The Council of the European Union has agreed its negotiating position on a proposal to simplify the implementation of the EU Artificial Intelligence Act (AI Act) set out in the Council press release: position agreed to streamline rules on Artificial Intelligence as part of the Digital Omnibus within the EU’s wider regulatory simplification agenda. The Digital Omnibus seeks to clarify the current cumbersome legislative and regulatory framework (including the Data Act, Data Governance Act, Open Data Directive, Free Flow of Non-Personal Data Regulation, the GDPR, ePrivacy Directive, NIS2, CER, DORA and the AI Act) as well address and bolster the EU’s competitiveness. Importantly, it seeks to remove administrative burdens and promote a more proportionate and harmonised application of AI rules across Member States, while retaining core safeguards. Whilst the Digital Omnibus is an EU initiative – for UK organisations with customers in the EU or who transfer EU personal data, the proposals are strategically important, and the legislative developments should be carefully monitored. Further, in respect of AI and applicability of the AI Act, UK based organisations will be caught if the output of the AI system is used (or intended to be used) within the EU. We examine the key aspects of the initial Digital Omnibus proposals here: The EU Digital Omnibus - streamlining the data, cyber, and AI regulatory framework - Stevens & Bolton LLP. The Council position on the AI Act gives greater clarity for businesses and is step forward in finalising approach, but there is still some way to go before a final text is approved.
Amendments
The main amendments introduced by the Council include the following:
explicit banning of AI systems that generate non-consensual sexual and intimate content or child sexual abuse material, strengthening the AI Act’s protections against the most serious and harmful uses of AI;
a revised application timeline for high-risk AI systems, setting fixed application dates of 2 December 2027 for stand-alone high-risk AI systems and setting 2 August 2028 as the application date for high-risk AI systems embedded in products, this staged approach is intended to give providers and deployers greater legal certainty and preparation time;
reinstatement of compliance safeguards - restoring the obligation for providers to register AI systems in the EU database where they consider their systems exempt from high-risk classification and reinstating the requirement of “strict necessity” for processing special categories of personal data for bias detection and correction purposes;
governance - postponing the deadline for establishing national AI regulatory sandboxes until 2 December 2027 and clarification of the supervisory role of the AI Office for systems based on general-purpose AI models developed by the same provider, while stating areas where national authorities remain competent, including law enforcement, border management, judicial authorities and financial institutions; and
requiring the Commission to issue guidance to assist economic operators of high-risk AI systems in complying with the AI Act while minimising compliance burdens.
What’s next?
No final Digital Omnibus text on AI is in agreed form as yet; a view from the European Parliament is expected imminently with trialogue negotiations between the Council, European Parliament and the European Commission to follow. Businesses might consider a continued monitoring of the progression of the entire Digital Omnibus package, noting the proposed new AI Act timelines and insertions. We will continue our coverage of the Digital Omnibus as well as applicable guidance and press releases.
