Omnibus VII — What Changed in the EU AI Act
Overview of amendments to the EU AI Act adopted through the Omnibus VII package in March 2026 — new deadlines, simplification for small businesses, and changes to prohibited practices.
Source documentWhat is Omnibus VII?
Omnibus VII is a legislative package adopted by the European Parliament in March 2026 that amends multiple EU regulations simultaneously, including the EU AI Act (Regulation 2024/1689). Its official name is the Omnibus Simplification Regulation.
The package is a response to pressure from industry and Member States to simplify regulatory obligations, particularly for small and medium-sized enterprises (SMEs), and to align deadlines with the actual readiness of the market and standardisation bodies (CEN/CENELEC).
Key Changes
1. Deadline Extensions
The most significant change involves new application deadlines:
| Obligation | Previous Deadline | New Deadline | Extension |
|---|---|---|---|
| Transparency obligations (Art. 50) | 2 August 2026 | 2 November 2026 | +3 months |
| High-risk AI obligations (Art. 6-49) | 2 August 2027 | 2 November 2027 | +3 months |
| GPAI obligations (Art. 51-55) | 2 August 2025 | Unchanged | — |
| Prohibited practices (Art. 5) | 2 February 2025 | Unchanged | — |
Why the extension? Delays in the CEN/CENELEC harmonised standards — without standards, companies cannot know precisely how to comply. The Commission assessed that an additional 3 months were the minimum necessary.
2. Simplification for SMEs
Omnibus VII introduces relief measures for small and medium-sized enterprises:
- Reduced documentation requirements for SMEs using high-risk AI systems as deployers
- Simplified FRIA (Fundamental Rights Impact Assessment) for companies with fewer than 50 employees
- Extended transitional period for SMEs using AI systems placed on the market before entry into force
3. New Prohibition — Nudifier AI (Art. 5(1)(i))
Omnibus VII adds a new prohibited practice to Article 5:
The placing on the market, putting into service or use of AI systems that generate synthetic sexually explicit images or videos of persons without their explicit consent is prohibited.
This prohibition covers:
- Nudifier tools (AI undressing)
- Deepfake pornography without consent
- Generation of child sexual abuse material (CSAM)
For more details, see the dedicated article: Nudifier Ban — New Prohibition in Art. 5
4. AI Literacy — Clarifications
Omnibus VII clarifies the AI literacy obligation under Article 4:
- The obligation applies to all organisations using AI systems, regardless of the risk level
- It is clarified that "sufficient measures" refer to the context of use, not to a formal training programme
- SMEs may use free resources from the AI Office instead of their own programmes
What Remains Unchanged
- Classification of high-risk AI systems (Art. 6 + Annex III) — no changes
- Penalties for non-compliance (up to EUR 35M or 7% of global turnover) — no changes
- Obligations for providers of GPAI models — no changes
- Role and powers of the AI Office — no changes
- RMF requirements (Art. 9) — no changes
Practical Implications
For compliance timelines
If you are planning your compliance journey, the new deadlines mean:
- By 2 November 2026 — Comply with Art. 50 (transparency): watermarking, labelling AI-generated content
- By 2 November 2027 — Comply with Art. 6-49 (high-risk): QMS, technical documentation, FRIA, post-market monitoring
- Already in effect — Art. 5 (prohibitions) and Art. 4 (AI literacy) are in force
For ComplianceForge users
Your compliance score and action plan automatically reflect the new deadlines. Priorities remain the same:
- Check whether you fall under prohibited practices (Art. 5)
- Classify your AI systems
- Start documentation based on your risk profile
Sources
Need compliance documentation?
Generate AI Inventory, Risk Assessment and other documents automatically — tailored to your system.