With the presentation of the omnibus package in November 2025, the European Commission has initiated a process to harmonize and simplify digital legislation. In addition to the Data Act, GDPR, and ePrivacy Directive, this also includes the AI Act (see https://www.dorda.at/news/ki-update-digitaler-omnibus-lockert-ki-regulierung). The stated goal is to strengthen enforceability, competitiveness, and legal certainty without lowering the level of protection. A political agreement on the AI Act has now been reached as of May 7th, 2026 (see https://www.consilium.europa.eu/de/press/press-releases/2026/05/07/artificial-intelligence-council-and-parliament-agree-to-simplify-and-streamline-rules/). However, formal adoption is still pending, as is the publication of the final text of the regulation. We are happy to briefly summarize the most important topics based on the official press releases from the European Parliament and the European Commission:
Changes to the AI Act
| |
 | The list of prohibited AI practices will be expanded to include sexualized deepfakes: Effective as of December 2nd, 2026, AI systems that generate non-consensual sexual or intimate content, as well as systems that generate depictions of child sexual abuse or assist in their creation, will be banned. |
| |
 | Entry into force postponed The requirements for product-related high-risk AI systems as set out in Annex I will now apply from August 2nd, 2028, instead of August 2nd, 2027, as previously planned; for context-related high-risk AI systems as set out in Annex III, the requirements will apply from December 2nd, 2027 (previously planned for August 2nd, 2026). This is intended to ensure that technical standards and guidelines that are apparently still missing are available in a timely manner. |
 | Harmonization of sector-specific legislation Avoiding duplicate regulation: If sector-specific product legislation under Annex I (e.g., for medical devices, toys, elevators, machinery, etc.) includes comparable AI requirements, the Commission may limit the application of the AI Act. In addition, the Commission is authorized to adopt delegated acts, for example under the Machinery Regulation, to harmonize AI-specific safety requirements for machinery. In such a case, the corresponding high-risk requirements would no longer apply. |
 | Sensitive data The processing of special categories of personal data for the purpose of detecting and correcting biases is permitted only when absolutely necessary |
 | Registration Requirement Contrary to the Commission’s proposal, providers must continue to register their AI systems in the EU database—even if they themselves believe that their system is not a high-risk AI system. |
| |
 | AI-generated content For existing AI systems, the deadline for implementing the labeling of AI-generated content has been extended to December 2nd, 2026. For other transparency requirements and new AI systems, the original effective date of August 2nd, 2026, remains unchanged. |
| |
 | Implementation deadline postponed The deadline for establishing national AI real-world labs has been extended to August 2nd, 2027. |
| |
 | Centralized Oversight by the AI Office As proposed by the Commission, the AI Office will assume centralized oversight of AI systems based on general-purpose AI models and developed by the same provider. The same applies to AI systems embedded in very large online platforms or online search engines. |
| |
 | Relief Measures for SMEs Existing relief measures for SMEs will be extended to “small mid-caps” (fewer than 750 employees and revenue of up to EUR 150 million or total assets of up to EUR 129 million) in order to create a more innovation-friendly environment for growing companies. |
The provisional agreement must now be formally approved by the Council and the European Parliament. After that, the legislation can be formally adopted by the European Parliament and the Council in the coming weeks.
National AI Law Still Pending
But it is not only at the EU level that there are problems meeting the self-imposed timeline for AI regulation. Austria is also (once again) lagging behind in implementing its national AI accompanying law.
We will keep you updated on further developments.