EU softens AI Act, fast-tracks ban on AI 'nudifier' apps

European Union negotiators struck a provisional deal on May 7 to rewrite parts of the bloc's landmark AI Act, pushing back compliance deadlines for high-risk systems by roughly 16 months while adding an outright ban on AI tools that generate non-consensual sexual deepfakes.euronews The "Digital Omnibus" package eases pressure on companies that faced an August 2, 2026 enforcement cliff, but tightens the screws on a category of apps that has exploded into a continent-wide abuse problem.[15]

High-risk obligations slip to late 2027

Rules covering AI used in employment, education, health insurance, biometrics, critical infrastructure, law enforcement and border management will now apply from December 2, 2027, rather than this summer.euronews AI embedded in regulated physical products like medical devices and industrial machinery gets even longer, with obligations delayed until August 2028.euronews Watermarking requirements for AI-generated content, also originally due in August, slip to late 2026.[15]

The scope of "high-risk" itself has narrowed: only systems whose failure would create genuine health or safety risks face the full regime, and machinery has been carved out of the AI Act entirely after lobbying from companies including Siemens and ASML.euronews Cyprus, which holds the rotating Council presidency, framed the deal as reducing "recurring administrative costs" and bolstering EU "digital sovereignty".[10] Green MEP Sergey Lagodinsky called the machinery carve-out a "first step into fragmenting AI regulation".euronews

A direct response to Grok's deepfake flood

The most consequential addition is a new prohibition on AI systems "specifically designed" to generate non-consensual intimate imagery — images, video or audio — taking effect December 2.[10][11] Providers must build permanent safety blocks into model architecture, assess "foreseeable misuse" before release, and prevent users from bypassing filters with prompt tricks. Non-compliance carries fines of up to €35 million or 7% of global turnover.[11]

The move follows public outrage after Elon Musk's Grok chatbot was used in early 2026 to generate roughly 6,700 sexualised images per hour on X, including some involving children, prompting a formal European Commission investigation.[11] A 2026 UNICEF study found at least 1.2 million children across 11 countries had their images manipulated into sexual deepfakes in 2025, and women and girls account for 99% of deepfake victims.[11]

Businesses get breathing room, with strings

For most firms the package means simpler technical documentation, broader access to regulatory sandboxes, and proportional obligations scaled to company size.euronews But the deal extends a period of legal uncertainty: Parliament cannot unilaterally rewrite EU law, and the text still needs formal approval from member states and a plenary vote.[15] Critics, including consumer advocates and the EUobserver, read the softening as Brussels yielding to Big Tech pressure.euronews Lagodinsky, who said he can "live with" the outcome, warned against making reopening the rulebook a habit: "the integrity of this process should not be put into question".euronews