AI Omnibus Update: European Parliament Adopts its Position, including a Ban on ’Nudification’ Apps, Fixed High-Risk Deadline and Simplified Compliance

The European Parliament (EP) has adopted its position on ‘omnibus’ amendments to the EU AI Act (the Act), addressing a number of contentious issues, including the interaction between the Act and high-risk sectoral law; the looming deadline for high-risk AI obligations and a new proposed ban on non-consensual sexual deepfakes.

Background

The Commission proposed changes to the Act in its AI Omnibus last December, as part of its wider digital omnibus simplification package. Both the EP and Council of the EU have now considered those proposals, with the Council adopting its position a couple of weeks earlier (on 13 March 2026). Their approaches are broadly aligned, subject to some key exceptions noted below.

 What changes did the Parliament propose?

Key elements of the EP’s adopted text include:

• Ban on ‘nudification’ apps: Perhaps the most notable (and timely, given recent headlines) update is a proposed ban on any AI system that "alters, manipulates or artificially generate realistic images or videos so as to depict sexually explicit activities or the intimate parts of an identifiable natural person, without that person's consent".  However, the prohibition will not apply to developers or users of AI systems who have implemented effective safety measures to prevent the generation of such content and to avoid misuse. The Council’s proposals also suggest that this ban should extend to AI systems that can generate child sexual abuse material.
   
• High-Risk AI: The omnibus proposals impact the Act’s high-risk rules in a number of areas.
  • Less AI in scope?: The Act’s Annex 1 high-risk rules apply to AI systems which are: (i) products already covered by sector-specific rules or are used as safety components in such products (lifts, toys, medical devices etc.); and (ii) which have to undergo third party conformity assessments under those sectoral rules.  The EP’s proposals add a restriction to (i) - requiring that any AI systems used as a safety component of such product must also be necessary for the functioning of that product or its compliance with safety requirements.
  • Less stringent obligations for products already governed by sectoral law: Under the current text of the Act some Annex 1 high-risk AI systems could heavily rely on their sector specific regimes/rules while others had to (for example) carry out combined conformity assessments which considered both the Act and the relevant sectoral legislation. The EP’s proposals would mean that all Annex I high-risk AI systems could benefit from less stringent obligations under the Act itself, with protections being managed at sectoral level.
  • Fixed compliance deadlines for high-risk AI obligations: The Commission’s AI Omnibus proposals delayed the introduction of some of the high-risk AI rules. However, it linked the timing to the availability of supporting measures (e.g. 6 months after supporting guidance becomes available), subject to backstop dates. The EP’s proposal prefers fixed deadlines (2 December 2027 for Annex 3 AI systems and 2 August 2028 for Annex 1 systems), removing the Commission's ability to bring timings forward. Given that high-risk AI Systems put on the market before the high-risk rules apply benefit from exemptions to many of the Act’s rules, it will also be interesting to see whether we now see a rush to get products on the market ahead of these extended deadlines.  
     
• Transparency rules – shortened grace period for ‘watermarking’ rules: The Act originally planned for all of the transparency obligations to apply from 2 August 2026. The Commission suggested adding a six-month grace period for one – the obligation for providers of generative AI systems to make AI-generated audio, image, video or text content machine readable and detectable as artificially generated or manipulated. The EP’s proposals shorten this grace period to three months, meaning providers will have until 2 November 2026 to comply with their ‘watermarking’ obligations. 
   
• AI literacy obligations retained, but reduced: The Commission suggested replacing the Act’s provider and deployer literacy obligations (which are already in force) with a requirement for Member States to encourage AI literacy. While the Council’s proposals supported this approach, the EP suggests keeping AI literacy as a provider and deployer obligation. It would, however, reduce the obligation to a requirement to “support the improvement of” AI literacy, and require the Commission to issue practical implementation guidance.
   
• Wider remit for AI Office: The EP supports the Commission’s clarification that the AI Office should supervise AI systems based on a general-purpose AI model where the system and model are developed by the same provider (confirming this should also apply to models developed by providers belonging to the same group of undertakings), and proposal it should also supervise AI systems integrated into platforms or search engines designated by the Commission as very large online platforms or search engines under the Digital Services Act (see our previous blog on the DSA here). 
   
• Other changes: There are a number of other changes covered in the EP’s proposal, from ensuring personal data can only be processed to detect and mitigate potential biases where ‘strictly’ necessary, to supporting the expansion of SME exemptions to small mid-cap enterprises and re-instating (but simplifying) registration requirements for developers who do not consider their systems high-risk

What happens next?

Trilogue negotiations between the EP, Council and the European Commission to agree the final text have already begun. There is pressure to finalise the amendments before the 2 August 2026, given this is when the high-risk obligations would otherwise apply under the timeframes set out in the Act. While much consensus already exists, whether this deadline is possible will likely come down to some key sticking points, such as how the Act should interact with sector specific legal regimes.