EU AI | The One Lab - Cybersecurity

Understanding the “Digital Omnibus on AI”: Key Compliance Deadlines Enforced for High-Risk Systems (2027) and Smart Integrated Products (2028).

Global software compliance and smart hardware market access have reached a pivotal milestone. The European Commission has welcomed the political agreement reached between the European Parliament and the Council of the EU on simpler, innovation-friendly rules for artificial intelligence (AI).
Part of the EU’s simplification agenda to boost Europe’s competitiveness, the newly proposed “Digital Omnibus on AI” aims to ease the administrative burden of the AI Act for businesses while robustly safeguarding society, safety, and fundamental rights. Furthermore, the agreement institutes an outright ban on “nudification” applications to protect citizens.

4 Crucial Takeaways from the EU AI Act Simplification

1. Launch of the “Digital Omnibus”

Proposed just five months ago, this initiative streamlines compliance and implementation procedures for EU businesses. It reduces regulatory hurdles—particularly benefiting SMEs—while maintaining stringent protections for safety and fundamental rights.

2. Strict Ban on AI ‘Nudification’ Apps

In a decisive move to protect privacy and human dignity, the agreement strictly bans deepfake “nudification” applications that generate non-consensual explicit imagery using artificial intelligence.

3. Timeline for High-Risk AI Systems

A definitive implementation roadmap has been established. AI systems utilized in designated high-risk infrastructure—such as biometrics, critical infrastructure, education, employment, migration, asylum, and border control—must fully comply by December 2, 2027.

4. Timeline for Integrated Hardware Products

For AI systems embedded into physical consumer or industrial products, such as lifts, medical devices, or toys, the compliance rules will apply starting August 2, 2028. This phased sequencing ensures technical testing standards and verification tools are well-established before enforcement.

⚠️ THE ONE Compliance Insights & Recommendations

The EU’s decision to sequence the enforcement dates (2027 for standalone software systems and 2028 for embedded hardware) highlights the regulatory body’s awareness that technical standards must mature before physical CE-marking conformity assessments can begin.

For manufacturers exporting smart connected products, IoT devices, or interactive consumer goods (such as smart toys) to the European market, early-stage compliance architecture is critical. The simplified rules imply a more streamlined but precise enforcement mechanism. We strongly advise international brands to begin auditing their AI functionalities against the high-risk categorization criteria today.

For further inquiries, please contact:
Email：Charles.liao@theonelab.co
Phone：(02)8601-2828

As artificial intelligence continues to grow rapidly, the European Union has introduced the EU AI Act, the world’s first comprehensive regulation on AI.

The regulation officially entered into force in 2024 and will be implemented in phases over the next few years. Businesses that develop or use AI-related products are encouraged to start paying attention to the timeline and potential impact.

📅 Key Timeline (Simplified)

2024

August 1, 2024 – Regulation enters into force
Transition period begins (approx. 2 years)

👉 At this stage:
Preparation phase. Most obligations are not yet enforced.

2025 (First wave of enforcement)

February 2, 2025 – Prohibited AI practices banned
- Examples: social scoring, manipulative AI systems

👉 In short:
The most harmful AI uses are banned first

August 2, 2025 – Generative AI requirements begin
- Transparency obligations
- Disclosure of training data (where applicable)
- Copyright compliance

👉 Focus:
General-purpose AI (e.g. ChatGPT-like models) comes under regulation

⭐⭐2026 (Main obligations apply)

August 2, 2026 – Most AI rules become fully applicable
- High-risk AI requirements (risk management, documentation, testing, etc.)

👉 This is the key milestone for most businesses

2027 (Extended deadlines for certain sectors)

Additional time for AI embedded in regulated products
(e.g. medical devices, machinery)

👉 Industry-specific AI may have longer timelines

🧭 What Should Businesses Do?

You should start paying attention if your product or service:

Uses AI (e.g. recommendation systems, chatbots, image recognition)
Integrates generative AI tools
Impacts decision-making, safety, or user rights
(e.g. finance, hiring, healthcare)