For Further Information Contact:
European Union: AI Act Amendments Approved – What Businesses Need to Know
29/06/2026On 16 June 2026, the European Parliament approved agreed amendments to the EU Artificial Intelligence Act as part of the wider Digital Omnibus on AI package.
The amendments are intended to simplify elements of the EU’s digital regulatory framework while preserving the core architecture of the AI Act. They also address practical implementation issues that have emerged since the legislation entered into force, including the availability of harmonised standards, regulatory readiness and the practical challenges businesses face in preparing for compliance.
While several important deadlines have now been extended, organisations should not view these changes as a delay to AI governance. Instead, the revised timetable provides businesses with additional time to strengthen internal AI governance frameworks, assess risk, and prepare for future compliance obligations.
More Time for High-Risk AI Compliance
One of the most significant changes concerns the implementation timetable for high-risk AI systems.
Standalone high-risk AI systems covered by Article 6(2) and Annex III are now expected to become subject to the relevant obligations from 2 December 2027.
These include AI systems used in areas such as:
Biometrics
Critical infrastructure
Education
Employment
Access to essential services
Law enforcement
Migration and border management
Administration of justice
High-risk AI systems embedded within products already regulated under existing EU product safety legislation will generally become subject to the AI Act from 2 August 2028.
Although these extensions provide welcome breathing space, organisations should continue identifying potentially high-risk AI systems, allocating responsibilities across the AI value chain and developing the governance, documentation and monitoring processes that will ultimately be required.
Transparency Obligations
The amendments also revise the timetable for certain transparency obligations.
The requirement for machine-readable labelling of AI-generated content under Article 50(2) has been postponed until 2 December 2026.
However, other transparency obligations remain scheduled to apply from 2 August 2026.
Businesses deploying generative AI should continue assessing:
whether AI-generated content is being produced;
what disclosures are required;
whether watermarking or labelling mechanisms should be implemented; and
how users are informed when interacting with AI-generated outputs.
New Prohibition on Harmful AI Content
The amendments introduce a new prohibition covering AI systems designed to generate certain harmful content, including:
non-consensual intimate material; and
child exploitation content.
The prohibition is expected to apply from 2 December 2026.
For AI developers and deployers, this reinforces the importance of considering not only intended functionality but also foreseeable misuse and the effectiveness of technical safeguards.
AI Literacy Requirements
The amendments also revise the AI literacy provisions contained in Article 4.
Rather than requiring organisations to ensure a sufficient level of AI literacy, the revised wording requires businesses to take appropriate measures to support AI literacy.
Although this represents a softer legal obligation, organisations should still be able to demonstrate that employees using, procuring or overseeing AI systems have received appropriate guidance and training.
Areas that businesses may wish to address include:
permitted and prohibited AI use;
confidentiality and data protection;
human oversight;
procurement controls;
escalation procedures; and
the risks of over-reliance on AI-generated outputs.
Bias Monitoring and Sensitive Data
A new Article 4a clarifies that special categories of personal data may be processed for the purpose of detecting and correcting bias, provided that strict necessity requirements are met and appropriate safeguards are implemented.
Businesses conducting bias testing should ensure that appropriate documentation supports:
the legal basis for processing;
data minimisation;
access controls;
retention policies; and
where required, Data Protection Impact Assessments (DPIAs).
Clarification of “Safety Component”
The amendments also provide additional clarity regarding what constitutes a “safety component” under the AI Act.
The revised approach focuses on whether an AI component is intended to prevent or reduce risks to health and safety.
This clarification should assist organisations when determining whether particular AI systems fall within the high-risk regulatory framework.
Additional Support for Small Mid-Cap Companies
The amendments extend certain compliance simplifications previously available only to SMEs to qualifying small mid-cap businesses.
Although these measures may reduce certain administrative burdens, affected organisations will still need to implement proportionate AI governance and compliance arrangements.
Expanded Role for the EU AI Office
The amendments strengthen the supervisory role of the EU AI Office, particularly regarding general-purpose AI models and AI systems connected to very large online platforms and search engines.
National competent authorities will continue to play an important role, but central oversight by the AI Office is expected to become increasingly significant as implementation progresses.
EU AI Database Registration
The requirement to register certain AI systems within the EU AI database has been retained.
Although the registration process is expected to become more proportionate, providers should continue incorporating registration obligations into their compliance planning where applicable.
Practical Steps for Businesses
The revised implementation timetable should be viewed as an opportunity rather than a delay.
Businesses should use the additional time to:
identify AI systems already in use;
classify AI systems according to risk;
establish AI governance frameworks;
implement AI literacy programmes;
review procurement processes;
assess transparency obligations;
strengthen monitoring and documentation; and
prepare for future regulatory milestones.
For many organisations, AI is already embedded within existing software, business processes and employee workflows. Understanding where AI is currently being used remains one of the most important first steps towards effective compliance.
The EU AI Act continues to represent one of the world’s most significant AI regulatory frameworks. While implementation timelines have evolved, the direction of travel remains unchanged: organisations should use the extended deadlines to build robust, practical and proportionate AI governance programmes before the next major compliance milestones arrive.
By Byrne Wallace Shields, Ireland, a Transatlantic Law International affiliated firm.
For further information or for any assistance please contact ireland@transatlanticlaw.com.
Disclaimer: Transatlantic Law International Limited is a UK registered limited liability company providing international business and legal solutions through its own resources and the expertise of over 105 affiliated independent law firms in over 95 countries worldwide. This article is for background information only and provided in the context of the applicable law when published and does not constitute legal advice and cannot be relied on as such for any matter. Legal advice may be provided subject to the retention of Transatlantic Law International Limited’s services and its governing terms and conditions of service. Transatlantic Law International Limited, based at 84 Brook Street, London W1K 5EH, United Kingdom, is registered with Companies House, Reg Nr. 361484, with its registered address at 83 Cambridge Street, London SW1V 4PS, United Kingdom.
