EU seals AI Omnibus deal May 6

EU seals AI Omnibus on May 6, but safeguards are watered down.

The European Parliament and Council announced they had reached a deal on the AI Omnibus in a trilogue held on May 6, a decision that keeps the Act’s broad, horizontal approach largely intact while making notable compromises. Most eye catching is the removal of certain requirements for machinery products from the Act’s scope, a narrowing that reliefs hardware makers but keeps the door open for future debates about product coverage. The compromise also introduces a new ban on AI systems that generate non-consensual intimate imagery or child sexual abuse material, a line that advocates say reflects growing concerns about misuse, though the exact reach of that ban remains murky because the prohibition sits in a recital tied to depictions of listed body parts rather than a clearly codified rule.

Several lesser known changes could reshape how firms prepare for compliance. High-risk obligations would enter into application more slowly than previously expected, giving companies more time to align policies, testing, and governance before the most stringent requirements bite. The text also broadens a debiasing exception, permitting the processing of special category data for debiasing purposes for a wider set of stakeholders and AI models. That tweak, while praised by some as a pragmatic step toward fairness, raises eyebrows among privacy advocates who worry the safeguards may not be strong enough to prevent overreach or misuse.

SMEs receive a more generous exemption than before, a shift that could ease regulatory friction for small and mid-cap players but also intensifies questions about uneven levels playing field between larger platforms and smaller actors. The package also tightens the powers of fundamental rights authorities to oversee and enforce the rules, a move that civil society groups say could blunt watchdogs’ ability to challenge risky deployments. Taken together, the tradeoffs reflect a balancing act between catalyzing innovation and maintaining robust guardrails, but the final wording leaves several crucial mechanisms to be fleshed out in national implementations.

The reception in Brussels and advocacy circles was mixed. Regulators hailed progress toward harmonized governance and clearer prohibitions on some harmful AI practices. Civil society groups, while acknowledging that some dangerous elements were avoided, argued the deal still undercuts safeguards in several respects and criticized the process for lacking a comprehensive impact assessment. The debate now shifts to how member states will translate the omnibus into national rules, how strictly authorities will police the new ban on intimate imagery, and how the extended pathway for debiasing data will be monitored for risk of misuse or privacy violations.

For compliance officers and technology leaders, two practical takeaways stand out. First, the delayed rollout of high-risk obligations means readiness timelines remain in flux, requiring flexible program roadmaps and staged audits rather than a single sweeping rollout. Second, the machinery-products exclusion signals a temporary relief for hardware developers, but the broader horizontal approach keeps the door open to future expansions or reforms as technology markets evolve, so leadership should plan for ongoing monitoring of regulatory proposals and clear internal governance on what constitutes a high-risk use case. A third takeaway is governance around debiasing data. Allowing special category data processing for debiasing widens potential data sources, but it also magnifies the need for rigorous data governance, privacy-by-design protections, and clear boundaries on who can access what data and for which models.

As the next steps unfold, enforcement posture and national implementation will determine how effective the Omnibus is in practice. The deal’s reception suggests one thing with clarity: the foundation is set, but the concrete rules, exceptions, and oversight will only be as strong as how member states apply them in the months ahead.