On 8 July 2026, the European Parliament and the Council adopted Regulation (EU) 2026/…, amending the AI Act (Regulation (EU) 2024/1689) and related legislation to simplify implementation for all providers and deployers of AI systems. The so-called Digital Omnibus on AI introduces a new prohibition on AI systems that generate or manipulate non-consensual intimate material or child sexual abuse material, extends the legal basis for bias detection to all AI systems, clarifies the definition of safety components, and introduces definitions for SMEs and small mid-cap enterprises (SMCs) to ease compliance for smaller firms. The regulation also empowers the Commission to limit specific AI Act requirements where other Union harmonisation legislation provides equivalent protection.
The omnibus amends the AI Act, which entered into force on 1 August 2024 and whose rules apply fully by 2 August 2027. The new prohibition under Article 5 bans AI systems intended for generating non-consensual intimate material or child sexual abuse material, or where such generation is a reasonably foreseeable outcome without adequate safeguards. For deployers, the ban applies only if the system is used for that purpose. The AI literacy obligation under Article 4 is strengthened: providers and deployers must take measures to support AI literacy of staff, with the Commission and Member States facilitating this. The legal basis for processing special categories of personal data for bias detection is extended to providers and deployers of all AI systems and models, not just high-risk ones. The definition of safety component is clarified to include only AI systems whose intended purpose is to prevent or mitigate risks to health or safety of persons or property. New definitions for SMEs and SMCs extend certain small-scale operator measures to small mid-cap enterprises, reducing administrative burden. The Commission is empowered to adopt delegated acts to limit specific AI Act requirements where other Union harmonisation legislation provides equivalent protection for health, safety, and fundamental rights.
The regulation balances simplification with stronger protections. For AI providers, the omnibus reduces compliance costs by extending bias detection provisions and clarifying definitions, but imposes new obligations on harmful content prevention. For deployers, the ban on non-consensual intimate material creates legal certainty but requires due diligence. SMEs and SMCs benefit from lighter rules, potentially boosting innovation, while larger firms face unchanged obligations. For EU regulators, the delegated acts provide flexibility to avoid duplication with other laws, but may create complexity in determining equivalence. The regulation enters into force on the twentieth day after publication in the Official Journal.