EU agrees to amend AI Act, clarifies overlap with machinery rules

One week after negotiations between European Parliament and the Council of the European Union were delayed, co-legislators reached a provisional agreement to reform the Artificial Intelligence Act, part of the Digital Omnibus on AI simplification package. The agreement was reached in the early morning hours 7 May, after another marathon negotiation.

A looming compliance deadline on high-risk AI systems placed significant pressure on reaching an agreement in time. The proposal postpones the 2 Aug. deadline and offers two distinct compliance dates. AI systems involving biometrics, critical infrastructure, education, employment, law enforcement and border management will now have a 2 Dec. 2027 deadline. AI systems embedded in products will have a 2 Aug. 2028 deadline.

Negotiating sticking points

According to Euractiv, a main focus for negotiators overnight centered on the approach to the AI Act's overlap with existing laws in various industrial sectors. 

As a result, machinery is exempted from direct AI Act applicability where overlap exists, with AI-specific health and safety handled through the Machinery Regulation. The European Commission would be able to adopt delegated acts to add health and safety requirements for AI systems that are deemed high risk under the AI Act.

Regarding potential overlap between the act and other sectoral laws — including for medical devices, connected cars and toys — the European Commission would be charged with creating implementing acts.

Germany pushed hard to limit the act's scope on industry. Chancellor Friedrich Merz told German CEOs last month he would support a less stringent approach to regulation, saying, "I will push to ease the regulatory burden in the EU on AI and, where possible, to exempt industrial AI from the current regulatory straightjacket that is too tight for AI within the European Union."

Deputy Minister for European Affairs of the Republic of Cyprus Marilena Raouna said the agreement "supports our companies by reducing recurring administrative costs" and "ensures legal certainty" along with a "smoother and more harmonised implementation of rules" while "stepping up the protection of children targeting risks linked to the AI systems."

European Parliament co-rapporteur Arba Kokalari said the agreement demonstrates "that politics can move just as quickly as technology. We now make the AI rules more workable in practice, remove overlaps and pause the high-risk requirements."

European Commission Executive Vice-President for Tech Sovereignty, Security and Democracy Henna Virkkunen said, "Our businesses and citizens want two things from AI rules. They want to be able to innovate and feel safe. Today’s agreement does both."

Other AI Act reforms 

The update would ban so-called "nudifier" apps, or AI systems that create child sexual abuse material or use identifiable aspects of a person engaged in sexually explicit activities. Compliance with this prohibition starts 2 Dec. 2026. European Parliament co-rapporteur Michael McNamara said the ban on nudifier apps provides "the tools to act if providers do not address AI systems that compromise fundamental rights or human dignity."

The reform deal would allow the possibility for organizations to process personal data "where strictly necessary to detect and correct biases, with proper safeguards, both in high-risk and non-high-risk AI systems," according to the Parliament's news release. It would also streamline the enforcement of specific general-purpose AI systems where the model and system are developed by the same provider and AI systems embedded in very large online platforms and search engines within the EU AI Office.

The agreement also postpones a deadline for the establishment of AI regulatory sandboxes at the national level to 2 Aug. 2027, and minimizes the grace period for providers to implement transparency solutions for AI-generated content down from six to three months. The new deadline is 2 Dec. 2026.

Notably, the update brings back the obligation for providers to register AI systems in the EU's high-risk systems' database.

The deal extends some regulatory exemptions that were provided to SMEs to small mid-cap companies.

Stakeholders react

In comments to the IAPP, Kai Zenner, head of office and digital policy adviser for German MEP Axel Voss, said, "The AI Omnibus negotiations are over, giving companies more time to get compliant and removing machinery products largely from the law's scope." Though the updates are a "positive" step, Zenner said these "minor steps will not solve the structural problems — the EU's digital acquis (the EU's Digital Rulebook) still requires a major overhaul, in particular, when it comes to legal coherence as well as the enforcement of our rules."

BEUC, the European Consumer Organisation, was less optimistic, arguing the updates amass a less safe digital environment.

"This AI omnibus rolls back key consumer protections which had barely been adopted a year ago, by removing critical AI systems from the rules and allowing for future delegated acts that could undermine current safeguards," BEUC Director General Agustin Reyna said. "It creates dangerous loopholes and confusion for both businesses and consumers."

Though critical of much of the compromise, BEUC said it backs the shorter deadline for AI-generated content transparency requirements and the reemergence of the high-risk AI systems registry. 

DIGITALEUROPE applauded the machinery exemption but warned it was a "missed opportunity" to help medical device manufacturers. They argued that 95% of Europe's medtech companies are small-to-medium-sized enterprises and startups that will "still face overlapping obligations under the Medical Device Regulation and the AI Act."

The organization's director general, Cecilia Bonefeld-Dahl, said, "Europe can lead on AI safety without adding additional burden to its companies. Unfortunately, the co-legislators dropped the ball for our medtech innovators and connectivity champions."

The Computer & Communications Industry Association was less supportive, saying the deal was a "missed opportunity" by not offering "genuine simplification in key areas." Though it backed the postponement of the high-risk AI deadlines, the CCIA said this was the "bare minimum." 

"Given the minimal improvements made to the AI Act, the glaring gap between political rhetoric on regulatory simplification and concrete outcomes is hard to ignore," said CCIA Europe AI Policy Lead Boniface de Champris. 

In her weekly A view from Brussels column, IAPP Managing Director, Europe, Isabelle Roccia, CIPP/E, opined, "The ink is barely fresh on this agreement ... so the wisest thing to do right now is to take a few steps back." But with the pressure to pass the original AI Act in 2024, and to update it in 2026, Roccia wondered "what the AI Act would have looked like if back two years, legislators afforded themselves a bit more time to come to a finished product." 

What's next?

The provisional agreement now needs to be endorsed and formally adopted by both the European Parliament and Council of the EU and submitted for legal and linguistic revision before it enters into law. Once adopted, the amendments will be published in the Official Journal of the European Union and enter into force three days later. 

The Council said formal adoption will take place "in the coming weeks." According to the Parliament's news release, "The co-legislators intend to adopt it before 2 August 2026, the start date for current rules on high-risk AI systems."