The EU Council and Parliament reached political agreement on the AI Act "omnibus" — the legislative package that streamlines and simplifies the AI Act's implementation — on May 7, 2026. The omnibus was originally proposed November 19, 2025. The May agreement clarifies timelines that had been ambiguous.

That sounds boring. Read past it. The interesting numbers are elsewhere.

The numbers that matter

In Q1 2026 alone, EU member states issued 50 fines totaling €250 million. Most of these were for General-Purpose AI (GPAI) non-compliance. GPAI governance rules became applicable on August 2, 2025. The fines started landing immediately and have not slowed.

The full AI Act becomes applicable on August 2, 2026 — that's about ten weeks from today. Rules for high-risk AI systems in biometrics, critical infrastructure, education, employment, migration, asylum, and border control don't apply until December 2, 2027, per the May 7 omnibus.

So the timeline:

• Now: GPAI rules are enforced. Fines are landing.
• August 2, 2026: Most of the AI Act becomes fully applicable.
• December 2, 2027: High-risk system rules in specific domains kick in.

Why "simplified" and "fining people" aren't contradictions

A lot of US-based coverage has framed the omnibus as the EU "backing down" on the AI Act because of competitiveness concerns. That's a misread.

What the omnibus did: pushed back some compliance deadlines for specific high-risk categories, clarified ambiguous obligations, simplified the documentation requirements for certain SMEs, and adjusted reporting rules. What it did not do: weaken the actual obligations on general-purpose AI systems, weaken the prohibited-practices list (which has been enforced since February 2025), or reduce fine amounts.

The EU is going to enforce the AI Act. They're already doing it. The omnibus made the rules slightly easier to comply with — not optional.

What it means for non-EU companies

If you ship AI products into Europe, the EU AI Act applies to you. There is no "we're a US company" exemption. The Brussels Effect is doing what it always does.

The practical compliance steps for a non-EU company shipping AI into the EU look something like this:

• Determine if any of your products fall into the prohibited categories (social scoring, real-time biometric ID in public spaces, certain manipulation techniques). If yes, those products cannot operate in the EU regardless of compliance work.
• Determine if you have GPAI capabilities. If yes, transparency obligations (documentation, training data summaries, copyright compliance) apply now.
• Determine if any specific deployments are high-risk per Annex III. If yes, you have until December 2027 for the listed categories, but the conformity assessment paperwork takes longer than people expect.
• Establish an EU authorized representative if you have no EU presence.

That last one is the operationally hardest. The market for EU AI Act compliance representation is heating up. Expect the cost curve to look like GDPR-rep services did in 2018 — high until competition normalizes.

Why builders should not ignore this

Three reasons.

One: the fines are happening. €250M across 50 fines averages €5M per fine. Some are smaller. Some are much larger. None of them are theoretical anymore.

Two: the enforcement model is national-level. Each member state's AI office (or equivalent regulator) can fine separately. A single product that violates GPAI rules in three countries can collect three fines. The EU is one market for the obligation but 27 jurisdictions for the enforcement.

Three: penalty caps are high. Maximum fines under the AI Act run up to 7% of global annual turnover or €35M, whichever is higher, for the most serious violations. That number is designed to be uncomfortable for trillion-dollar companies. It would be catastrophic for a Series-B startup.

What I think

I think most US-based AI companies are going to be late to compliance, and a handful will get made examples of in the second half of 2026. The pattern in EU enforcement is to use early enforcement actions as deterrents — pick a few visible cases, fine them publicly, and watch the rest of the industry rush to comply. GDPR worked that way. The AI Act is going to work the same way.

If you ship AI products and have any EU users, the work to get compliant is not optional and not cheap. Start it in May 2026, not in July 2026.

Further reading

• European Commission — AI Act overview — the official source for the legislation
• Council of the EU — May 7 omnibus agreement — the simplification agreement
• Artificial Intelligence Act portal — running tracker of regulations and developments
• Holland & Knight — August 2026 compliance deadline — US-company perspective on compliance