EU AI Act Gets Major Overhaul: What Irish and European AI Teams Need to Know

On May 7, 2026, negotiators from the Council, Parliament, and Commission reached a provisional agreement on the Digital Omnibus amendments to the EU AI Act—the first significant revisions since the legislation’s adoption in June 2024. The deal brings welcome breathing room for developers while introducing stricter guardrails against harmful synthetic content.

Key Developments

The agreement delivers a mixed package of pragmatic timeline extensions and substantive policy changes:

Compliance Deadline Extensions: High-risk AI systems face a two-tiered timeline shift. Annex III use-based obligations now move from August 2, 2026 to December 2, 2027 (a 16-month extension), while Annex I product-regulated obligations shift from August 2, 2027 to August 2, 2028 (one additional year). National AI regulatory sandboxes have also gained an extra year, now due by August 2, 2027.

New Prohibitions on Non-Consensual Content: Among the most significant changes, the deal introduces strict prohibitions on AI systems generating or manipulating non-consensual intimate material and child sexual abuse material (CSAM). These take effect December 2, 2026. Violations carry hefty penalties: up to €35 million or 7% of annual worldwide turnover, whichever is higher.

Clarified AI Office Authority: The agreement clarifies which authorities oversee different AI systems. The EU’s AI Office gains explicit supervision over general-purpose AI models where the developer creates both the model and system—except in areas like law enforcement, border management, judicial authorities, and financial institutions, where national competence remains.

Industry Context

For Irish and European AI developers, these extensions offer crucial time to prepare compliance infrastructure. The initial August 2026 deadline was aggressive; many teams struggled with ambiguity around implementation requirements. This revision acknowledges real-world constraints without abandoning the Act’s protective intent.

The non-consensual content prohibitions reflect Europe’s commitment to protecting digital dignity—a value increasingly central to EU tech regulation. This aligns with broader European concerns about deepfakes and synthetic media harms.

Practical Implications

For Builders: If you’re developing high-risk AI systems, you’ve gained breathing room. Use it strategically—begin compliance work now rather than waiting for deadlines to approach. The non-consensual content prohibitions are immediate and have clear enforcement mechanisms, so audit your systems now.

For Regulated Entities: Financial institutions, law enforcement agencies, and border management authorities should note that national authorities (including Irish regulators) retain oversight responsibility in your sectors. Engage with your national AI offices early.

For AI Service Providers: General-purpose AI model providers should clarify whether they fall under EU AI Office or national authority jurisdiction—this determination shapes your compliance roadmap.

Open Questions

Several ambiguities remain pending formal adoption:

  • How will the EU AI Office coordinate with national authorities on general-purpose models with cross-border reach?
  • What constitutes “manipulation” of intimate material for enforcement purposes?
  • How will fines be calculated for companies operating across multiple jurisdictions?
  • Will Ireland’s Data Protection Commission coordinate with the AI Office on overlapping concerns?

The text requires formal adoption by Parliament and Council, with publication in the Official Journal expected before August 2, 2026. Until then, treat current timelines as provisional.

Looking Ahead

This omnibus agreement signals the EU’s pragmatic approach: ambitious protection standards balanced against implementability. For Irish tech teams operating in the EU ecosystem, staying updated on these changes isn’t optional—it’s essential risk management.

Source: EU AI Act Updates - May 2026