EU Locks In AI Act Simplification: New Deadlines, Wider SME Relief, New Bans

·BrainMap Team

Featured Cover Image

On June 29, the Council of the EU gave its final green light to the AI Act simplification package, following the European Parliament's endorsement on June 16. Publication in the Official Journal is expected in July, just ahead of the August 2 milestone in the Act's original timeline. "Simplification" is the headline, but the package moves deadlines in both directions — some obligations got relief, others arrive sooner, and one new prohibition landed outright.

What Actually Changed

Three changes matter most for software teams. First, the simplified compliance framework for SMEs now extends to companies with up to 750 employees and €150 million in annual revenue — a large share of the European software industry now qualifies for simplified guidance, reduced fines, regulatory sandbox access, and standardized documentation templates. Second, the grace period for providers to implement transparency solutions for AI-generated content was cut from six months to three, with the deadline now December 2, 2026 — content labeling just moved from "next year's problem" to this year's roadmap. Third, AI systems that generate nude images of real people, or edit clothing out of photos, are banned outright as of December.

Meanwhile the deadline for member states to stand up national AI regulatory sandboxes slipped to August 2, 2027 — regulators gave themselves the extension they trimmed elsewhere.

EU AI Act updated timeline diagram
Caption: Relief and acceleration in the same package — wider SME thresholds, a shorter transparency runway, and a December prohibition.

The Signal Behind the Rules

The EU is converging on a pattern: lighter procedure, harder red lines. Extending SME relief while banning deepfake nudity tools in the same regulation says compliance burden is negotiable, but specific harms are not. For anyone shipping generative features into the EU, the December 2 transparency deadline is now the binding constraint — and unlike much of the Act, it names a concrete, testable capability: marking artificially generated content as such.

Engineering Tip: Turn the Compliance Calendar Into Code

Regulatory deadlines behave like dependencies with EOL dates, so track them the same way. Put each applicable obligation in your issue tracker with the statutory date, an owner, and a definition of done ("all image outputs carry C2PA provenance metadata" is testable; "comply with transparency rules" is not). For the December deadline specifically: inventory every surface where your product emits generated text, images, or audio; decide your marking mechanism (metadata, visible labels, or both); and add a CI check that fails when a generative endpoint ships without it. Classify your features against the Act's risk tiers now, while the choice of tier can still influence the design.

Sources: Council of the EU, Inside Privacy, DLA Piper.

What do you think? Does raising the SME threshold to 750 employees make the AI Act workable — or just quieter?

Ready to organize your knowledge with AI?

BrainMap automatically classifies your notes, discovers connections, and builds your personal knowledge graph. Free to start — no credit card required.

Start for Free

Related Articles