The Headline Is Relief; the Body Is Tightening

The Council of the EU gave final approval to the AI Act simplification package, the Digital Omnibus, on June 29, 2026, after the Parliament passed it on June 16. The package enters into force three days after publication in the Official Journal, and its headline is deadline relief. Annex III, which governs use-based high-risk obligations, sees its compliance deadline slip from August 2, 2026 to December 2, 2027 — sixteen months. Annex I, the product-regulation track, moves from August 2, 2027 to August 2, 2028, a full year.

What the relief coverage obscures is a tightening. Article 5, which sets out the prohibitions that apply immediately, now adds bans on AI-generated non-consensual intimate imagery — so-called nudifiers — and child sexual abuse material (CSAM). What got postponed is the documentation and assessment burden of the high-risk tier, not the Article 5 prohibitions. For any agent or service with an image or multimodal generation feature attached, these bans bite the moment the package takes effect.

Why "Postponed, So Later" Is the Wrong Read

The most common misreading is that because high-risk obligations moved to late 2027, compliance as a whole can wait. Article 5 prohibitions are not items that pass through classification or conformity assessment; they are absolute red lines that trigger enforcement the instant they are crossed. Lump the postponed items and the immediately applicable ones into one calendar, and you sit exposed to a prohibition while believing you still have runway.

Operationally, this post is about implementing refusal policy, not resequencing deadlines. Many services carry refusal rules on the text prompt but nothing of equal strength on the image generation and editing paths, on transform paths that take an uploaded image as input, or on paths that call a third-party image model. The prohibited output is an image or multimodal artifact, not text — so the defensive line has to sit on those paths.

Moving an Immediate Prohibition Into Refusal Policy

In planning, split the postponed obligations and the immediate prohibitions into physically separate tracks. Keep the high-risk obligations (Annex III, December 2, 2027; Annex I, August 2, 2028) on a documentation-and-assessment calendar, but promote the Article 5 response to a distinct item that executes the day the package takes effect. Nail the target metrics to observable numbers: refusal rate on prohibited categories at 99% or higher against a red-team prompt set, bypass success rate at 0%, multimodal path coverage at 100%, and evidence-preservation rate at 100% when an incident fires. Measure refusal rate but skip path coverage, and every untested input path becomes a blind spot.

Failures show up along four seams. First is the misread above — deferring the prohibition response on the strength of the relief and getting exposed. Second is having text guardrails only, with no refusal testing on the image generation and editing paths at all, so a high text refusal rate sits next to an unguarded image output. Third is a multi-step path — an uploaded image turned into a caption and handed back to generation — that slips past the text filter because the whole path was never bound under one policy. Fourth is routing through a third-party image model or external tool with no call-and-block logging, leaving no evidence of what was stopped, or how, when an incident occurs.

Design recovery to pair blocking with preservation. Requests classified into a prohibited category are refused outright — no retry, no softened alternative render — and failures close only in the safe direction so no bypass prompt leaks out as a substitute output. In parallel, define a minimal evidence record on each refusal event: category, input path, model ID, and block timestamp, while never storing the harmful content itself. When a third-party model is called, pass request and response through a proxy layer under policy so an external hop never becomes a logging gap.

Fix the operations checklist as pre-deployment scenario testing on a per-path basis. Text input, pure image generation, uploaded-image editing, image-to-image transform, and third-party routing each get the red-team prompt set run against them, with refusal rate and coverage tallied separately per path. The log schema keeps refusal category, input path, model ID, and block flag as required fields, so text-path and multimodal-path metrics land on the same dashboard. Given the sensitivity, the evidence-preservation fields must carry only metadata that excludes PII and the original harmful artifact.

Treat the improvement loop as a living asset built around the red-team set. Newly observed bypass-attempt patterns get reinjected into the refusal test set on a weekly cadence, and every time a new image or multimodal feature is attached, its path coverage is restored to 100% before release. If bypass success rate rises above zero even once, the release gate blocks it, and the change log records which path was breached as the basis for the next prompt-set update.

The replan checklist reduces to three lines. (1) Have you split the postponed high-risk obligations from the immediately applicable Article 5 prohibitions into separate tracks? (2) Do all four paths — text, image generation, image editing, third-party routing — carry refusal tests at 100% coverage? (3) Is the minimal evidence for refusal events preserved without the original harmful artifact, with logging that follows through to third-party hops? If any answer is not yes, the relief news signals an exposed gap, not preparation time.

The Core of the Recheck

The Digital Omnibus headline is relief, but Article 5 prohibitions apply the moment they take effect. The priority is not a documentation deadline; it is a policy that refuses nudifier and CSAM generation across every image and multimodal path. Pin the metrics — refusal rate 99%+, bypass success 0%, path coverage 100%, evidence preservation 100% — and pass the replan checklist that separates postponed items from immediate bans before you allow yourself the comfort of the high-risk delay.

References

EU AI Act Omnibus Agreement — Postponed High-Risk Deadlines and Other Key Changes — Gibson Dunn

EU AI Act Update: Timeline Relief, Targeted Simplification, and New Prohibitions — Inside Privacy