What Is the EU AI Act Omnibus?
The EU AI Act Omnibus at a glance
The EU AI Act Omnibus is an amendment that partially revises the AI Act, the comprehensive AI regulation the EU enacted in 2024. Formally called the "Digital Omnibus," it forms part of a series of legislative proposals known as "Omnibus VII," which the EU is advancing to simplify its rules. Its defining feature is that a delay that "loosens" regulation and a new prohibition that "tightens" it sit side by side within the same amendment. Let us first look at what it contains and how it came to be adopted.
What the EU AI Act Omnibus Is
The amendment has two pillars pointing in different directions. One is to push back the application of the obligations imposed on AI deemed high-risk. The other is to newly prohibit AI that generates sexual or intimate images of a person without their consent, and AI that creates CSAM (child sexual abuse material).
They set fixed deadlines for the delayed application of high-risk AI rules: 2 December 2027 for stand-alone high-risk AI systems, and 2 August 2028 for high-risk AI systems embedded in products. / They added a new provision to the AI Act that prohibits AI practices generating non-consensual intimate or sexual content as well as child sexual abuse material. — European Parliament, Legislative Train, "Digital Omnibus on AI"
In other words, the amendment combines two moves: taking more time to phase in the parts flagged as heavy burdens for businesses, while bringing forward a ban on uses of AI that cause serious social harm.
How It Came to Be Adopted (already adopted)
The amendment went through the EU's legislative procedure and was adopted in June 2026. The path from negotiations to entry into force can be laid out as follows.
How the EU AI Act Omnibus was adopted
The starting point was the provisional agreement of 7 May 2026. Negotiators from the Council of the EU, the European Parliament, and the European Commission settled on the content of the amendment.
On 7 May 2026, negotiators from the Council of the European Union, the European Parliament, and the European Commission reached a provisional agreement / Once adopted, the amendments will enter into force on the third day following publication in the Official Journal — Inside Privacy (Covington)
After that, the European Parliament adopted it in plenary in June 2026, and the Council of the EU gave its final approval on 29 June 2026. The adopted amendments enter into force on the third day after publication in the EU's Official Journal. As we will see in the following chapters, the dates on which each individual rule actually applies are set separately.
Postponement of High-Risk Obligations
Application dates for high-risk AI obligations (before and after the delay)
The first pillar is the postponement of high-risk AI obligations. The AI Act designates AI used for purposes that can heavily affect people's lives as "high-risk" and imposes substantial obligations on it. The Omnibus pushed back the dates on which those obligations actually apply.
What Was Postponed (the obligations for high-risk AI)
High-risk AI refers to AI used in settings that bear on people's rights or safety, such as hiring, lending, education, and critical infrastructure. Such AI carries substantial obligations, including risk management, ensuring data quality, and record-keeping. The Omnibus did not abolish these obligations themselves; rather, it delayed their "start date" so that companies have time to prepare. The substance of the obligations remains, and only the timing of their entry into effect has moved.
The New Application Dates (December 2027 and August 2028)
The postponed dates split into two, depending on how the AI is used. Stand-alone high-risk AI (the use cases listed in Annex III) now has a new application date of 2 December 2027, and high-risk AI embedded in products (Annex I) of 2 August 2028.
As enacted, those requirements were due to apply from 2 August 2026 in respect of stand-alone AI systems falling within the use cases listed in Annex III, and from 2 August 2027 in respect of AI systems used as a safety component of, or themselves constituting, products falling within the EU sectoral harmonisation legislation listed in Annex I. / The agreed text replaces those dates with fixed application dates of 2 December 2027 for Annex III systems and 2 August 2028 for Annex I systems. — William Fry, "Postponed high-risk application dates"
The original schedule was 2 August 2026 and 2 August 2027, respectively. That works out to a delay of roughly 16 months for stand-alone high-risk AI and roughly a year for AI embedded in products. These two categories map to the AI Act's high-risk classifications: Annex III (stand-alone systems) and Annex I (systems embedded in products).
Newly Prohibited AI
The newly added prohibition (Article 5)
The second pillar is the addition of a new prohibition. While the delay loosens regulation, the amendment brings forward a check on uses of AI that cause serious social harm.
The Prohibition Added to Article 5
The Omnibus added one new prohibition to Article 5 of the AI Act (the provision that sets out prohibited uses of AI): AI that generates sexual or intimate images of a person without their consent, and AI that generates CSAM (child sexual abuse material).
They added a new provision to the AI Act that prohibits AI practices generating non-consensual intimate or sexual content as well as child sexual abuse material. — European Parliament, Legislative Train, "Digital Omnibus on AI"
This prohibition is the centerpiece new restriction of the Omnibus, one the European Parliament refused to give ground on in negotiations. Within an amendment aimed at simplifying regulation, this single point works to tighten it.
Scope and Effective Date (2 December 2026)
The prohibition targets AI that depicts or manipulates the intimate parts or sexual acts of a real person without that person's clear consent. The Council of the EU explains that it has in mind apps that create nude images of real people or that remove clothing from photographs. This prohibition applies from 2 December 2026.
The prohibition—which takes effect on 2 December 2026—amends Article 5 of the AI Act to ban the placing on the market, putting into service, or use of AI systems that generate or manipulate realistic depictions of an identifiable natural person's intimate parts or of an identifiable person engaged in sexually explicit activities, without that person's freely given, specific, informed, unambiguous, and explicit consent. — Inside Privacy (Covington)
While the obligations for high-risk AI are postponed, this prohibition begins to apply about half a year later, in December 2026. This deliberate balance—loosen where it can be loosened, and stop early what should be stopped—captures the character of the amendment well.
Impact on Businesses in Japan
What businesses in Japan should watch now
Finally, let us organize the impact on businesses in Japan. The EU AI Act is known as a framework that also reaches non-EU companies providing AI into the EU, and businesses in Japan are not unaffected.
Points Businesses in Japan Should Watch
The points to keep in mind in practice split along the two pillars. For businesses involved with high-risk AI, the application of obligations has been postponed to December 2027 and August 2028, giving more time to prepare. On the other hand, businesses involved in image generation need to prepare early for the new provision banning nudification and CSAM AI, which applies from 2 December 2026. The practical key is to handle these separately: the parts where the delay grants breathing room, and the parts where a prohibition is brought forward. The final judgment on scope must be confirmed against the formal text as published in the Official Journal.
How It Differs from the Colorado AI Act
Viewed more broadly, the EU and the United States are a study in contrast when it comes to the stability of AI regulation. In the U.S., rules differ from state to state, and their content changes over short spans. Indeed, the Colorado AI Act—said to be the first of its kind in the nation—was repealed and replaced before it even took effect. The EU AI Act, by contrast, has clear extraterritorial reach and a settled overall picture, and with this Omnibus even the timing of application is now concretely fixed. For many Japanese companies, the EU AI Act—with its overall picture settled—is likely to be an easier-to-track and higher-priority subject of consideration than the shifting U.S. state laws. For developments on the U.S. side, see also our explainer on what the Colorado AI Act is.
Overseas laws and primary sources like these are often published in English. If you want AI to summarize a long English provision or commentary, converting it to Markdown format in advance preserves the structure of headings and bullet points and improves the accuracy of the summary. Because pasting a web page as-is tends to mix in styling information, tidying up the original document before handing it over is the shortcut to stable comprehension.
The EU AI Act Omnibus is a measured amendment that postpones the obligations for high-risk AI while newly banning malicious image-generation AI. For businesses in Japan, the realistic step to take now is to separate the high-risk work that the delay has granted breathing room for from the ban on nudification and CSAM approaching in December 2026, and to prepare while confirming the formal text in the EU's Official Journal.



