EU lawmakers have agreed to simplify the bloc’s landmark AI Act. Supporters call it a pragmatic fix to cut red tape, while critics see a concession to Big Tech. What is changing and what could it mean for businesses and citizens?
When the EU's Artificial Intelligence Act entered into force in August 2024, it was hailed as the world's strictest AI law. Almost two years later, Europe has already agreed to change it.
ADVERTISEMENT
ADVERTISEMENT
On May 7, EU governments and European Parliament lawmakers struck a deal on the so-called "AI omnibus", a package of targeted amendments within a broader digital simplification drive. The goal is to cut red tape, fix overlapping rules, and give businesses more breathing room without dismantling the law's core risk-based logic.
The result is a retooled rulebook that extends deadlines, narrows obligations, and reshapes how the EU's most ambitious digital legislation will be enforced. Whether it is smart course-correction or quiet deregulation depends on who you ask.
What changed?
The most immediate impact is time. High-risk AI systems under Annex 3 of the AI Act, covering employment, education, and health insurance, now face a compliance deadline of December 2, 2027, delayed from summer 2026. AI embedded in physical products like medical devices or industrial machinery gets more time, with obligations delayed until August 2028.
The scope of what counts as "high-risk" has narrowed. Only AI systems whose failure would create genuine health or safety risks face the heaviest obligations. Tools that assist users or optimise performance no longer automatically trigger the full regime, a change welcomed by manufacturers but viewed with suspicion by consumer advocates.
Overlaps with other EU laws have been trimmed. Where sector-specific legislation regulates AI functions in aviation, medical devices, or financial services, companies will no longer face parallel assessments under both regimes.
One of the more contested moves: machinery has been entirely carved out of the AI Act and is now governed by its own sector-specific regulation. Companies like Siemens and ASML had lobbied hard for the change. For Sergey Lagodinsky, Green MEP and one of the Parliament's key voices on digital regulation, it is a warning sign.
"By having excluded machinery, we're making a first step into fragmenting AI regulation," he told Euronews. He pointed to the United States as a cautionary tale, a market where the absence of clear federal guardrails has left a patchwork of conflicting state rules in place of any coherent framework.
"On the one side, everyone is saying how free and unregulated the US market of AI is. And on the other side, many don't know which state regulates how," Lagodinsky said. "There are no clear guidelines and guardrails."
The deal also adds one significant new prohibition: a ban on AI tools that generate non-consensual sexually explicit images, including deepfakes, taking effect December 2, closing a gap that existing rules had failed to address.
What it means for businesses
For companies, the package offers more time and less paperwork. SMEs and small mid-cap firms benefit from simplified technical documentation, extended deadlines, and broader access to regulatory sandboxes where AI systems can be tested under temporarily relaxed rules.
The changes are proportional by design: a small company using an off-the-shelf chatbot faces far less than one selling high-risk AI for hiring decisions. But compliance still brings real costs, and fines remain on the table for those who fall short.
Lagodinsky said he can live with the overall outcome. "The final agreement is something that we can be okay with. I do not belong to those who say this is a catastrophe." But he was pointed about the limits of this kind of legislating. "We cannot constantly reopen the legislative process and try to take shortcuts. There is a process which is lengthier, and the integrity of this process should not be put into question."
The core challenge
Beneath the technical adjustments lies a harder question: can any law keep pace with AI? Lagodinsky was candid. "I am concerned that our legislative processes are much slower than the fast pace of innovation," he said, calling on the EU AI Office and the Commission to act as regulators-in-between, filling gaps through guidance, codes of conduct, and enforcement action faster than full legislative cycles allow.
"The commission is sometimes very timid or slow or late on acting, and that's why it's even more important that the commission and AI Office take their responsibilities even more seriously."
The AI Act remains, even after these changes, the world's most comprehensive AI law. Its risk-based framework is intact. But the deal sets a precedent: the rulebook can be reopened. The next test is whether the AI Office and member states enforce what remains, or whether delays and carve-outs quietly hollow out the law's ambitions.
Formal approval by EU governments and the European Parliament is expected in the coming months.