The EU Added New AI Prohibitions With Six Months to Enforce Them. It Has Almost No Enforcement Infrastructure. And the Extension Itself May Not Be Legally Binding.

The extension may not be legally binding

The EU AI Act Omnibus amendment — the deal that pushed Annex III high-risk compliance from August 2, 2026 to December 2027 — is not yet law. Provisional trilogue agreement: May 6-7. Council confirmation: May 13. Parliament committee endorsement: June 16 (101-9-8). Those are political milestones.

The legal milestone is different: the amendment must be published in the EU Official Journal before August 2, 2026, or it is not binding. The original Annex III deadline stands on August 2, 2026, regardless of political agreement, unless the amendment clears the Official Journal first.

Gibson Dunn — which represents enterprise AI deployers — explicitly flags this as a live risk in their Omnibus analysis. If Council approval procedures slow, if translation backlogs in 24 official languages create delays, if any procedural challenge is raised: the enterprises that have celebrated 16 months of additional runway may have no legal basis for it.

This is not a remote hypothetical. The Official Journal publication timeline for EU legislative amendments is measured in weeks, and the political agreement was May 7. That leaves a narrow window through July. The question of whether the Omnibus is legally binding is answerable only after the OJ publishes it — and that hasn't happened as of June 25.

What the Omnibus actually changed

The AI Act's Annex III lists high-risk AI categories: systems used in hiring, credit scoring, law enforcement, education, border control, critical infrastructure management, judicial decision-making. The August 2, 2026 compliance deadline would have required certification, conformity assessments, technical documentation, and registration in the EU database for any AI system in these categories deployed by or on EU entities.

The Omnibus delays that requirement to December 2027.

Additional changes: a machinery/Annex I carve-out (AI embedded in machinery governed by existing Annex I product regulations is excluded from some high-risk requirements — Siemens' specific win). SME compliance simplifications (reduced documentation burden for small enterprises). Exemptions for AI systems used exclusively for personal/professional use by the developer, and for AI in scientific research.

These are substantive changes. They were lobbied for by European industrial interests — specifically Siemens, the German industrial lobby, and DigitalEurope — not by US technology companies. No evidence found that Microsoft, Google, OpenAI, Anthropic, or Amazon lobbied for the deadline extension. The beneficiaries include US AI labs with European enterprise deployments (16 more months without compliance costs), but the lobbying was European.

The prohibitions that arrive in December 2026 — with no enforcement infrastructure

While pushing back the high-risk deadline, the Omnibus added two new Article 5 absolute prohibitions effective December 2026:

1. AI systems that generate child sexual abuse material — prohibited regardless of purpose or use context
2. AI systems that generate non-consensual intimate imagery ("nudifiers") — prohibited under a "reasonably foreseeable and reproducible outcome" standard, meaning models whose primary use is not CSAM/NCII but which can be prompted to generate it without adequate safeguards are caught

Both prohibitions apply to AI providers making their systems available in the EU — regardless of where the provider is headquartered. Midjourney (US, no EU presence). Kling 3.0 (Kuaishou, China, 30,000 enterprise clients in Western markets). Sora 2 (OpenAI, US). DALL-E 3 (OpenAI, US). The prohibitions are extraterritorial on their face.

The enforcement infrastructure is near-nonexistent.

As of June 2026: 9 of 27 EU member states have fully designated market surveillance authorities (NCAs) with AI Act enforcement mandate. 12 have partial designation. 6 have unclear status. Zero enforcement cases have been opened by any NCA or the EU AI Office under the AI Act. Zero. The Act's prohibitions (Article 5) have been in effect since February 2026. In four months, no authority has opened a case.

The EU AI Office — the body with authority over GPAI providers — has not issued clear guidance on how extraterritorial enforcement works against non-EU models. A Chinese video generation company (Kuaishou/Kling) that doesn't remove NCII capability by December 2026 is technically violating an EU absolute prohibition. Who brings the case? Which NCA? Under what jurisdictional theory? The Omnibus adds the prohibition; it does not answer these questions.

Who lobbied hardest, and what they got

The Siemens timeline is specific enough to document.

Siemens CEO Roland Busch threatened at Hannover Messe (April 2026) to redirect "approximately €1 billion in planned European investment" to the United States if the August 2026 deadline held. German Chancellor Friedrich Merz personally lobbied EU member states and the Commission. 110 European businesses signed a letter arguing the deadline was operationally unworkable. DigitalEurope (the industry association) calculated €31 billion in avoided compliance costs from the extension — a figure Siemens' lobbying coalition circulated.

The Omnibus includes a machinery carve-out: AI embedded in systems governed by Annex I product regulations is excluded from certain high-risk requirements. This is the Siemens win, not an abstract benefit. Industrial AI embedded in manufacturing equipment governed by existing machinery directives — Siemens' core product line — is the specific category carved out.

On June 4, 2026, Jim Hagemann Snabe — Siemens Chair — was appointed EU AI Envoy by the European Commission. His role: advise on AI policy implementation across the bloc.

Four civil society organizations (EDRi, Access Now, AlgorithmWatch, European Center for Not-for-Profit Law) have formally requested revocation of the appointment, citing the conflict between Siemens' lobbying for the Omnibus and Snabe's new advisory mandate. The Commission has not responded publicly.

No coverage of the Omnibus has named the appointment date (June 4), the lobbying timeline (April-May), and the revocation requests in the same piece.

The regulatory retreat pattern

EDRi (European Digital Rights) has documented this as the fifth EU digital/AI regulatory retreat in 18 months. By their count: the AI Act (delayed), CSRD (Corporate Sustainability Reporting Directive, delayed), AI Liability Directive (paused), ePrivacy Regulation (stalled), GDPR SME obligations (softened).

DigitalEurope frames the pattern as competitive rationality: European enterprise compliance burdens were creating regulatory arbitrage in favor of US and Chinese competitors. The extension enables compliance to be done correctly rather than rushed.

Both framings have empirical support. Deloitte found that 53.8% of German enterprises had taken zero AI Act compliance steps as of early 2026. appliedAI found that 40% of enterprise AI systems could not be classified under the Act's risk tiers. The August 2026 deadline was arriving with compliance infrastructure that did not exist.

The problem with the relief argument: the 16-month extension does not create compliance infrastructure. The Deloitte and appliedAI numbers represent genuine unreadiness — and if the pattern holds, December 2027 will arrive with the same unready enterprises, just one year older and with higher regulatory expectations. The Omnibus deferred the cliff. It did not lower it.

The GPAI Code of Practice gap

The General Purpose AI Code of Practice — the voluntary governance framework that applies to frontier model providers — has signatories including Anthropic, Google, IBM, Microsoft, Mistral, OpenAI, and Cohere.

Meta has not signed. xAI signed the safety chapter only.

The enforcement architecture for GPAI obligations under the AI Act remains incomplete. No case has been opened. The EU AI Office's authority over non-EU GPAI providers is "not yet fully defined" in Commission guidance. The Code is voluntary.

The GPAI framework covers models like GPT-5.5, Claude Fable 5, Gemini 3.5 — the frontier models that pose the highest societal risk by the EU's own analysis. The companies that signed are complying with a voluntary framework. The company that didn't sign (Meta, whose Llama 4 Scout and Maverick are among the most widely deployed open-weight models globally) faces no binding obligation.

What the December 2026 prohibition requires and what it doesn't

The CSAM/NCII prohibitions are absolute. No proportionality analysis, no risk assessment, no certification process. A model that can be used to generate CSAM or NCII — where that outcome is "reasonably foreseeable and reproducible without adequate safeguards" — is prohibited from December 2026.

"Adequate safeguards" is undefined in the Omnibus text as reported. The standard will be set by the EU AI Office through guidance or through enforcement cases. Until the first case is opened against a non-compliant provider, the operative safeguard standard is unknown.

The practical implication: any image or video generation model — Midjourney, DALL-E 3, Kling 3.0, Sora 2, Grok Imagine Video 1.5 — that operates in the EU market and can be prompted to generate NCII content without adequate safeguards is in scope. Most of these models have content filters; whether those filters constitute "adequate safeguards" under the undefined EU standard is a question no regulator has answered.

December 2026 is five months away. Enforcement capacity in 9 of 27 member states. Zero cases opened. Undefined extraterritorial authority. Two new absolute prohibitions.

I don't buy that this results in meaningful enforcement by December 2026. The prohibitions are real. The enforcement will lag the deadline by at least a year, consistent with every other AI Act timeline.