AI Omnibus deal: EU lawmakers should reject a rollback of AI safeguards
On 7 May 2026, EU institutions reached a final deal on the AI Omnibus, a file presented as technical simplification of the Artificial Intelligence Act (AI Act). In practice, the deal delays key protections, weakens transparency and creates a dangerous precedent for the EU digital rulebook. The European Parliament and the Council of the EU should reject it.
A deregulation file presented as simplification
The AI Omnibus should not have happened. The AI Act was adopted after years of negotiation and compromise, yet some of its most important safeguards have not even started to apply.
Instead of supporting implementation through guidance, resources and strong enforcement, and timely work on crucial implementation tools such as standards, the European Commission reopened the law under the banner of ‘simplification.’ In reality, as with much of the wider Digital Omnibus agenda, this process has become a vehicle for deregulation. The final deal goes far beyond technical changes.
Amongst other changes, it delays obligations for high-risk AI systems, weakens public transparency, changes how the AI Act applies to industrial AI, and adds new prohibited practices at the last minute. These are political choices with real consequences for fundamental rights and accountability.
Furthermore, this process sets a dangerous precedent. If newly adopted digital rights laws can be reopened before they apply, powerful actors can treat implementation as a second chance to weaken rules they dislike. For rules that already apply but urgently need stronger enforcement, including the General Data Protection Regulation (GDPR) and the ePrivacy Directive, the message is equally dangerous: under the banner of ‘competitiveness’, fundamental rights can be pushed further into the background. Globally, due to its shift to a regressive trajectory in relation to digital rights, the EU risks reinforcing race to the bottom in digital (de)regulation.
This is made worse by a process marked by weak evidence, no proper impact assessment, insufficient public-interest consultation, and a rushed timeline for legally and politically complex changes.
The deal weakens key AI Act safeguards
One of the worst Commission proposals was stopped. This specific proposal was also a clear example of what is wrong with the current deregulatory wave. The final deal does not fully delete the obligation to register AI systems in the EU database when providers rely on Article 6(3) to classify systems as ‘not high-risk’.
This matters because Article 6(3) already gives providers discretion to decide that some systems used in high-risk areas should not be treated as high-risk. Without public registration, companies could have avoided key AI Act obligations with almost no public trace.
But the deal still weakens public transparency. Providers will have to upload less information to the public database. This means regulators, researchers, civil society and affected people will have less information to assess whether providers are classifying their systems correctly, consequently less ability to fight back when AI harms occur.
The deal also moves the Machinery Regulation from Section A to Section B of Annex I. In practice, this pushes AI systems embedded in machinery towards sectoral machinery rules, rather than the AI Act’s horizontal high-risk framework.
This is a serious change. The AI Act was designed as a horizontal law because AI-related harms do not fit neatly into product safety boxes. Machinery law may address physical safety, but it was not designed to cover the full range of AI-specific and fundamental rights risks.
AI systems embedded in machinery can affect workers’ safety, work pace, task allocation, monitoring, autonomy and ability to challenge decisions. If these systems are framed as optimisation, automation, efficiency or quality control, their rights impact may become harder to capture.
Delayed safeguards mean delayed accountability
The final deal delays key obligations for high-risk AI systems. For many high-risk systems, safeguards are delayed until 2 December 2027. For AI systems covered through Annex I, the timeline is pushed further, to 2 August 2028.
This means that potentially harmful AI systems can be placed on the market or deployed for longer without the full AI Act safeguards. These safeguards include rules on risk management, documentation, human oversight, transparency, accuracy, robustness and monitoring.
This is especially concerning because AI systems are already being deployed in sensitive areas such as workplaces, public services, health, education, policing, migration and the justice system.
Delaying safeguards is not a neutral administrative step. It delays accountability and extends the period in which people affected by AI systems lack the protections the AI Act was supposed to provide.
Sensitive data and headline bans should not distract from the wider rollback
The AI Omnibus also introduces a worrying derogation for processing special categories of personal data for bias detection and correction. Bias detection matters, of course, but it should not be used to normalise the presence of highly sensitive data in AI pipelines. Data revealing health, political opinions, sexual orientation or ethnicity requires strict protection under EU data protection law.
This is especially worrying in the context of the so-called ‘Data Omnibus’, the other pillar of the Digital Omnibus, which risks creating further derogations for the use of special categories of personal data in AI development. Together, these files risk shifting sensitive data processing from exceptional to normal.
The final deal also adds new prohibitions on AI systems generating or manipulating non-consensual intimate material and child sexual abuse material. The harms addressed here are real and severe. But these prohibitions were inserted into an Omnibus file presented as technical simplification, despite the AI Act already having a review mechanism for prohibited practices, and while rights-abusive emotion recognition against people on the move and EU-made surveillance technologies affecting people outside of the EU continue to be permitted.
A headline ban should not distract from the wider reality: the same deal delays safeguards, weakens transparency and creates new loopholes.
Parliament and Council should reject the AI Omnibus deal
The AI Omnibus weakens the AI Act before key safeguards have even started to apply. It delays accountability, reduces transparency, fragments the AI Act’s horizontal logic and gives industry lobbyists a clear signal that implementation can be used to reopen obligations they dislike.
This matters beyond AI. The same deregulatory logic is visible in the Data Omnibus and the Digital Fitness Check, as well as in other areas far beyond digital rights. If this model becomes normal, the EU digital rulebook will remain permanently open to pressure whenever safeguards become inconvenient.
In our accompanying analysis, we explain the main changes in more detail. The conclusion is clear: the European Parliament should reject the AI Omnibus deal. Policymakers who care about fundamental rights, rule of law, and meaningful accountability must resist the normalisation of deregulation, whether through Omnibus files or any other rushed procedure used to weaken hard-won safeguards.
- COM (2025) 836 Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules on artificial intelligence (Digital Omnibus on AI)
- Reject the proposals to undermine transparency in the AI Act
- Press Release: Commission’s Digital Omnibus is a major rollback of EU digital protections
- Open Letter: EU lawmakers must safeguard the AI Act
- EDRi responds to European Commission’s consultation call on the Digital Omnibus
- AI Omnibus: deregulation at the expense of fundamental rights
- How EU proposals to “simplify” tech laws will roll back our rights in order to feed AI
- Digital Rights Are on the Chopping Block in the European Commission’s Omnibus
- How to actually protect against digital sexualized violence
- The (omni)bus takes the wrong turn: is the EU weakening our rights?
- What’s Driving the EU’s AI Act Shake-Up?
- What the EU AI Omnibus Deal Changes for the AI Act and What Lies Ahead
- Why Civil Society Is Sounding the Alarm on the EU’s Omnibus Rollback
- Joint statement – A dangerous precedent: how the EU AI Act fails migrants and people on the move
- Lawmakers reluctant to stop EU companies profiting from surveillance and abuse through the AI Act