1 June 20266 minute read

EU bodies reach provisional agreement on AI Act: Key points for organizations

Written by:Danny TobeyGareth StokesJeanne DauzierMark O'ConorCoran Darling

The Council of the European Union and Parliament recently reached a provisional agreement on amendments to Regulation (EU) 2024/1689, or the Artificial Intelligence (AI) Act.

Announced on May 7, 2026, the amendments respond to the European Commission’s Digital Omnibus, which is a broader package of proposed changes to the AI Act (as discussed on our Technology's Legal Edge blog). The amendments were drafted to simplify compliance and enhance protections for individuals from AI risks.

For organizations subject to regulation by the AI Act – given that the law has broad extra-territorial reach and applies to a wide range of activities outside the EU – the provisional agreement addresses several concerns with the original text from industry and the public.

The agreement may put organizations on notice to comply with the AI Act’s more comprehensive obligations in a timely manner.

Below, we summarize key information for organizations preparing to navigate the developing legal landscape, including key legislative changes and potential next steps.

Key changes

While the AI Act retains its overall purpose and format, several changes to the original text have been agreed upon.

Extended compliance timeline for high-risk AI systems

The agreement, if formalized, would postpone the application of provisions related to high-risk AI systems. Notably, organizations would be granted additional time to prepare for compliance:

  • Rules for AI systems outlined under Annex III would apply from December 2, 2027 (a 17-month extension).

  • Rules for AI systems integrated into products subject to product safety regulation (as outlined in Annex I) would apply from August 2, 2028 (a 12-month extension).

New prohibitions for AI systems that create harmful imagery

The provisional agreement introduces an Article 5 amendment that would prohibit the use of AI systems to generate harmful content, including non-consensual sexual and intimate content or child sexual abuse materials. As currently positioned, the prohibition anticipates application to AI systems that lack appropriate safeguards against such uses.

Reconciliation of AI Act provisions with existing sectoral law

The provisional agreement addresses three notable issues that arose from the AI Act’s interaction with existing sectoral regulations that have similar AI-specific requirements.

First, the agreed position would exempt the Machinery Regulation from being directly subject to the AI Act. However, the Commission would still be able to adopt delegated acts under the Machinery Regulation that introduce additional health and safety requirements for AI systems that the AI Act categorizes as high-risk.

Second, the definition of “safety component” would be narrowed to exclude AI that serves the lower-impact purposes of performance optimization and user assistance.

Third, the Commission would be obligated to guide economic operators of high-risk AI systems also covered by sectoral harmonized legislation on AI Act compliance.

Tightened compliance timeline for transparency obligations

The provisional agreement would reduce the grace period for providers as they implement transparency measures, such as watermarking and content labeling. Providers would be required to implement solutions by no later than December 2, 2026 – reducing their compliance window from six months to three months. The Code of Practice on Transparency of AI-Generated Content, which can be used by organizations to help demonstrate compliance, is expected to be published in the coming months.

Compliance relief for SMEs

Under the provisional agreement, privileges for small mid-cap enterprises (SMEs), including startups, would extend to a new category of operator: the “small mid-cap” organization.

These include companies with fewer than 750 employees and less than EUR150 million in annual turnover or a EUR129 million balance sheet. Among the reliefs available to these organizations are simplified technical documentation requirements and more proportionate penalties for non-compliance.

Clarified oversight and market regulator responsibilities

The provisional agreement focuses on market oversight and regulation.

Among other changes, the provisional agreement would 1) postpone the national AI regulatory sandbox deadline for one year to August 2, 2027 and 2) create a new EU-level sandbox operated by the AI Office with priority access for SMEs, startups, and small mid-caps. This potentially reflects an aim to promote AI innovation by EU players.

The provisional agreement would also grant the AI Office supervisory authority over AI systems built on a general-purpose AI (GPAI) model by the same provider or corporate group, and over AI systems integrated into large online platforms or search engines under the Digital Services Act. National authorities would, however, retain oversight of law enforcement, border management, judicial, and financial supervision applications.

For organizations that both develop a GPAI model and deploy downstream systems built on it, the AI Office would serve as the primary body for compliance enforcement under the provisional agreement. Specific mechanisms for enforcement are expected to be established through subsequent implementing acts.

Next steps

The provisional agreement between the European bodies will take effect if it is formally endorsed. Should this occur, as with the AI Act, the text will undergo legal and linguistic review and adaptation before a final version can then be adopted. Upon adoption, the amendments would be published in the Official Journal of the European Union and enter into force after three days.

Notably, this must happen prior to August 2, 2026, as this is the date on which the obligations for high-risk AI systems (including those under Annex III, now subject to delayed application) are expected to apply under the original provisions of the regulation.

Implications for organizations

While the broad positions of the agreement have been established, the text continues to be finalized prior to publication. While small, there is a possibility that the provisional agreement will fail to be formalized by the August 2, 2026 deadline. In that case, the existing provisions would continue to apply.

After months of uncertainty, organizations can more reasonably use the provisional agreement to plan out their compliance timeline. In the near term, organizations are encouraged to consider 1) whether they are subject to the tightened timeframe applicable to providers subject to watermarking and labeling obligations or 2) whether they are required to take any action in response to the new prohibition on harmful content; both regulations take effect on December 2, 2026.

For more information

DLA Piper’s team of AI lawyers, data scientists, and policy advisers helps organizations navigate the complex workings of their AI systems and comply with current and developing regulatory requirements. The firm continuously monitors updates and developments arising in the AI space and their impact on industry across the world.

For more information on AI and the emerging legal and regulatory standards, please visit DLA Piper’s focus page on AI and “Algorithm to Advantage” portal.

Gain insights and perspectives that will help shape your AI strategy through DLA Piper’s AI ChatRoom series.

For further information or if you have any questions, please contact any of the authors.

Related insights

Publication

California Governor issues Executive Order on AI workforce disruption

27 May 2026 .4 minute read

Publication
Red optical fibre

Colorado pulls back on AI regulation

19 May 2026

Publication
Abstract architectural shapes

FTC AI-washing action underscores enforcement in business-to-business context

26 May 2026

Print

Related capabilities

Regulatory and Government AffairsArtificial Intelligence and Data Analytics