Section 1, The June 16 Vote: What Changed and What Didn’t
The Digital Omnibus isn’t a new regulation. It’s an amendment package.
The European Parliament adopted it on June 16, 2026, reportedly by a vote of 423 in favor, 57 against, and 174 abstentions according to Parliament’s published record, though those specific figures should be confirmed against the primary text once it’s available. What’s confirmed independently through multiple law firm client alerts: the vote happened, the omnibus passed, and four compliance deadlines are now locked.
The package still requires formal Council adoption. EU observers consider that step procedural. EU ambassadors reportedly cleared the deal at Coreper level in May 2026. Track the Council publication date, that’s when the Omnibus enters the Official Journal and the revised deadlines become legally binding.
What the omnibus didn’t touch matters as much as what it did. The Article 5 prohibited practices restrictions, including earlier bans on real-time biometric surveillance in public spaces and social scoring, were already in force from February 2, 2026. The GPAI Code of Practice obligations for general-purpose AI model providers remain on their original timeline. The Article 50 transparency code of practice, finalized this month for the August 2026 implementation window, wasn’t revised by the omnibus.
The omnibus moved three things: the high-risk AI compliance dates, the watermarking deadline, and the nudifier app enforcement window. It also added the machinery carve-out.
Section 2, The Four Deadline Map
The most practical output of June 16 is a revised compliance calendar. Here’s what changed and what didn’t.
| Obligation | Original Deadline | Revised Deadline | Systems Affected |
|---|---|---|---|
| Stand-alone high-risk AI (Annex III) | August 2, 2026 | December 2, 2027 | Employment screening, credit scoring, biometrics, critical infrastructure AI operating independently |
| Embedded AI safety components (Annex I) | August 2, 2027 | August 2, 2028 | AI as a safety component in machinery, medical devices, aviation systems |
| Machine-readable watermarking | August 2, 2026 | December 2, 2026 | All providers of AI-generated content (text, image, audio, video) |
| Nudifier/NCII ban enforcement | August 2, 2026 | December 2, 2026 | Generative AI tools capable of producing intimate or CSAM imagery |
The high-risk extensions are substantial, 16 months for stand-alone systems, 12 months for embedded components. Gibson Dunn’s analysis of the omnibus agreement confirms the Annex III date, as do independent alerts from Barnes & Thornburg and Hogan Lovells, all converging on the same figures.
The watermarking and nudifier ban dates look like they moved, from August 2, 2026 to December 2, 2026. That’s a four-month extension. But many compliance programs were treating those obligations as lower-priority behind the high-risk deadline scramble. The December 2 date is now the first hard compliance event on the post-omnibus calendar. Skadden’s state-of-play analysis is the strongest independent corroboration for the watermarking date specifically, confirming both the obligation’s technical scope and the December 2026 deadline.
Section 3, The Nudifier Ban in Practice
The ban itself is confirmed. What “compliance” requires is not.
Article 5 of the EU AI Act prohibits AI systems that create CSAM or non-consensual intimate imagery. The European Parliament’s own published record confirms the ban and the December 2, 2026 enforcement date. The omnibus adds market ban language specifically targeting nudifier applications, tools designed to generate synthetic nude imagery of real people without consent.
Who This Affects
Unanswered Questions
- What specific technical safeguards will the EU AI Office require for the nudifier ban carve-out, and when will that guidance be published?
- Does the machinery carve-out apply to AI that informs safety decisions versus AI that executes them?
- Which Article 50 obligations remain tied to the August 2, 2026 code of practice window versus the December 2, 2026 watermarking date?
- What documentation requirements apply to embedded Annex I systems under the extended August 2, 2028 timeline?
Here’s the compliance gap: the Act includes a carve-out for systems with “robust technical safeguards” that prevent misuse. The EU AI Office has not yet published guidance defining what those safeguards require. That guidance is the critical unknown for every provider operating a generative image or video model with potential for misuse.
Don’t expect a grace period. The December 2 date is the enforcement date, not a guidance publication date. Providers who reach December 2 without either (a) confirmed technical safeguards meeting whatever the AI Office ultimately specifies, or (b) withdrawal from the EU market, face market ban exposure.
The practical implication: if you’re building or deploying a generative AI tool capable of producing realistic human imagery, your compliance path requires both a technical architecture decision and regulatory monitoring for the safeguards guidance. Those two tracks run in parallel, and one of them depends on something that hasn’t happened yet.
Section 4, The Machinery Carve-Out: Who’s Affected
The omnibus removes overlapping AI Act obligations for AI in machinery products. Under the revised framework, AI used in machinery products will comply under the Machinery Regulation’s sectoral rules rather than the AI Act’s Annex I requirements, addressing what negotiators described as a “double-regulation” problem. That characterization is corroborated directionally through independent T3 sources including Travers Smith’s regulatory briefing; the precise scope of “comply solely under sectoral rules” should be confirmed against the primary text.
Who actually benefits from this? Manufacturers of industrial equipment with embedded AI decision-making, factory floor robotics with AI safety overrides, AI-assisted crane control systems, manufacturing QA tools with computer vision. These organizations were facing parallel compliance obligations under both the Machinery Regulation (already in their compliance programs) and the EU AI Act (a new and separate documentation regime). The omnibus removes the AI Act layer for those systems.
Who it doesn’t help: AI used *alongside* machinery but not as an integral safety component of the machinery itself. The boundary between “embedded in machinery” and “deployed with machinery” will generate compliance questions until the AI Office publishes interpretive guidance. If your use case sits anywhere near that boundary, don’t assume the carve-out applies.
Section 5, What Didn’t Move
Three categories of obligation remain on their original tracks.
GPAI obligations. General-purpose AI model providers under Article 51, those with systemic risk designation or above the 10^25 FLOPs training threshold, face their compliance obligations on the timeline established before the omnibus. The omnibus didn’t revise GPAI provisions.
Article 5 prohibited practices. These took effect February 2, 2026. Real-time biometric identification in public spaces, social scoring, emotion recognition in workplaces and schools – none of those prohibitions moved. If your organization has ongoing exposure on Article 5, the omnibus doesn’t provide any additional time.
What to Watch
Warning
The nudifier ban carve-out for 'robust technical safeguards' is the single largest open compliance question on the December 2026 calendar. Providers can't fully design their compliance architecture until the EU AI Office defines that standard, but they can't wait for the guidance before starting. Build the architecture in parallel with monitoring.
Article 50 transparency obligations. The August 2, 2026 Article 50 deadline for transparency obligations, including disclosure requirements for AI-generated content interacting with natural persons, was finalized through the code of practice process earlier this month. The omnibus moves the machine-readable *watermarking* element to December 2026, but the Article 50 transparency framework itself, including disclosure when users interact with AI systems – remains tied to the August 2 window under the code of practice. Review the code directly to distinguish which Article 50 obligations land in August and which are covered by the December watermarking date.
The real question is whether compliance programs have those two Article 50 tracks correctly separated in their planning. Most teams we’ve seen have collapsed them into a single “Article 50 deadline.” They’re not the same obligation.
TJS Synthesis
The EU AI Act has operated since early 2026 under a negotiated agreement, everyone knew the omnibus was coming, and many compliance programs were in deliberate holding patterns waiting for the final dates. June 16 ends the holding pattern.
The high-risk extensions will drive the headlines. They shouldn’t drive compliance prioritization. The December 2, 2026 cluster, watermarking and nudifier ban enforcement, represents the first hard deadline on the post-omnibus calendar, and it arrives in under six months. The providers most exposed are generative AI companies building image, video, and audio tools. They face a technical compliance requirement for the watermarking obligation and a conditional market ban for the nudifier prohibition, with the condition (robust technical safeguards) not yet defined by the regulator.
That asymmetry is where the compliance risk sits. Enterprises running classification models for HR or credit have until December 2027 to finalize their Annex III programs. GenAI providers building creative tools have until December 2, 2026 to either solve a technical problem against an undefined standard or exit a market. The omnibus gave one group of organizations more time. It gave another group a tighter window with less regulatory clarity than they had before.
When the EU AI Office publishes safeguards guidance for the nudifier ban, and it will, because it has to before December 2, that document will set the technical compliance floor for every generative imagery provider in the EU market. Watch for it. It’s the most consequential piece of secondary EU AI Act implementation guidance expected this year.