The impact of the AI Omnibus for employers

impact of the AI Omnibus

On 29 June 2026, the Council of the EU gave its final green light to the AI Omnibus, following the European Parliament’s approval on 16 June 2026. This means that the reform simplifying and amending several rules of the AI Act has now been formally adopted. Only the formal signature and publication in the Official Journal of the EU remain, after which the new rules enter into force three days later. 

The headline for employers is twofold: there is more time to prepare for high-risk AI obligations (which are very relevant for employers), but not everything is being postponed. 2 August 2026 remains an important date because the transparency obligations of the AI Act still take effect on that date.

What changes for employers?

1. High-risk AI for recruitment, monitoring and evaluating: more time

Most high-risk AI rules under Annex III of the AI Act were originally due to apply from 2 August 2026. The AI Omnibus postpones these deadlines. High-risk AI systems (Annex III), will now be subject to the AI Act's requirements from 2 December 2027. The postponement is intended to give European standard-setting bodies and national governance structures more time to get ready, although it doesn't remove the need to prepare.

For employers, Annex III is particularly relevant because it covers many HR-related AI systems. These include AI intended to be used for the recruitment or selection of candidates (for example, filtering applications, evaluating candidates or placing targeted job advertisements) as well as AI used to make decisions affecting employment relationships, such as promotion or dismissal decisions, task allocation based on individual behaviour or characteristics, and systems monitoring or evaluating employee performance or behaviour.

However, not every AI system used in an HR context automatically qualifies as a high-risk AI system. Article 6 of the AI Act introduces an important exception. An AI system listed in Annex III is not considered high-risk where it does not pose a significant risk to the health, safety or fundamental rights of individuals and does not materially influence the outcome of decision-making. This exemption may apply where the AI system merely performs a narrow procedural task, improves the result of a previously completed human activity, detects decision-making patterns without replacing or influencing human assessment, or performs only a preparatory task for an assessment, provided that meaningful human review remains in place.

Employers should therefore carefully assess the actual role played by an AI system in their HR processes. Tools that merely assist HR staff administratively or support decisions without materially influencing them may fall outside the high-risk regime. By contrast, AI systems that profile natural persons are always considered high-risk, even if one of the above exceptions might otherwise apply.

These High-risk AI systems will need to comply with a range of obligations under the AI Act. For providers, these include establishing a risk management system, ensuring data governance, maintaining technical documentation and record-keeping, providing appropriate information to deployers, implementing effective human oversight, and ensuring the system's accuracy, robustness and cybersecurity.

For employers, however, the obligations applicable to deployers are generally more relevant, as employers will typically use AI systems developed by third-party providers rather than placing them on the market themselves. Deployers need to take appropriate technical and organisational measures to ensure they use such systems in accordance with the instructions for use. They also need to assign human oversight to natural persons who have the necessary competence, training and authority, as well as the necessary support. Next, deployers of high-risk AI systems referred to in Annex III that make decisions or assist in making decisions related to natural persons shall inform the natural persons that they are subject to the use of the high-risk AI system.

Finally, where required under the AI Act, high-risk AI systems must be registered in the public EU database, enabling the European Commission to maintain oversight.

2. Transparency obligations: still on track for 2 August 2026

Unlike the high-risk rules, the transparency obligations are not postponed. They still apply from 2 August 2026, with only one narrow exception.

These obligations cover situations such as:

  • AI systems that interact directly with individuals: providers must ensure that individuals are informed when they are interacting with an AI system, unless this is obvious from the context.
  • AI-generated synthetic content (audio, image, video, text): providers must ensure the output is marked in a machine-readable way as artificially generated.
  • Emotion recognition and biometric categorisation: deployers using such systems must inform the individuals concerned.
  • Deepfakes: deployers must disclose that image, audio or video content has been artificially generated or manipulated.
  • AI-generated text published to inform the public on matters of public interest: this must be labelled, unless the text has undergone human editorial review and a person or organisation takes editorial responsibility for it.

These obligations are more directed towards AI providers and are less likely to affect employers than the high-risk obligations.

4. AI literacy: the obligation remains

The duty to ensure adequate AI literacy, in force since 2 February 2025, remains unchanged. Employers don't need to guarantee a specific level of AI knowledge for every employee, but they do need to take reasonable, proportionate measures to support it, taking into account people's existing knowledge, the context of use, and the roles involved. In practice, this typically means training, awareness-raising, or internal guidelines. AI literacy is not just an IT topic. HR staff, managers, and anyone interpreting AI output should be equipped to use it critically and responsibly.

5. More room to process sensitive data for bias detection

The AI Act already allowed providers of high-risk AI to process special categories of personal data, under strict conditions, to detect and correct bias. The AI Omnibus extends this possibility to all providers and deployers of AI systems and models, still only as an exception, only where strictly necessary, and only with appropriate safeguards. For employers, this is relevant when checking whether HR tools used in selection or evaluation processes produce discriminatory outcomes.

What should employers do now?

  • Map the AI systems used across the organisation and identify their purposes.
  • Check your role for each tool, provider or deployer, since obligations differ.
  • Prioritise transparency, as these obligations still apply from 2 August 2026, so make sure people are informed when they interact with AI or when content has been AI-generated or manipulated.
  • Keep investing in AI literacy through training and clear internal guidelines.
  • Use the extra time on high-risk AI wisely; the 2027/2028 deadlines feel distant, but classification, documentation, contractual arrangements with vendors, and human-oversight arrangements take time to put in place.