When the European Union’s Artificial Intelligence Act came into force in August 2024, it was celebrated as a groundbreaking and stringent global benchmark for regulating artificial intelligence. However, less than two years later, that same landmark legislation has already been revised. On May 7, 2026, EU governments and Parliament lawmakers finalized a deal on an “AI omnibus” package—a set of targeted amendments designed to simplify the digital regulatory landscape. The stated goal is to reduce bureaucratic overlap, clarify obligations, and grant businesses more flexibility, all while preserving the law’s foundational risk-based approach. This retooling extends deadlines, narrows definitions, and reshapes enforcement mechanisms, leading to a pivotal debate: are these changes a sensible calibration of a complex law, or do they represent a quiet step toward deregulation?
The amendments introduce several significant practical shifts. Most notably, they grant industry more time to adapt. Compliance deadlines for high-risk AI systems used in sensitive areas like employment, education, and health insurance have been pushed back to December 2027, from the original mid-2026 timeline. AI embedded in physical products, such as medical devices or industrial robots, receives an even longer runway, with obligations delayed until August 2028. Furthermore, the definition of “high-risk” has been narrowed; now, only systems whose failure could cause genuine health or safety threats face the strictest rules. Tools that merely assist users or optimize performance no longer automatically trigger the full regulatory burden. This refinement is welcomed by many manufacturers but viewed warily by consumer protection advocates concerned about potential loopholes.
A central aim of the overhaul is to eliminate regulatory duplication. The amendments clarify that where sector-specific EU laws already govern AI—in fields like aviation, medical devices, or financial services—companies will not face parallel assessments under both the AI Act and the other regime. Perhaps the most contentious change, however, is the complete carve-out of machinery from the AI Act’s scope, leaving it governed solely by its own sectoral regulation. This change followed intense lobbying by major industrial firms. For Green MEP Sergey Lagodinsky, a key architect of the original law, this move is a warning signal. He argues it risks fragmenting AI governance, potentially leading to a patchwork of rules akin to the confusing regulatory landscape in the United States, where a lack of federal standards has resulted in a disjointed mix of state-level laws.
For businesses, especially small and medium-sized enterprises, the revised package is designed to ease the compliance burden. It offers simplified documentation requirements, extended deadlines, and greater access to regulatory sandboxes—controlled environments where AI can be tested under temporarily relaxed rules. The approach is intentionally proportional: a startup using a commercial chatbot faces far lighter obligations than a corporation selling AI for high-stakes hiring decisions. While acknowledging these adjustments, Lagodinsky expressed cautious acceptance of the overall deal, stressing that the core risk-based framework remains intact. However, he warned against the habit of constantly reopening legislation for “shortcuts,” emphasizing the need to preserve the integrity of the legislative process even as technology evolves.
Beneath these technical adjustments lies a more profound and enduring challenge: the sheer velocity of AI innovation. Lagodinsky voiced a concern shared by many—that traditional legislative processes are inherently too slow to keep pace. He called on the newly established EU AI Office and the European Commission to act as agile “regulators-in-between,” using guidance documents, codes of conduct, and proactive enforcement to address emerging gaps faster than full legislative revisions allow. This highlights a critical tension. The AI Act, even amended, remains the world’s most comprehensive AI law. Yet this revision sets a precedent that the rulebook can be reopened. The true test will now be whether robust enforcement by the AI Office and member states fulfills the law’s original protective ambitions, or whether repeated delays and sectoral carve-outs gradually erode its impact.
The agreement is expected to receive formal approval from the EU Parliament and member states in the coming months. It concludes with one notable expansion of the rules: a new ban on AI systems generating non-consensual sexually explicit deepfake imagery, effective from December 2027, closing a harmful gap the initial act did not address. Ultimately, the evolution of the AI Act reflects the complex balancing act at the heart of governing transformative technology. It seeks to foster innovation and economic competitiveness while safeguarding fundamental rights and safety. As the EU navigates this path, the world will be watching to see if this calibrated, yet still ambitious, framework can prove both resilient and effective in the face of relentless technological change.
