU lawmakers have agreed to ban AI systems that create nudified content, apps or features that generate or manipulate sexually explicit images, video, or audio of an identifiable person without their consent.

This ban targets the growing problem of deepfake pornography and AI-generated child sexual abuse material. Providers have until December 2, 2026 to ensure their systems are compliant, after which they will face severe penalties for non-compliance.

Reducing Overlap, Centralizing Enforcement

The Omnibus also aims to make life easier for businesses by removing redundant requirements.

• Machinery Products: The deal clarifies that AI used in machinery only needs to comply with existing EU sectoral safety rules, not both those rules and the AI Act simultaneously.
• Safety Component Narrowed: An AI function will only be considered a high-risk safety component if its failure creates a direct health or safety risk. AI systems that merely assist users or optimize performance will not automatically trigger the high-risk label.
• SME Support: The exemptions for small companies have been extended to include small mid-cap enterprises as well, helping them grow without being crushed by compliance burdens.

What This Means for Your Business

For companies operating in or selling to the EU, the message is clear: the era of vague AI governance is ending. While the new deadlines offer some breathing room, the time to prepare is now. The development of a new Code of Practice on Transparency, expected in June 2026, will provide crucial technical guidance on how to comply.

In essence, the EU is tightening the screws on harmful AI applications while simultaneously streamlining the process for responsible innovation. The ban on nudifiers is a strong signal that the regulation is not just about data privacy, but about protecting individuals from real-world harm in the digital age.