EU strikes deal to delay AI Act high-risk rules and exempt industry

TL;DR:

• EU legislators agreed in the early hours of 7 May to postpone restrictions on high-risk AI use under the EU AI Act until December 2027 — over a year later than the original schedule — and to exempt most industrial AI applications from the law’s scope.
• The deal also bans AI systems generating sexualised deepfakes of identifiable people and AI-generated child sexual abuse material; the watermarking grace period is cut from six months to three.
• Resultsense view: the first significant rollback of EU digital rules in years sharpens the divergence pressure on UK AI policy. With the EU softening, the US Commerce Department tightening voluntary frontier evaluations, and the UK ICO finalising its automated-decision-making guidance, UK firms now face a compliance map that has stopped converging.

The Cypriot presidency of the Council of the EU and the European Parliament confirmed the agreement after negotiations that ran from Wednesday evening until around 4.30am Thursday. The plan to delay had attracted heavy lobbying from industry and Member State capitals, with Germany leading the push to keep tech heavyweights Siemens and Bosch out of scope.

What the deal changes

The headline change is the deferral of high-risk AI restrictions to December 2027, replacing an original go-live this August. The industrial-AI exemption means most factory-floor and machinery-embedded AI uses will be covered by separate machinery rules rather than the AI Act, removing what Germany described as a “double regulatory burden”. Medical devices and other sectors discussed during negotiations were not exempted and remain in scope.

The watermarking provisions for AI-generated content will still apply, but companies now have only three months grace rather than six. New explicit prohibitions cover AI-generated sexualised deepfakes of identifiable people — added after public outrage over abusive use of Elon Musk’s Grok — and AI-generated child sexual abuse material.

Why now

The EU faced sustained pressure from the United States over its digital rulebook and from its own industry and several Member State governments warning that strict restrictions had put the bloc at a competitive disadvantage. Commission President Ursula von der Leyen said the deal “provides a simple, innovation-friendly environment” while “strengthening protections for our citizens”. Civil society groups argue the rules were necessary to protect against documented near-term harms.

UK and global context

For UK businesses operating across European jurisdictions, the divergence is now structural. The UK’s Article 22C automated-decision-making framework took effect on 5 February under the Data (Use and Access) Act, with ICO consultation closing 29 May. Hogan Lovells’ analysis this week characterised the UK approach as a shift from “prohibition with exceptions” to “permission with safeguards” — closer in tone to the diluted EU stance than the original AI Act. In the US, Google, Microsoft and xAI have just agreed to pre-deployment evaluations by the Commerce Department’s CASI, building on existing OpenAI and Anthropic deals.

Looking forward

The Brussels deal has to clear final formal sign-off, but the political agreement is set. Implementation of the redrawn timetable will dominate compliance work in EU-facing organisations through 2026. UK firms with operations in both jurisdictions face a renewed choice between a harmonised EU-grade compliance posture and a jurisdiction-specific one that takes advantage of the UK’s lighter framework — a strategic question that has just become more, not less, complicated.