Voiceover (00:01):
Welcome to “Bytes” from “SkadBytes,” jargon-free bite-size insights from Skadden’s IP and tech team on the key issues shaping the tech landscape.
Maximilian Willis (00:13):
Hello, I’m Max Willis from the IP and technology team here at Skadden London. In this “Byte,” we’re giving a headline summary of the political agreement reached in relation to the EU’s Digital Omnibus on AI on the 7th of May 2026 between the European Council and the European Parliament. We’re going to cover what was decided and what it means for businesses preparing for the AI Act.
(00:37):
By way of quick recap, the Digital Omnibus is an amending regulation that simplifies and delays parts of the EU AI Act. Whilst currently in trialogue negotiations will hopefully be finalized and take effect ahead of the bulk of its obligations relating to high-risk AI tools currently set to take effect on the 2nd of August 2026. Now, there’s quite a few changes to the EU AI Act proposed in the Omnibus.
(01:03):
Here are the headline points. First, the high-risk obligations have been pushed back. Annex III standalone high-risk systems — these are covering areas like biometrics, critical infrastructure, employment and access to essential services — will now apply from the 2nd of December 2027 instead of the 2nd of August 2026. Annex I systems — so AI embedded in regulated products like medical devices, radio equipment, lifts, and toys — will move from the 2nd of August 2027 to the 2nd of August 2028, giving harmonized standards time to catch up.
(01:41):
Second, two new prohibitions targeting the most harmful generative use cases. The agreement prohibits AI systems that are designed to generate nonconsensual intimate imagery of identifiable individuals or to produce child sexual abuse material and also catches systems where such outputs are reasonably foreseeable and reproducible without reasonable proportionate and effective safeguards. Now, carve-outs do apply including for consent-based intimate content and for lawful CSAM detection, investigation and moderation. They bind both providers and deployers and take effect from the 2nd of December 2026.
(02:25):
Third, targeted relief for SMEs and a newly defined category of small midcaps. Measures previously available only to SMEs have now been extended to these mid-sized businesses. This relief includes simplified documentation requirements, more proportionate quality management expectations and tailored penalty caps.
(02:46):
Fourth, transparency obligations have been adjusted. The Article 50 watermarking and synthetic content marking rules have been deferred from the 2nd of August 2026 to the 2nd of December 2026, with related GPAI transparency expectations following a similarly adjusted timeline.
(03:04):
Fifth, the definition of “safety component” under Article 6 has been narrowed. So AI features that merely assist users or optimize performance will no longer be automatically high risk. The test is whether failure or malfunction creates health or safety risks.
(03:20):
Finally, the AI Office’s role has been expanded. It gains direct supervisory competence over AI systems built on a general purpose AI model from the same provider or group and over AI integrated into very large online platforms and search engines under the DSA.
(03:38):
In short, amongst other things, a meaningful delay for the high-risk regime, two new prohibitions targeting the most harmful generative use cases, relief for smaller and mid-sized businesses, a slight deferral of certain transparency rules, a narrowing of the safety component definition and a stronger central role for the AI Office. It’s important to remember that this agreement is still provisional. Formal adoption by Parliament and Council is expected before 2nd of August 2026, and further changes may emerge as the final text is published. Thank you for listening.
Voiceover (04:14):
Thanks for listening to “Bytes.” Be sure to subscribe for more tech insights. Additional information about Skadden can be found at skadden.com.
