The AI Act Is Being Weakened Before It Starts
EDRi says the EU AI Omnibus would delay high-risk AI safeguards and reduce public transparency. That is not boring Brussels plumbing. It is where accountability disappears.
Europe has a bad habit of doing the important part after the headline.
Pass the law. Celebrate the law. Then, months later, reopen the boring implementation details where lobbyists can sand down the parts that were supposed to matter.
That is why the AI Omnibus is worth paying attention to. European Digital Rights says EU institutions reached a final deal on the file on 7 May 2026, presented as technical simplification of the AI Act. EDRi argues the deal should be rejected because it delays key protections, weakens transparency, and sets a precedent for reopening digital-rights laws before they even apply.
This is not exciting in the normal tech-news sense. No dramatic breach. No leaked database. No startup demo. Just legislative plumbing.
Unfortunately, legislative plumbing is where a lot of privacy protections go to die.
The dangerous word is simplification
Simplification sounds harmless. Sometimes it is useful. Nobody should defend broken paperwork just because it has the word rights attached to it.
But EDRi's complaint is more specific: the Omnibus is not only cleaning up process. It would delay obligations for many high-risk AI systems until 2 December 2027, and push some Annex I systems to 2 August 2028. It would also reduce what providers have to upload to the public AI database.
That matters because the AI Act's high-risk category covers systems that can affect people in workplaces, public services, health, education, policing, migration, and the justice system. These are not toy use cases. They are places where a bad model can quietly change who gets questioned, ranked, denied, watched, or ignored.
Transparency is the bit that lets outsiders see what is happening. Regulators need it. Researchers need it. Civil society needs it. Affected people need it most of all, although they are usually the last to find out which automated system touched their life.
If the public database contains less information, fewer people can check whether providers are classifying systems correctly. That is the boring version of losing accountability: not because anyone deleted the right on paper, but because the evidence trail got thinner.
High-risk AI does not pause while Europe debates
The uncomfortable part is timing.
AI systems are already being deployed. Employers are buying monitoring and allocation tools. Public bodies are experimenting with automation. Schools, hospitals, welfare offices, police departments, migration agencies, and courts are all under pressure to do more with less. AI vendors are very happy to offer them a dashboard.
Delaying safeguards does not freeze the market. It just gives the market more time to normalize systems before the strongest rules bite.
That is how bad defaults become infrastructure. A workplace tool becomes standard procurement. A public-service classifier becomes the normal way to triage cases. A risk score becomes one more field in a case-management system. By the time safeguards arrive, everyone is told that changing the system would be disruptive.
We have seen this pattern before with tracking ads, data brokers, facial recognition, workplace monitoring, and platform moderation. First the system appears. Then it scales. Then people ask for rules. Then the rules are treated as an implementation burden because the system is already everywhere.
The AI Act was supposed to stop at least some of that. Weakening the implementation before the important parts apply is a strange way to prove Europe is serious about trustworthy AI.
Sensitive data is the other trap
EDRi also points to a derogation for processing special categories of personal data for bias detection and correction. Bias testing is real work. You cannot test discrimination by pretending sensitive data does not exist.
But that does not make sensitive data harmless. Health status, ethnicity, sexual orientation, political opinions, and similar data deserve strict handling because they can be abused even when the original reason for collecting them sounds decent.
The risk is normalization. If every AI pipeline can argue that it needs sensitive data for fairness work, then sensitive data stops being exceptional. It becomes another ingredient.
That is a terrible direction unless the controls are sharp: narrow purpose, minimal retention, strong access limits, auditability, and consequences when the data escapes its stated use. Europe should be able to say both things at once: bias detection matters, and sensitive data should not become cheap fuel for model development.
This is bigger than the AI Act
The most worrying part is the precedent.
If a major digital-rights law can be reopened before its key safeguards apply, every future implementation phase becomes a second lobbying round. Companies lose the political fight, wait for the technical process, and try again under the banner of competitiveness or simplification.
That is not a stable rulebook. It is a permanent negotiation.
For Europeans, this should feel familiar. The GDPR is strong on paper and uneven in practice. ePrivacy has been stuck in political mud for years. Spyware keeps surfacing. Workplace surveillance keeps creeping. Data brokers keep finding seams. The problem is rarely that Europe lacks slogans about rights. The problem is enforcement, transparency, and the political will to make rules hurt when they are ignored.
So yes, the AI Omnibus sounds boring. That is exactly why it matters.
A law that says people have rights is only useful if someone can see when those rights are being bypassed. If the database gets thinner, deadlines move out, and sensitive data rules get softer, the public will not experience that as simplification. They will experience it as another automated decision they cannot inspect, challenge, or understand.
Europe does not need to choose between AI and rights. It does need to stop treating rights as the part that can be delayed whenever the implementation spreadsheet gets inconvenient.