EU AI Act omnibus deal pushes high-risk deadlines to 2027, narrows scope

TL;DR:

  • EU governments and European Parliament lawmakers struck a deal on 7 May on the so-called “AI omnibus”, a package of targeted amendments to the EU Artificial Intelligence Act that extends compliance deadlines, narrows the scope of high-risk obligations and adds one new prohibition on AI-generated non-consensual sexually explicit images, taking effect 2 December.
  • The high-risk compliance deadline for AI in employment, education and health insurance moves from summer 2026 to 2 December 2027; AI embedded in physical products such as medical devices and industrial machinery shifts to August 2028; machinery is carved out of the AI Act entirely and governed by its own sector-specific rules.
  • For SMEs and small mid-caps, the deal offers simplified technical documentation, extended deadlines and broader access to regulatory sandboxes where AI systems can be tested under temporarily relaxed rules; manufacturers welcome the changes, consumer advocates view them with suspicion.

Whether the omnibus is “smart course correction or quiet deregulation” — Euronews’s framing — depends on whether the EU AI Office and the Commission use the breathing room to enforce what remains. The political pressure to ship the omnibus was real: companies including Siemens and ASML lobbied hard for the machinery carve-out, and Green MEP Sergey Lagodinsky’s warning that “by having excluded machinery, we’re making a first step into fragmenting AI regulation” is the live counter-argument. The precedent of reopening the AI Act inside two years of its entry into force is also significant in its own right.

What it changes for UK firms selling into the EU

For UK-based AI vendors and AI-using SMEs exporting into the EU, the omnibus reshapes the compliance runway. The simplest read: more time and less paperwork. Hire-platform, ed-tech and health-insurance AI vendors get 16 extra months on high-risk obligations; industrial-AI vendors selling into machinery get longer and a different (sector-specific) regime entirely. SMEs gain simpler technical documentation requirements and easier sandbox access — material if your product roadmap depends on operating under temporarily relaxed rules with real users.

But the political weather around UK AI regulation is now visibly different from the EU’s. The UK FCA reopened its AI Input Zone the same week, asking for “evidence, not theory” on bank AI assurance (see [our coverage]); the Commons Science Committee renewed pressure to bring generative AI inside the Online Safety Act (see [our coverage]). Where the EU is tilting toward simplification, the UK is tilting toward enforcement-grade evidence. For firms selling into both markets, the practical implication is divergence — you cannot rely on EU-compliance evidence as a UK-compliance shortcut, particularly in financial services and online-platform contexts.

Looking forward

Formal approval of the omnibus by EU governments and the European Parliament is expected in the coming months, with the new deepfake prohibition taking effect 2 December. Lagodinsky’s caution that EU legislative processes are “much slower than the fast pace of innovation” — and his call for the AI Office and Commission to fill gaps faster through guidance and codes of conduct — is the more interesting medium-term question. For UK regulators watching from outside the bloc, the EU’s recourse to fast non-legislative enforcement may turn out to be the more important benchmark than the omnibus deadlines themselves.