EU AI Act Undergoes Significant Changes

On May 7, 2026, EU legislators reached a political agreement to amend the EU Artificial Intelligence Act (AI Act), with significant implications for AI companies operating in the EU. The most important changes are:

• delaying the application of the AI Act’s regime for high-risk AI systems;
• amending the timeline for the requirement to mark AI-generated content;
• prohibiting the use of generative AI to create certain harmful content; and
• introducing a carve-out for industrial AI covered by EU machinery rules.

The deal is part of the EU’s broader initiative to soften its strict digital regulations.

Background

The AI Act was adopted in 2024 and is becoming applicable in phases. Certain uses of AI are already prohibited, and providers of general-purpose AI models are already subject to strict obligations. A set of requirements for high-risk AI (HRAI) systems was originally scheduled to take effect in August 2026, but industry stakeholders asked for more time to prepare. EU legislators also came under increasing pressure to grant greater flexibility to AI providers competing in the global AI race.

For information about the scope and requirements in the AI Act, please see our FAQ on 10 Things You Should Know About the EU AI Act.

Key Changes

The deal is not yet publicly available. However, press releases from the EU Commission, Parliament, and Council indicate that the EU legislators agreed on the following key changes:

1. Recalibration of the HRAI regime. The deal makes significant adjustments to the AI Act’s regime for HRAI systems:
   • HRAI obligations postponed. The requirements for HRAI systems that were due to apply from August 2026 will now apply from December 2027. For HRAI systems covered by EU product safety legislation, the deadline is postponed to August 2028.
   • Exemption for industrial AI. Industrial AI embedded in machinery will be subject to AI-related obligations under EU machinery rules, rather than the AI Act’s HRAI regime. Other regulated products (e.g., medical devices) will remain in scope, but the deal introduces a mechanism to resolve situations in which sectoral law has similar AI-specific requirements. In those cases, the AI Act’s application will be limited through subsequent implementing acts.
   • More flexibility for safety uses of AI. An AI system that is a safety component of a regulated product (e.g., car, toy) is subject to the AI Act’s HRAI regime. However, the deal narrows the definition of a “safety component” so that AI systems are not subject to the HRAI regime if their failure or malfunction does not create health or safety risks.
   • Registration obligation is maintained. The deal keeps the obligation for providers to register HRAI systems, including systems that are not subject to HRAI obligations as they benefit from a derogation under Art. 6(3) AI Act e.g. because they are used for a mere preparatory task
2. Transparency obligations postponed. The obligation to mark AI-generated content will only apply from December 2026, extending the initial effective date by four months. The EU Commission is expected to issue a transparency code of practice before the new deadline.
3. New prohibitions on harmful content. The AI Act’s list of prohibited AI will include two new types of systems: (i) AI systems to generate non-consensual sexualized deepfakes (e.g., nudification apps); and (ii) AI systems to generate child sexual abuse material.
4. Use of sensitive data for bias detection. The AI Act provides that sensitive data (e.g., ethnicity, race) can be processed when strictly necessary for bias detection and correction in relation to HRAI systems. The deal provides that sensitive data may also be processed strictly as necessary for bias detection and correction in relation to other AI systems.
5. Broader oversight powers for the EU Commission’s AI Office. In addition to overseeing compliance by providers of general-purpose AI models, the AI Office will also support oversight of AI systems built on general-purpose AI models and those embedded in very large online platforms and very large search engines.

Next Steps

The political agreement must now be translated into formal legal amendments to the AI Act. EU legislators have announced that this is expected to be completed before August 2, 2026 (when the HRAI regime was initially scheduled to take effect). Organizations developing or deploying HRAI systems should reassess their compliance roadmaps in light of the new timeline. Meanwhile, EU legislators continue to discuss changes to other EU digital regulations, notably the EU GDPR (see our article on the Digital Omnibus here). We recommend closely monitoring these discussions.

For more information or if you have any questions regarding the AI Act, please contact Laura De Boel, Cédric Burton, Yann Padova, or Nikolaos Theodorakis from Wilson Sonsini’s Data, Privacy, and Cybersecurity practice.

Wilson Sonsini’s AI Working Group assists clients with AI-related matters. Please contact Laura De Boel, Maneesha Mithal, Manja Sachet, or Scott McKinney for more information.

Yaron Moszynski, Hugh Ó Laoide Kelly, and María Rodríguez contributed to the preparation of this alert.