The EU Has Simplified AI Act Rules: What Changed for Business - and What Did Not

13.05.2026

• What Changed
• What This Means for Your Business
• Recommendations
• Please contact our lawyer to get more details

On 7 May 2026, the European Parliament and the Council of the EU reached a political agreement on the AI Omnibus package - a set of amendments simplifying the implementation of the AI Act.

Some key deadlines have been pushed back and certain requirements eased - but the core obligations, including the ban on high-risk practices and transparency requirements, remain in force.

 

What Changed

The AI Act entered into force on 1 August 2024 and was due to apply in full two years later on 2 August 2026. Following the AI Omnibus agreement, the rules for high-risk AI systems now have an extended transitional period until 2 August 2028.

 

Key changes under the AI Omnibus:

• High-risk AI systems: the timeline for applying the rules has been adjusted — they will enter into application once the Commission confirms that the necessary standards and tools are available. This removes some uncertainty for developers.
• SMEs and small mid-caps: regulatory exemptions previously available only to SMEs are now extended to small mid-cap companies (SMCs).
• AI content labelling: the grace period for implementing solutions to mark AI-generated content has been cut from 6 to 3 months — the new deadline is 2 December 2026.
• Ban on nudification apps: the agreement introduces an explicit ban on AI applications that generate sexualised images without consent — a new category of directly prohibited practices.
• Polish regulator: Poland is preparing to establish an entirely new body — the Commission for the Development and Safety of Artificial Intelligence (KRiBSI) — as the sole national AI regulator, making it one of only two EU countries with a centralised supervisory model. The legislation has not yet been passed by parliament.

 

What This Means for Your Business

 

• AI developers: some deadlines have shifted, but the bans on high-risk practices and AI literacy obligations have been in force since February 2025 — they cannot be ignored.
• HR-tech, credit scoring platforms, medical AI systems: these categories are classified as high-risk AI systems — obligations remain in place regardless of the general easing of timelines.
• Companies using generative AI: the requirement to label AI-generated content takes effect as early as 2 December 2026 — less than 7 months away.
• All employers: the obligation to ensure AI literacy among employees is already in effect — ignoring it creates regulatory risk.
• Polish context: the national regulator KRiBSI does not yet exist — oversight remains diffuse, which reduces the immediate risk of sanctions but creates uncertainty for businesses.

Recommendations

 

1.  Conduct an AI audit: build a register of all AI systems you use or develop, and classify them by risk category under the AI Act.
2. Check for prohibited practices: the ban on AI with manipulative, discriminatory or social-scoring functions is already in force.
3. Prepare for AI content labelling: if your products or communications use generative AI — the 2 December 2026 deadline is fast approaching.
4. Document employee AI training: this is a legal requirement, not a formality.
5. Monitor Polish legislation on KRiBSI: its adoption will change supervision and sanction procedures at national level — monitoring is essential.
    

For advice on AI compliance, system classification and preparation for AI Act requirements, please contact REVERA team.

 

Please contact our lawyer to get more details Contact The Lawyer