The European Parliament voted on June 16, 2026 to approve Omnibus VII amendments to the EU AI Act, according to a European Parliament plenary press release. Yesterday’s briefs covered the headline deadline changes. Two elements weren’t covered: an explicit expansion of the Act’s prohibited practices, and a deadline correction that affects programs already in motion.
Start with the deadline. Article 50, the transparency obligation requiring disclosure and labeling of AI-generated content, was previously reported on this hub as carrying an August 2, 2026 deadline. That date changed. As approved in the June 16 plenary vote, pending Official Journal publication, the Article 50 deadline is now December 2, 2026, according to Nemko Digital’s regulatory alert and corroborating analysis from Solytics Partners. Four months. If your compliance calendar still shows August 2 for AI content labeling, update it today.
The other two deadline changes confirmed by the vote: stand-alone high-risk AI systems under Annex III, covering employment tools, critical infrastructure systems, law enforcement applications, and education AI, move to December 2, 2027. High-risk AI components embedded within regulated products under the EU product safety framework move to August 2, 2028. Maximum penalties remain unchanged at up to €35 million or 7% of worldwide annual turnover under Article 99.
Now the new prohibitions. The June 16 vote explicitly banned two categories of AI systems that weren’t named in the original Act’s prohibited practices list. First: AI systems capable of generating child sexual abuse material. Second: “nudifier” systems, tools that generate non-consensual sexually explicit depictions of real individuals. The Parliament voted to add both categories as outright prohibited practices, not high-risk classifications requiring compliance steps. Prohibited means prohibited. No conformity assessment pathway exists for these systems.
This matters beyond the obvious. Generative AI platforms with image generation capabilities – particularly those operating without robust content filtering, now face explicit statutory prohibition language, not just ethical guidance. The nudifier ban is the sharper compliance edge. A system that can generate non-consensual intimate imagery, even if that isn’t its primary purpose, may fall within the prohibition’s scope depending on how the final Official Journal text is interpreted. The final operative language is still undergoing linguistic and legal scrubbing before publication; the text approved June 16 is the political text, not yet the legally operative document.
Warning
The nudifier prohibition doesn't create a compliance pathway, it creates a prohibition. Generative AI platforms with image generation capabilities need to assess exposure now, before the Official Journal text is final, not after. The political text approved June 16 is the operative signal even if the legal scrubbing isn't complete.
One more element: the SME exposure question. According to S&P Global Ratings analysis, the shift toward simplified self-assessment requirements under the Omnibus amendments may heighten operational and data breach risks for SMEs, given the reduction in mandatory external audits. That’s a single-source finding from S&P Global, not a consensus regulatory position, but it’s worth tracking. Approximately 99% of European companies qualify as SMEs under EU statistics. A regulatory simplification that reduces external oversight for the vast majority of affected entities is a policy tradeoff, not just an administrative convenience.
The real question is whether compliance teams that paused Article 50 work pending the Omnibus vote have enough runway to recover before December 2. Four additional months sounds generous. The C2PA technical standard integration, internal content detection pipeline work, and vendor certification steps that August 2 demanded don’t disappear, they just shift. Teams that treated the Omnibus as a pause signal now need to treat it as a restart signal with a hard December endpoint. The nudifier prohibition, by contrast, requires immediate assessment: if your platform can generate it, the vote just made that a prohibited-practices exposure, not a compliance roadmap question.