EU governments and Parliament agree omnibus rewrite, push AI Act compliance to 2027

The Council of the EU said on May 7 that member-state governments and European Parliament negotiators had reached a provisional agreement to simplify parts of the AI Act, part of the bloc’s “Omnibus VII” package. The deal keeps the law in place but changes the timing and some mechanics for high-risk systems, with stand-alone high-risk obligations now set to apply from December 2, 2027, and rules for high-risk AI embedded in products from August 2, 2028. (consilium.europa.eu) The European Commission followed on May 19 with draft guidelines on how Article 6 should be applied when deciding whether an AI system is high-risk. (digital-strategy.ec.europa.eu) Those guidelines are aimed at providers, deployers and market-surveillance authorities, and include examples for both Annex I product-safety systems and Annex III stand-alone use cases. (chronicle.lu) Luxembourg added an enforcement signal on May 20 when its Ministry of Digitalisation launched TAID.LU, a call for deepfake-detection solutions to support the Luxembourg Independent Audiovisual Authority, or ALIA, in its new AI Act monitoring work. The tender asks for a secure platform with detection and explanation features, and applications are due by June 22, 2026. (consilium.europa.eu) ### Which compliance dates actually moved? The Council said the provisional agreement introduces a fixed delayed timetable for high-risk rules. Under that text, stand-alone high-risk AI systems — the category tied to Annex III use cases under Article 6(2) — would move to December 2, 2027, while high-risk AI embedded in products would move to August 2, 2028. (digital-strategy.ec.europa.eu) The same press release said the Commission had proposed adjusting the timeline by up to 16 months so that high-risk rules would start once standards and tools were available. The co-legislators also reinstated a requirement for providers to register systems in the EU database for high-risk systems when they consider those systems exempt from high-risk classification. (chronicle.lu) ### What did Brussels change besides the calendar? The Council said the omnibus text broadly maintained the Commission proposal while adding targeted changes. Those include extending some SME-related exemptions to small mid-caps, reducing requirements in a limited number of cases, extending the possibility to process sensitive personal data for bias detection and mitigation, reinforcing the AI Office’s powers and reducing governance fragmentation. (consilium.europa.eu) The provisional agreement also adds a new prohibited-practices provision covering AI systems used to generate non-consensual sexual and intimate content or child sexual abuse material, according to the Council text. (consilium.europa.eu) ### What does the Article 6 guidance actually clarify? The Commission said its May 19 draft is meant to support uniform application and effective enforcement of Article 6. The guidance says an AI system is high-risk in two main scenarios: if it is a safety component of a product, or is itself a product, covered by Annex I legislation and subject to third-party conformity assessment; or if it falls into one of the Annex III use cases. (consilium.europa.eu) The draft also sets out the Commission’s interpretation of concepts relevant to classification and gives practical examples of systems that should or should not be treated as high-risk. The examples are not exhaustive and may be updated over time, the Commission said. (consilium.europa.eu) ### Why does Luxembourg matter here? Luxembourg’s May 20 TAID.LU call shows how the law is moving from text to tooling. The Ministry of Digitalisation said GovTech Lab wants a reliable tool for detecting deeply manipulated content to help ALIA carry out new monitoring responsibilities under the AI Act. The call asks for a secure platform for ALIA staff with an interface, a processing engine and an AI-based detection layer that explains results. (digital-strategy.ec.europa.eu) Interested operators must apply through Luxembourg’s public procurement portal by June 22, 2026. ### What happens next in the EU process? The Council said the provisional agreement was updated on May 18 with a letter from the Council presidency to the Parliament with a view to a first-reading agreement. (digital-strategy.ec.europa.eu) The Commission’s targeted consultation on the draft high-risk guidelines is open after the May 19 publication, and the Luxembourg TAID.LU procurement remains open until June 22, 2026. (consilium.europa.eu) (chronicle.lu)