EU AI Omnibus Reaches Political Agreement in Final Trilogue Session

--- headline: "EU AI Omnibus Reaches Political Agreement in Final Trilogue Session" slug: eu-ai-omnibus-final-trilogue-agreement category: policy story_number: "13" date: 2026-04-28 ---

# EU AI Omnibus Reaches Political Agreement in Final Trilogue Session

European Union lawmakers reached a political agreement on the Digital Omnibus on AI during the final trilogue session on April 28, extending compliance deadlines for high-risk AI systems and introducing a new ban on AI-generated non-consensual intimate content. The deal, which must still receive formal endorsement from the European Parliament and Council before publication in the Official Journal, rewrites the implementation calendar that has dominated AI compliance planning across the technology industry for the past two years.

The agreement gives companies building standalone high-risk AI systems until December 2, 2027 to comply with the AI Act's most demanding obligations, a sixteen-month reprieve from the original August 2, 2026 deadline. For AI systems embedded in products already covered by EU product safety legislation, including medical devices, machinery, and vehicles, the deadline extends even further to August 2, 2028. The two-track timeline acknowledges what industry groups have argued for months: that retrofitting AI compliance into complex physical products requires fundamentally more time than updating software-only systems.

The Road to Agreement

The Cypriot Council presidency drove an aggressive negotiating calendar to land the deal before the original August 2 enforcement date rendered the entire exercise moot. The Council agreed its general approach on March 13, largely aligning with the European Commission's original proposal. The European Parliament adopted its negotiating position during its second March plenary session. With both institutions' mandates in hand, trilogue negotiations moved at unusual speed through April.

The pressure was not subtle. As the European Parliament's legislative tracking noted, co-legislators needed to finalize amendments before August 2, 2026, given that high-risk obligations would otherwise apply under the timeframes set out in the original AI Act. Had talks collapsed or endorsement slipped past that date, the original deadlines would have remained legally binding, leaving companies that had banked on extensions exposed to immediate enforcement.

Formal Parliament and Council endorsement is expected in May or June, with publication in the Official Journal targeted for July 2026, threading the needle before the August cliff edge.

New Prohibitions and Data Rules

Beyond timeline relief, the agreement introduces substantive new rules. Both the Parliament and Council converged on a new prohibited practice under Article 5 of the AI Act, targeting AI systems capable of generating realistic sexually explicit images or videos of identifiable individuals without their consent. The Council's position also explicitly covers the generation of child sexual abuse material. The provision takes direct aim at so-called nudification applications and deepfake pornography tools that have proliferated across consumer platforms.

Catherine O'Callaghan, a partner at Slaughter and May tracking the omnibus negotiations, observed that the Parliament's position includes "a ban on nudification apps, fixed high-risk deadlines, and simplified compliance pathways," calling it a package that balances enforcement ambition with implementation reality.

The agreement also tightens rules around processing personal data for bias detection in AI systems. Under the final text, special category data, which includes information revealing racial or ethnic origin, political opinions, religious beliefs, and health status, may only be processed for bias detection and mitigation purposes where it is strictly necessary. The reinstatement of the word "strictly" narrows the gateway that the Commission's original proposal had left slightly ajar, reflecting civil society concerns that bias testing could become a pretext for broader data collection.

The Center for Democracy and Technology, which has tracked each stage of the omnibus through its monthly AI Bulletin, noted that the strict necessity standard for bias-related data processing "represents a meaningful guardrail against function creep in high-risk AI systems."

What This Means for AI Companies

For compliance teams at AI companies, the agreement creates three distinct planning horizons. General-purpose AI obligations and the existing prohibited practices under Article 5 remain on their original timeline, with enforcement already underway. Standalone high-risk systems now target December 2027, giving developers roughly eighteen additional months to implement conformity assessments, risk management systems, and human oversight requirements. Embedded high-risk systems get the longest runway, with August 2028 marking the final compliance cliff.

The staggered approach matters most for companies operating across multiple product categories. A firm selling both a standalone AI diagnostic tool and an AI-powered medical device now has two different compliance calendars to manage rather than one, a complexity trade-off that buys time but demands more granular program management.

Industry reaction has been cautiously positive. The fixed deadlines eliminate the uncertainty that plagued planning throughout early 2026, when companies could not be sure whether the omnibus would pass at all. But the extended timelines also raise a governance question flagged by critics: whether the delays effectively allow high-risk AI systems to operate without full oversight for an additional one to two years.

TechPolicy.Press warned in its analysis that the delays effectively allow high-risk systems to operate without full regulatory oversight during a critical period of market expansion, arguing that the pace of AI deployment will far outstrip the pace of regulatory catch-up even under the revised schedule.

The August Caveat

One critical detail remains: these dates are not legally binding until the final text is published in the Official Journal. Organizations that pause compliance work in reliance on the announced deadlines assume real risk. If formal adoption encounters procedural delays or political objections during the endorsement phase, the original August 2, 2026 obligations snap back into force. Prudent compliance officers will continue parallel-tracking both timelines until the ink is dry.

The political agreement marks the most significant amendment to the AI Act since its adoption in 2024, reshaping the regulatory landscape for an industry that has grown accustomed to moving faster than its regulators. Whether the extended deadlines produce better compliance or merely delayed compliance will depend on how companies use the time they have been given.