The EU just admitted its landmark AI law was unenforceable on the original timeline. But while regulators gave companies 16 extra months on hiring and healthcare AI, they fast-tracked a ban on nudifier apps after Grok generated 3 million sexual images in 11 days.

The first formal amendments to the EU AI Act since adoption in June 2024 were finalized in a provisional agreement reached at 4:30 AM on May 7. Negotiators from the Parliament, Council, and Commission hammered out what they're calling the "Digital Omnibus on AI."

The headline change: high-risk AI systems in hiring, education, healthcare, and insurance underwriting get their deadline pushed from August 2, 2026 to December 2, 2027. That's a 16-month extension. Regulated products like medical devices and elevators get pushed from August 2027 to August 2028.

Why the delay? CEN-CENELEC, the standards body responsible for creating harmonized standards, missed their August 2025 target. They adopted accelerated procedures in October 2025, but key drafts still aren't available. Translation: regulators couldn't write the rules fast enough for their own law.

But here's what didn't get delayed: the nudifier ban. The EU created an entirely new category of prohibited AI practices, specifically banning systems that generate non-consensual intimate imagery. This was a direct response to the Grok scandal that produced an estimated 3 million sexualized images in 11 days.

The ban also covers AI-generated child sexual abuse material and takes effect December 2, 2026. Same hard deadline as watermarking requirements. No extensions, no flexibility.

The message is crystal clear: the EU will bend on compliance deadlines for business applications, but not on AI-generated abuse imagery. When it comes to protecting people from non-consensual sexualization, there's no grace period.

Watermarking obligations under Article 50(2) affect every foundation model provider. Systems already on the EU market get a deferral only to December 2, 2026. New systems must comply from day one. OpenAI, Anthropic, Google, and Meta all have exactly seven months to figure out synthetic content marking.

MEP Michael McNamara warned that routing AI governance through sector-specific legislation could be "deregulatory rather than simplifying." Over 40 civil society organizations raised concerns during negotiations. They're right to worry.

The pattern is becoming clear: when AI regulation hits business interests, deadlines become flexible. When it hits social harms, deadlines become sacred. The EU extended high-risk AI compliance by 16 months because standards bodies couldn't keep up. But they'll ban nudifier apps on schedule because democracy can't wait for bureaucracy.

That's not inconsistency. That's priority signaling. The EU cares more about protecting citizens from AI-generated abuse than protecting businesses from compliance costs. And honestly, that's exactly how it should work.