EU Parliament Votes to Delay High-Risk AI Rules to 2027 and Ban AI Nudifier Apps

The European Parliament votes June 16 on the Digital Omnibus AI Act amendments, which push high-risk AI system deadlines to 2027–2028 while keeping GPAI model rules on track for August 2026, and introduce a new ban on non-consensual intimate image generators.

TL;DR: The EU Parliament votes Tuesday June 16 to formally adopt the Digital Omnibus amendments to its landmark 2024 AI Act. Key changes: high-risk AI system obligations pushed to December 2027 (or August 2028 for products already covered by sectoral safety rules), a ban on AI nudifier apps effective December 2026, and SME support extended to small mid-cap companies. GPAI model rules (applying to OpenAI, Anthropic, Google, Mistral) remain unchanged at August 2026.

Background: Why Amend the AI Act So Soon?

The EU Artificial Intelligence Act was published in the Official Journal on July 12, 2024 — becoming the world's first comprehensive AI law. But by late 2025, a fundamental problem emerged: the detailed guidelines and harmonized standards companies needed to actually comply with the high-risk AI provisions wouldn't be ready before the August 2026 deadline when those requirements were set to kick in.

The EU AI Office only published its guidelines on classifying high-risk AI systems in May 2026 — leaving virtually no time for compliance before the original August deadline. The European Commission responded in November 2025 with the "digital omnibus" simplification proposal, one piece of a broader package of deregulatory measures.

Parliament and Council negotiators reached a provisional deal on May 7, 2026. The Internal Market (IMCO) and Civil Liberties (LIBE) committees approved it by a decisive 93-4 vote in June. Tuesday's plenary vote is the final formal step before it can enter into force.

Dec 2027 New deadline for standalone high-risk AI systems (was Aug 2026)

Aug 2028 Deadline for AI in products covered by sectoral safety rules

Dec 2026 Compliance deadline for the nudifier app ban

Change 1: Delayed Timelines for High-Risk AI Systems

The revised timeline splits high-risk AI obligations into two tracks:

Track A — Standalone high-risk AI systems (biometrics, critical infrastructure, education, employment, law enforcement, border management, justice): obligations apply from 2 December 2027.

Track B — AI systems embedded in products already covered by EU sectoral safety legislation (medical devices, machinery, toy safety, radio equipment, etc.): obligations apply from 2 August 2028.

The second track addresses the "double regulation" problem. Companies making AI-powered medical devices already face conformity assessment under the Medical Device Regulation. Adding full AI Act high-risk compliance on top created overlapping documentation, testing, and certification requirements for the same product. The amendment removes this overlap.

💡

GPAI Model Rules Stay on Schedule
The amendment explicitly does not change rules for general-purpose AI models — the systems developed by OpenAI, Google, Anthropic, Mistral, and other frontier AI providers. These companies must comply with transparency, copyright, and safety requirements defined in the GPAI Code of Practice starting August 2, 2026. Non-compliance can trigger model recalls, fines, and mandated changes — the first such mandate of its kind globally.

Change 2: The AI Nudifier Ban

The highest-profile new provision is a prohibition on AI systems that generate non-consensual intimate imagery. The ban covers:

Placing on the EU market AI systems designed to create child sexual abuse material (CSAM) or non-consensual intimate images of identifiable real persons
Placing on the EU market AI systems without reasonable safety measures to prevent such creation
Deploying or using these systems for such purposes

The content types covered include images, video, and audio. Companies have until 2 December 2026 to bring their systems into compliance with the prohibition.

Co-rapporteur Michael McNamara (Renew, Ireland) called the ban "a key part of the Parliament's mandate," saying it gives regulators tools to act when AI systems "compromise fundamental rights or human dignity."

AI Act: Before and After the Digital Omnibus

Provision	Original AI Act	After Digital Omnibus
Standalone high-risk AI	August 2, 2026	December 2, 2027
Product-embedded AI	August 2, 2026	August 2, 2028
GPAI model rules	August 2, 2026	August 2, 2026 (unchanged)
AI nudifier apps	Not covered	Banned by December 2026
SME support scope	SMEs only	Extended to small mid-caps (SMCs)
Sector-specific product overlap	Dual compliance required	Reduced overlap, sector rules primary

⚖️

Critic's View
Not everyone sees the amendments as sufficient. EPP shadow rapporteur Axel Voss (Germany) argued that the package's "only substantial deregulatory measure" was the industrial carve-out, with most other changes simply delaying existing timelines. Meanwhile, some AI companies worry the GPAI Code of Practice enforcement starting August 2026 could prove more disruptive than the delayed high-risk rules.

Key Takeaways

June 16: EU Parliament plenary votes to formally adopt Digital Omnibus AI Act amendments
High-risk standalone AI: obligations pushed from August 2026 to December 2027
Product-embedded AI: obligations pushed from August 2026 to August 2028
GPAI models (OpenAI, Google, Anthropic, Mistral): August 2026 enforcement unchanged
New ban: AI nudifier apps prohibited in EU market from December 2026
Double-regulation burden reduced for medical devices, machinery, and other regulated products

🔗

Sources & Official References
— European Parliament Press Release: AI Act deal on simplification measures and nudifier app ban (May 7, 2026)
— European Parliament Plenary Agenda: June 15–18 Strasbourg session — AI Act vote details
— EU Perspectives: Parliament committees greenlight Digital AI Omnibus — full analysis
— The Parliament Magazine: Why the EU rewrote its landmark AI law — high-risk delays and industrial carve-outs explained