Tag: digital omnibus regulation

  • European Parliament AI Act Vote: 423-57 Result Explained

    On 16 June 2026, the European Parliament voted 423 to 57 (with 174 abstentions) to approve the first amendments to the EU AI Act since it entered into force in August 2024. The vote adopted the “Digital Omnibus on AI” package: it pushes back the compliance deadline for high-risk AI systems to 2 December 2027 (or 2 August 2028 for AI embedded in regulated products), extends the AI-content watermarking deadline to 2 December 2026, and creates a new EU-wide ban on “nudifier” apps and AI-generated child sexual abuse material, also taking effect 2 December 2026.

    The European Parliament AI Act vote 2026 is a single, targeted amendment procedure — not a rewrite of the regulation. The AI Act’s risk-based architecture, its prohibited-practice list, and its general-purpose AI (GPAI) obligations are unchanged and still apply from 2 August 2026. What moved is the compliance runway for the highest-obligation tier, plus one significant new prohibition.

    The Digital Omnibus on AI is the legislative vehicle the European Commission proposed on 19 November 2025 as part of its seventh simplification “omnibus” package, following a provisional political agreement between Parliament, Council, and Commission negotiators on 7 May 2026. The Council of the European Union has stated that, because obligations on high-risk AI systems were due to enter into force on 2 August 2026, the co-legislators treated the file with priority. The Council must still give its own formal sign-off — expected before that 2 August 2026 date — before the amendments take legal effect.

    What exactly did the Parliament vote pass?

    MEPs approved targeted amendments to Regulation (EU) 2024/1689 (the AI Act), submitted under procedure file 2025/0359(COD). The result — 423 in favour, 57 against, 174 abstaining — is a decisive majority, but the near-40% abstention rate signals real political division over loosening any part of a regulation adopted only two years earlier.

    Co-rapporteur Arba Kokalari (EPP, Sweden) framed the vote as “pressing the pause button on the AI Act” to cut red tape for companies, while co-rapporteur Michael McNamara (Renew, Ireland) described it as “establishing legal certainty by extending certain timelines while preserving the AI Act’s architecture.” Both statements matter for compliance planning: the vote is explicitly a timeline and scope adjustment, not a reopening of the Act’s risk classifications or its prohibited-practices list.

    New deadlines: what got delayed, and until when

    The amendment postpones application of high-risk AI obligations to give standard-setting bodies and market-surveillance authorities time to finish the technical standards the Act depends on. Three separate dates now apply, replacing the single 2 August 2026 cut-off in the original text.

    Obligation Original deadline New deadline (as passed 16 June 2026)
    Stand-alone high-risk AI systems (Annex III — e.g. hiring, education, law enforcement) 2 August 2026 2 December 2027
    High-risk AI embedded as a safety component in regulated products (e.g. medical devices, machinery) 2 August 2026 2 August 2028
    AI-generated content watermarking/labelling (systems on the market before 2 August 2026) 2 August 2026 2 December 2026
    Ban on nudifier and CSAM-generating AI systems Not previously in the Act 2 December 2026

    Crucially, what did not move: the AI Act’s prohibited-practices provisions (e.g. social scoring, manipulative AI) and its general-purpose AI transparency obligations remain scheduled for 2 August 2026, and AI-literacy requirements for staff working with AI systems are already in force. Institutions should not read the high-risk delay as a delay to the whole Act.

    The nudifier app ban: what is now illegal

    The amendment inserts an outright ban on AI systems that generate child sexual abuse material or produce images, video, or audio depicting an identifiable person’s intimate parts or sexual activity without consent. Providers cannot place such systems on the EU market unless they build in technical safeguards against that use; deployers who use existing tools for this purpose are equally liable. Compliance is required by 2 December 2026.

    McNamara said the ban targets tools that “impact real people, overwhelmingly women, with the purpose of humiliating, degrading and objectifying them,” and confirmed Parliament fought to have it “enter into force before the end of this year.” This is the amendment’s only genuinely new prohibition — everything else in the package either delays or clarifies existing obligations.

    Other changes: machinery, bias testing, SME exemptions

    Beyond deadlines and the nudifier ban, the adopted text makes four further adjustments:

    • Removes duplicate compliance requirements for AI-enabled machinery products, so manufacturers satisfy sectoral safety law rather than both that law and the AI Act in parallel.
    • Narrows the definition of “safety component,” so AI features that only assist users or optimise performance no longer automatically trigger high-risk obligations unless their failure poses a genuine health or safety risk.
    • Permits processing of sensitive personal data, under safeguards, specifically to detect and correct bias in both high-risk and non-high-risk AI systems.
    • Extends existing SME compliance exemptions to “small mid-cap enterprises” (SMCs), and centralises enforcement of certain general-purpose AI systems within the EU AI Office.

    What this means for research institutions and publishers

    Most Digital Omnibus coverage has focused on industry and machinery. Two effects are more directly relevant to research administrators, universities, and scholarly publishers, and are largely absent from legal-sector explainers of this vote.

    First, the sixteen-month extension for standalone high-risk AI systems covers tools universities have begun deploying for candidate screening, admissions triage, and staff performance evaluation — Annex III “employment and worker management” use cases. Institutions now have until 2 December 2027, not 2 August 2026, to reach conformity, but the underlying obligation, and the requirement that staff have adequate AI literacy, has not been removed.

    Second, the extended watermarking deadline (2 December 2026 for tools already on the market) affects AI-detection and provenance workflows journals use to flag AI-generated text and images in submissions. Publishers should not assume machine-readable AI-content labels are universally present in EU-origin content before that date, since pre-existing tools get an extra four months’ grace.

    Neither effect changes CASRAI’s role: CASRAI originated the CRediT contributor role taxonomy in 2014, and the standard is now stewarded by NISO as ANSI/NISO Z39.104-2022. The Digital Omnibus does not touch authorship or contributorship standards directly, but institutions mapping AI-assistance disclosure into research administration workflows should track the December 2026 and December 2027 dates alongside their own policy review cycles.

    Answer-first Q&A

    What did the European Parliament vote on for the AI Act in June 2026?

    On 16 June 2026, MEPs voted 423 to 57 to approve the Digital Omnibus on AI, a targeted amendment package that delays several AI Act compliance deadlines and adds a new ban on AI “nudifier” apps and CSAM generation, without altering the Act’s risk-based structure.

    When do the EU AI Act’s high-risk rules now apply?

    Under the amended text, stand-alone high-risk AI systems must comply from 2 December 2027, and high-risk AI embedded in regulated products such as medical devices or machinery must comply from 2 August 2028 — both later than the original 2 August 2026 date.

    What is banned under the EU’s nudifier app ban?

    The ban covers AI systems that generate non-consensual intimate imagery of an identifiable person or child sexual abuse material. It applies to developers and deployers alike and takes effect 2 December 2026, six months after the Parliament vote.

    Does the Digital Omnibus change the AI Act’s risk-based approach?

    No. Parliament’s own summary states the amendments aim to support compliance “while maintaining the law’s main provisions and risk-based approach.” Prohibited practices and general-purpose AI transparency duties are unchanged and remain due 2 August 2026.

    What happens next

    The text adopted on 16 June 2026 still requires formal adoption by the Council of the European Union before it enters into force — a procedural step Parliament’s own press release flags under “next steps.” That approval is widely expected before 2 August 2026, the date on which most of the AI Act’s remaining original provisions still take effect regardless of this amendment. Institutions should treat the new 2027/2028 dates as the operative planning horizon for high-risk systems, while continuing to meet every obligation the vote left untouched.

  • AI Act Watermarking Obligations Delay: December 2026

    The AI Act watermarking obligations delay pushes Article 50(2) of the EU AI Act — the machine-readable marking duty for synthetic content — from 2 August 2026 to 2 December 2026 for AI systems already on the market before that date. This is a narrow, four-month transitional concession agreed in the EU’s Digital Omnibus trilogue on 7 May 2026. It does not touch Article 50(1), the separate duty to disclose that a person is interacting with an AI system, which still applies from 2 August 2026 as originally scheduled.

    Article 50 of Regulation (EU) 2024/1689 (the AI Act) is the transparency article governing four distinct duties: disclosure of AI interaction, machine-readable marking of synthetic content, deployer labelling of deepfakes, and labelling of AI-generated text on matters of public interest. Confusing these four sub-obligations — or confusing this watermarking delay with the separate, much longer postponement of high-risk AI system rules — is the most common compliance-timeline error research offices, publishers and institutional AI-governance teams are currently making.

    What actually changed in the Digital Omnibus trilogue

    The Council of the European Union and the European Parliament reached a provisional political agreement on the AI-related Digital Omnibus on 7 May 2026, after a nine-hour trilogue session held under the Cypriot Council Presidency. The text still requires formal endorsement by both institutions and legal-linguistic revision before it is published in the Official Journal, but its substance on watermarking is settled.

    The European Commission’s original November 2025 Digital Omnibus proposal sought a six-month postponement of the Article 50(2) marking obligation. The European Parliament’s negotiating mandate, adopted on 26 March 2026, pushed back for a shorter, three-month postponement. The trilogue compromise landed on four months, moving the application date for existing systems from 2 August 2026 to 2 December 2026.

    This is a narrow, technical fix, not a policy reversal. The stated rationale is operational: the AI Office’s Code of Practice defining how to meet the marking duty is still being finalised, and providers argued they could not build machine-readable marking, metadata and detector tooling against guidance that had not yet stabilised.

    Article 50(2) watermarking vs Article 50(1) disclosure: the nuance

    This is the distinction research administrators need to track separately, because press coverage frequently blurs it. Article 50(1) and Article 50(2) are different obligations with different deadlines, and only one of them moved.

    Provision What it requires Who it binds Application date Delayed?
    Article 50(1) Inform natural persons they are interacting with an AI system (e.g. chatbots) Providers 2 August 2026 No — unchanged
    Article 50(2) Machine-readable marking of synthetic audio, image, video or text output, detectable as artificially generated Providers 2 December 2026 (existing systems) Yes — 4-month delay
    Article 50(3) Label deepfake image, audio or video content shown to the public Deployers 2 August 2026 No — unchanged
    Article 50(4) Label AI-generated text published to inform the public on matters of public interest Deployers 2 August 2026 No — unchanged

    In other words, the disclosure and labelling duties that sit closest to end-user and reader-facing transparency — telling a person they are talking to a bot, or flagging that an image is a deepfake — proceed on the original 2 August 2026 timetable. Only the upstream, provider-side technical marking duty in Article 50(2) has moved.

    Who is affected, and from what date

    The four-month extension operates as a transitional grace period, not a blanket new deadline. It applies specifically to generative AI systems already placed on the EU market before 2 August 2026. Providers bringing a new generative AI system to the EU market on or after 2 August 2026 must comply with Article 50(2) marking from the point of placement, with no transitional window.

    • Existing systems (on the EU market before 2 August 2026): Article 50(2) marking applies from 2 December 2026.
    • New systems (placed on the market from 2 August 2026 onward): Article 50(2) marking applies immediately from placement.
    • Article 50(1), 50(3) and 50(4) duties: unaffected, all apply from 2 August 2026 for every system in scope.

    The same Digital Omnibus package also postpones application of the AI Act’s high-risk system requirements — Annex III stand-alone systems now apply from 2 December 2027, and Annex I product-embedded systems from 2 August 2028. These are separate rules on an entirely separate track from Article 50 transparency, and conflating the two — as some commentary has done — materially understates how soon the watermarking duty actually bites.

    The Code of Practice on Transparency of AI-Generated Content

    Article 50(2) compliance is operationalised through the AI Office’s Code of Practice on Transparency of AI-Generated Content. A first draft was published in December 2025, with a further draft circulated in May 2026 as the trilogue concluded. The European Commission’s Digital Strategy portal lists the Code among its active transparency-obligation guidance as of June 2026.

    The technical benchmark most frequently cited in industry guidance for machine-readable marking is C2PA Content Credentials, a provenance specification backed by major generative-AI and platform providers. Whichever technical route a provider chooses, the compressed runway between a finalised Code of Practice and the 2 December 2026 application date means marking, metadata-embedding and detector-tooling work needs to start now rather than after final guidance lands.

    Answer-first questions

    Has the AI Act watermarking deadline been delayed?

    Yes. Article 50(2) of the EU AI Act, which requires machine-readable marking of AI-generated synthetic content, moves from 2 August 2026 to 2 December 2026 for systems already on the market, under the Digital Omnibus trilogue agreement reached 7 May 2026.

    What is Article 50 of the AI Act?

    Article 50 is the AI Act’s transparency article. It sets four separate obligations: disclosing AI interaction, marking synthetic content, labelling deepfakes, and labelling AI-generated public-interest text — each with its own scope and, now, its own timetable.

    Does the delay affect the AI chatbot disclosure rule?

    No. Article 50(1), which requires providers to inform users they are interacting with an AI system such as a chatbot, is not delayed and continues to apply from 2 August 2026, unchanged by the Digital Omnibus.

    What is the Code of Practice on Transparency of AI-Generated Content?

    It is the AI Office’s guidance document operationalising Article 50 compliance, first drafted in December 2025 with further drafts through mid-2026. It is the practical reference providers use to meet the machine-readable marking requirement ahead of the 2 December 2026 deadline.

    Implications for research offices and publishers

    Institutions running AI-governance or research-integrity functions should treat this as a compliance-tracking, not a compliance-relief, event. Two separate dates now sit on the same calendar entry that many trackers previously listed as a single 2 August 2026 milestone. Research administration teams responsible for institutional AI-use policies, and publishers building AI-content-disclosure workflows alongside existing authorship-disclosure practices, need to record both dates and both scopes distinctly rather than treating “the AI Act deadline” as one event.

    • Update institutional compliance calendars to show 2 August 2026 (disclosure/labelling duties) and 2 December 2026 (marking duty for existing systems) as separate entries.
    • Distinguish the Article 50(2) watermarking delay from the much longer high-risk system postponement (2027/2028) when briefing leadership — the two are unrelated in scope and timing.
    • Track the AI Office’s Code of Practice finalisation, since the technical detail of “machine-readable” marking is defined there, not in the Regulation’s text.

    For institutions already documenting AI-content-disclosure alongside research-administration compliance tracking, the practical task is unchanged in substance and compressed in time: providers and deployers still need working marking and labelling capability, just against a marginally later date for one specific obligation.

    What happens next

    The Digital Omnibus text still requires formal endorsement and legal-linguistic revision before Official Journal publication, expected ahead of the original 2 August 2026 application date for the AI Act’s high-risk obligations. Once published, the 2 December 2026 date for Article 50(2) becomes fixed law rather than a trilogue compromise. Research offices, publishers and AI providers should treat the current text as the operative planning baseline, while watching for the AI Office’s final Code of Practice, which will determine exactly what “machine-readable” marking must look like in practice.

  • Digital Omnibus AI Act Delay 2026: What Research Institutions Must Know

    The digital omnibus AI Act delay 2026 is now confirmed: the European Parliament formally endorsed the deal on 16 June 2026 and the Council of the EU gave its final green light on 29 June 2026, pushing the AI Act’s high-risk obligations for stand-alone Annex III systems from 2 August 2026 to 2 December 2027. For research institutions running admissions, assessment, or exam-proctoring AI classified under Annex III’s education category, this removes an imminent compliance cliff but does not remove the obligation itself.

    The Digital Omnibus on AI is the European Commission’s targeted amendment package to Regulation (EU) 2024/1689 (the AI Act), tabled on 19 November 2025 to defer the applicability of high-risk obligations while harmonised technical standards catch up with the legislative timetable. It is distinct from the broader “Digital Omnibus” simplification package covering GDPR and the ePrivacy Directive, which is proceeding on a separate track.

    What is the Digital Omnibus on AI?

    The Digital Omnibus on AI is a package of targeted amendments to the EU AI Act, proposed by the European Commission to defer the applicability of high-risk AI obligations and to soften or clarify a handful of adjacent provisions. It does not alter the AI Act’s underlying risk-based architecture: the definitions of high-risk AI, the prohibited-practice list, and the general-purpose AI (GPAI) model rules all remain unchanged.

    Two changes matter most for institutional AI governance. First, the compliance timeline for high-risk AI systems is pushed back by more than a year. Second, a new prohibition targeting AI-generated non-consensual intimate imagery (“nudifiers”) and child sexual abuse material (CSAM) is inserted into Article 5, with a transitional period running to 2 December 2026.

    Timeline: how the delay was finalised

    The delay moved through five distinct stages before becoming binding. Each stage narrowed the uncertainty that had left institutions unable to plan with confidence through the first half of 2026.

    • 19 November 2025 — the European Commission tabled the Digital Omnibus on AI, proposing a conditional delay mechanism for Annex III high-risk obligations.
    • 18 March 2026 — the European Parliament’s lead committee signalled support for postponement, initially floating a shorter extension to 2 November 2026 rather than the Commission’s later date.
    • 6–13 May 2026 — trilogue negotiators reached a provisional political agreement, subsequently confirmed by Member State representatives in the Council (Coreper).
    • 16 June 2026 — the European Parliament formally endorsed the agreed text in plenary.
    • 29 June 2026 — the Council of the EU gave its final approval, completing the co-legislative procedure.

    Formal publication in the Official Journal of the European Union is expected before 2 August 2026, the date on which the amended provisions are designed to take legal effect. Until publication, the original 2 August 2026 deadline technically remains in force — a distinction several early client alerts flagged as a live risk for institutions that stopped preparing prematurely.

    New compliance dates for high-risk AI systems

    The Omnibus replaces the Commission’s original conditional trigger with fixed calendar dates. Annex III stand-alone high-risk systems — including those used for recruitment, credit scoring, law enforcement, border control, and education — now have until 2 December 2027 to comply, instead of 2 August 2026. Annex I systems embedded in already-regulated products, such as medical devices and machinery, move to 2 August 2028.

    Obligation Original date New date Status
    Unacceptable-risk prohibitions (Article 5); AI literacy (Article 4) 2 Feb 2025 Unchanged (literacy duty softened) In force
    GPAI model obligations; AI Office operational 2 Aug 2025 Unchanged In force
    Article 50 transparency (AI-generated content disclosure) 2 Aug 2026 2 Aug 2026 (largely unchanged) Proceeding as scheduled
    Article 50(2) watermarking grace period for existing systems 2 Aug 2026 2 Dec 2026 Deferred (grace period)
    New Article 5 ban on non-consensual intimate imagery/CSAM AI 2 Dec 2026 (transitional period ends) New provision
    Annex III high-risk obligations (incl. education/admissions AI) 2 Aug 2026 2 Dec 2027 Deferred
    Member state AI regulatory sandboxes (Article 57) 2 Aug 2027 2 Aug 2027 (sandbox timeline unaffected for Annex III) Unchanged
    Annex I high-risk obligations (embedded, e.g. medical devices) 2 Aug 2027 2 Aug 2028 Deferred

    Two provisions are not deferred. The Article 50 transparency duty — telling users they are interacting with an AI system, and labelling AI-generated content — largely proceeds on the original 2 August 2026 schedule, with only the narrower watermarking sub-obligation under Article 50(2) receiving a four-month grace period for systems already on the market.

    What changes for research institutions under Annex III

    Annex III, paragraph 3 of the AI Act designates AI systems used in the education and vocational training domain as high-risk where they determine access or admission to an institution, evaluate learning outcomes, assess the appropriate level of education for an individual, or monitor and detect prohibited behaviour by students during tests. This is the category most directly relevant to research institutions and universities.

    Concretely, the delay reaches:

    • Admissions and PhD-selection algorithms that rank or filter applicants;
    • Automated assessment and grading tools used to evaluate learning outcomes;
    • Exam-proctoring and academic-integrity-monitoring systems deployed during tests;
    • Tools that assign students to a particular level or track of study.

    Research-integrity screening tools (plagiarism and image-manipulation detection) and grant- or funding-evaluation algorithms sit in a greyer area: they may qualify as high-risk under other Annex III categories — such as access to essential public services — depending on how decisively the AI output determines an outcome for the individual concerned. Institutions should not assume a blanket exemption; classification still depends on the specific use case, not the sector label.

    The practical effect of the delay is headroom, not relief. Conformity assessments, technical documentation, human-oversight design, and post-market monitoring for Annex III education systems must still be built — the deadline for having them in place has simply moved from 2 August 2026 to 2 December 2027. Institutions that paused compliance work in anticipation of the delay now have a defined, and shorter than expected, runway of roughly seventeen months from the June 2026 vote.

    Answer-first Q&A

    What is the EU AI Act Digital Omnibus?

    The Digital Omnibus on AI is a European Commission proposal, tabled 19 November 2025 and finalised through Parliament and Council votes in June 2026, that amends the AI Act to defer high-risk compliance deadlines and adjust several related provisions without changing the Act’s core risk-based structure.

    When do high-risk AI obligations now apply under the AI Act?

    Stand-alone Annex III high-risk systems, including education and admissions AI, must comply by 2 December 2027. AI embedded in already-regulated products under Annex I, such as medical devices, must comply by 2 August 2028, both later than the original 2026/2027 dates.

    Does the delay apply to AI used in education and research admissions?

    Yes. Annex III explicitly classifies AI systems governing admission decisions, learning-outcome evaluation, and exam proctoring as high-risk. These systems’ compliance deadline moves with the rest of Annex III, from 2 August 2026 to 2 December 2027, once the Omnibus is published.

    What still happens on 2 August 2026 despite the delay?

    The Article 50 transparency obligations — disclosing AI interactions and labelling AI-generated content — remain on schedule for 2 August 2026. Only the narrower watermarking duty under Article 50(2) gets a four-month grace period, to 2 December 2026, for systems already on the market.

    Implications and what happens next

    For research administrators, the confirmed timeline changes planning horizons more than it changes obligations. Governance work — data-quality checks, human-oversight protocols, and documentation for admissions and assessment AI — can now be sequenced over roughly seventeen months rather than weeks.

    The Omnibus must still be published in the Official Journal before the new dates bind; until then, 2 August 2026 remains the legal default. Institutions should treat formal publication, expected in the weeks following the 29 June 2026 Council approval, as the trigger to lock in updated compliance calendars, not the political agreement alone.

    Institutions building governance around admissions, assessment, and research-integrity AI should track both the AI Act’s Annex III scope and adjacent standards work as they mature.

    For related institutional definitions and terminology, see the CASRAI Open Research Glossary and the research administration resource hub.