EU agrees on AI Act reform: sexualized deepfakes banned, but high-risk deadlines pushed back by years
What it really says
In the early morning hours of May 7, 2026, the European Parliament and the Council of the EU reached a provisional agreement on the Digital Omnibus on AI - a comprehensive reform package that amends the AI Act in several key areas. The most important changes: First, an explicit ban on so-called nudifier apps is introduced for the first time in EU legislation. AI systems that generate intimate or sexualized depictions of identifiable persons without their consent are prohibited. The ban explicitly covers AI-generated child sexual abuse material. Companies have until December 2, 2026 to bring their systems into compliance. Violations face fines of up to 35 million euros or 7 percent of global annual turnover. Second, deadlines for high-risk AI systems are significantly pushed back: obligations originally planned for August 2026 for high-risk systems in areas such as biometrics, employment, education, and law enforcement are postponed to December 2027. For AI in regulated products such as machinery and medical devices, the deadline extends to August 2028. Third, the machinery sector receives broad exemptions from the AI Act, as strict sectoral safety regulations already apply. Fourth, from August 2026, all AI-generated content must carry watermarks, with a transitional period until December 2026 for existing systems. SMEs with fewer than 750 employees or under 150 million euros in revenue receive additional relief. Formal adoption by Parliament and Council is expected before August 2, 2026.
Our assessment
This agreement is a classic EU compromise with both positives and negatives. The good news: the explicit ban on nudifier apps is overdue and addresses a real problem. The spread of AI-generated sexualized deepfakes has increased dramatically in recent months - not least through systems like Grok's image generator, which at times had virtually no restrictions. That violations can be punished with up to 35 million euros or 7 percent of annual turnover gives the regulation real teeth. The watermarking requirement for AI content is also an important step toward transparency. The downside: pushing back high-risk deadlines by up to two years is a significant concession to industry. Critics like the civil rights organization Access Now warn that the relaxations are the result of intensive lobbying by major tech companies. In practice, this means AI systems that make decisions about job applications, process biometric data, or are used in law enforcement will not be subject to full transparency and safety requirements until the end of 2027. For citizens, this means protection from the riskiest AI applications comes later than promised. The exemptions for the machinery sector are understandable, as this sector is already heavily regulated. Overall, the agreement shows the EU is maintaining its regulatory ambition while becoming more pragmatic - whether that is wise or too lenient will only become clear in implementation.
Relevance for Germany
Directly relevant for Germany. For Germany's export-oriented industry and mechanical engineering sector, the exemptions are a relief: companies do not have to comply with both the AI Act and existing product safety regulations simultaneously. For SMEs, which form the backbone of the German economy, the easing provides planning certainty. The extended deadlines give German companies more time for implementation - the Federal Ministry of Economics and the BDI industry association had demanded exactly this. On the other hand, the postponement means Germans in job application processes, credit assessments, or interactions with AI systems in public administration will have to wait longer for full regulatory protection. The German Data Protection Conference had already expressed concerns about the weakening. The nudifier ban is also relevant for Germany: according to a study by the German Children's Fund, 18 percent of surveyed young people in 2025 had already encountered AI-generated deepfakes in their environment. The watermarking requirement affects all German companies that generate or distribute AI content.
Fact check
The agreement of May 7, 2026 is documented through the official European Parliament press release as the primary source and is consistently reported by netzpolitik.org, t3n, Heise Online, Brussels Signal, DATEV Magazin, and the Renew Europe group. Core facts - nudifier ban from December 2, 2026, postponement of high-risk deadlines to December 2027 and August 2028 respectively, machinery sector exemptions, watermarking requirement - are consistent across all sources. The penalty threat of 35 million euros or 7 percent of annual turnover comes from the existing AI Act framework for prohibited practices. Limitation: this is a provisional political agreement that still requires formal adoption by Parliament and Council. This is generally considered a formality, but the final legal text may differ in details from the reported key points.
Source
- • European Parliament Press Release 07.05.2026 (europarl.europa.eu/news/en/press-room/20260427IPR42011/ai-act-deal-on-simplification-measures-ban-on-nudifier-apps)
- • netzpolitik.org 07.05.2026 (netzpolitik.org/2026/ki-verordnung-eu-parlament-und-rat-einigen-sich-auf-gelockerte-pflichten-fuer-die-industrie/)
- • t3n 08.05.2026 (t3n.de/news/deepfake-verbot-was-ki-anbietern-in-der-eu-ab-ende-2026-drohen-koennte-1741449/)
- • Heise Online 07.05.2026 (heise.de/en/news/Omnibus-AI-Act-Deadline-extension-and-deepfake-ban-11212363.html)
- • Brussels Signal 07.05.2026 (brusselssignal.eu/2026/05/eu-bans-ai-nudifier-apps-and-delays-wider-ai-act-rules/)
- • DATEV Magazin 07.05.2026 (datev-magazin.de/nachrichten-steuern-recht/recht/kuenstliche-intelligenz-rat-und-parlament-einigen-sich-auf-vereinfachung-und-straffung-der-vorschriften-146563)
- • Renew Europe Press Release 07.05.2026 (reneweuropegroup.eu/news/2026-05-07/ai-omnibus-deal-puts-an-end-to-nudifiers)