The European Parliament approved the EU AI Act Digital Omnibus on June 16, 2026. The vote, according to Parliament’s published record reportedly 423 in favor, 57 against, and 174 abstentions, formally locks in four compliance deadlines that reshape every EU AI Act implementation program currently running.
The deadlines look like relief. They aren’t, not entirely.
High-risk AI systems operating as stand-alone applications under Annex III, think employment screening tools, credit scoring models, biometric identification systems, now face a compliance date of December 2, 2027, according to Gibson Dunn’s client alert on the omnibus agreement. That’s more than a year beyond the original August 2, 2026 deadline. AI safety components embedded in regulated products under Annex I, machinery, medical devices, aviation systems, push further, to August 2, 2028, per Barnes & Thornburg’s analysis and Hogan Lovells’ regulatory alert.
But December 2, 2026 isn’t moving.
December 2, 2026 Compliance Actions
- Audit all GenAI tools capable of producing intimate imagery for NCII/CSAM risk
- Review Article 50 transparency code of practice for watermarking technical requirements
- Implement machine-readable watermarking/labeling for AI-generated content
- Monitor EU AI Office guidance on 'robust technical safeguards' for nudifier ban carve-out
Two separate obligations land on that date. First, the machine-readable watermarking and labeling requirement for AI-generated content, confirmed by Skadden’s state-of-play analysis, the strongest independent corroboration in this package. Second, the market ban on AI systems that generate child sexual abuse material (CSAM) or non-consensual intimate imagery (NCII), confirmed directly via the European Parliament’s own published record. Providers of generative AI tools capable of producing intimate imagery have fewer than six months to demonstrate robust technical safeguards or exit the EU market.
One structural change that’s gotten less attention: the omnibus removes overlapping AI Act obligations for AI used in machinery products. Those systems will comply under the Machinery Regulation’s sectoral rules instead, addressing what negotiators described as a double-regulation problem. The precise scope of that carve-out is confirmed directionally through independent T3 sources; the exact language of “comply solely under sectoral rules” should be confirmed against the primary text once it’s published.
The package still requires formal Council adoption. EU observers consider this a procedural step; EU ambassadors reportedly cleared the deal at Coreper level in May 2026. But it hasn’t happened yet, and compliance teams should track that milestone.
Unanswered Questions
- What specific technical safeguards will the EU AI Office require under the nudifier ban carve-out?
- Does the machinery carve-out apply to AI components that inform safety decisions versus those that execute them?
- What documentation must accompany watermarked AI-generated content under the Article 50 code?
What to watch
Two things matter before December 2, 2026 arrives. The EU AI Office has not yet defined what “robust technical safeguards” requires for the nudifier ban carve-out, that guidance will determine whether some GenAI providers can remain in market or must withdraw. The Article 50 transparency code of practice, finalized earlier this month, governs the watermarking obligation’s technical requirements. Teams that haven’t reviewed that code need to do so now.
TJS synthesis
The high-risk delays are real and meaningful for enterprise AI programs planning around Annex III. But the December 2026 deadline cluster is where the immediate action sits, and it’s exactly the window that was most likely to be quietly deprioritized while teams watched the omnibus negotiations. The providers most exposed aren’t the ones building classification models for HR. They’re the ones building image and video generation tools, who now face a hard six-month compliance window with a technical standard that hasn’t been fully defined yet.