EU Agrees on Watered-Down AI Act, Bans Deepfake Porn

The European Union has reached a preliminary agreement on a significantly scaled-back version of its landmark AI Act, pushing major compliance deadlines for high-risk AI systems from August 2025 to late 2027. The deal, struck after late-night negotiations between EU member states and European Parliament lawmakers, also introduces a ban on non-consensual deepfake pornography and mandates watermarking for AI-generated content starting December 2025.

The agreement marks a pivotal moment in global AI regulation — and a notable retreat from the EU's originally ambitious timeline. Critics are already calling it a concession to intense corporate lobbying pressure.

Key Takeaways at a Glance

• High-risk AI compliance delayed from August 2, 2025 to December 2, 2027 — a 28-month extension
• Mandatory watermarking for AI-generated content takes effect December 2, 2025
• Machinery excluded entirely from the AI Act's jurisdiction
• Deepfake pornography banned, with specific provisions targeting non-consensual intimate imagery
• High-risk categories include biometrics, critical infrastructure, education, employment, law enforcement, and border management
• Part of the European Commission's broader 'Digital Package' strategy

Compliance Deadlines Pushed Back by Over 2 Years

The most consequential change in the revised agreement is the dramatic postponement of compliance obligations for high-risk AI systems. Originally set to take effect on August 2, 2025, the new deadline of December 2, 2027 gives companies an additional 28 months to prepare.

High-risk AI systems under the Act span a wide range of critical sectors. These include biometric identification, critical infrastructure management, educational tools, employment and recruitment platforms, law enforcement applications, and border management technologies.

The delay is designed to 'avoid legal uncertainty in application,' according to the European Parliament's official press release. In practical terms, it means companies like Microsoft, Google, Meta, and European AI firms such as Mistral AI and Aleph Alpha now have significantly more Runway to align their products with EU requirements.

Machinery Carve-Out Draws Scrutiny

In a move that surprised some observers, the agreement explicitly excludes machinery and equipment from the AI Act's scope. The rationale provided is that machinery is already covered by existing sector-specific safety regulations.

This carve-out could have significant implications for the industrial AI sector. Companies deploying AI-powered robotics, automated manufacturing systems, and smart machinery will not need to comply with the AI Act's risk-based framework — at least for now.

Industry analysts note this exclusion primarily benefits European manufacturers like Siemens, Bosch, and ABB, which have been integrating AI into industrial equipment at an accelerating pace. However, digital rights organizations argue the exemption creates a dangerous regulatory blind spot, particularly as AI-driven autonomous systems become more prevalent in warehouses, factories, and logistics networks.

Deepfake Pornography Ban Takes Center Stage

One of the agreement's most socially significant provisions is a ban on non-consensual deepfake pornography. The regulation specifically targets AI-generated intimate imagery created without the depicted person's consent — a growing problem that disproportionately affects women.

The deepfake porn crisis has escalated dramatically in recent years. According to research from Sensity AI (formerly Deeptrace), over 96% of deepfake content online is non-consensual pornography. The proliferation of easy-to-use AI image generators has only accelerated the problem, with tools capable of producing realistic fake nude images from a single photograph.

The EU's ban positions Europe as a global leader on this specific issue. While individual U.S. states like California, Texas, and Virginia have enacted laws targeting deepfake pornography, there is no comprehensive federal legislation in the United States. The UK's Online Safety Act addresses deepfake intimate images but with different enforcement mechanisms.

Key aspects of the deepfake pornography provisions include:

• Prohibition on creating non-consensual intimate AI-generated imagery
• Obligations on platforms to detect and remove such content
• Penalties for distribution of deepfake pornographic material
• Specific protections for minors

Mandatory AI Watermarking Arrives in December 2025

While high-risk compliance timelines have been extended, one provision remains on a fast track: mandatory watermarking of AI-generated content. This requirement takes effect on December 2, 2025 — just 7 months away.

The watermarking mandate requires that AI-generated text, images, audio, and video be clearly labeled as machine-produced. This aligns with similar efforts by major tech companies, including Google's SynthID technology and OpenAI's metadata-based content credentials system.

The compressed timeline for watermarking reflects growing urgency around AI-generated misinformation, particularly as Europe faces ongoing concerns about election interference and disinformation campaigns. The provision will force companies to implement technical solutions for content provenance at scale — a non-trivial engineering challenge.

Compared to the voluntary C2PA (Coalition for Content Provenance and Authenticity) standard adopted by companies like Adobe and Microsoft, the EU mandate carries legal teeth. Non-compliance could result in significant fines under the AI Act's enforcement framework.

Critics Call It a Corporate Capitulation

Not everyone is celebrating the agreement. Digital rights organizations and some European Parliament members have characterized the deal as a surrender to corporate pressure.

The original AI Act, passed in March 2024, was hailed as the world's most comprehensive AI regulation. The systematic weakening of its provisions — particularly the 28-month delay for high-risk systems — suggests that industry lobbying has been effective in reshaping the law's practical impact.

Marileana Louuna, Cyprus's Deputy Minister for European Affairs, offered a more positive framing in her official statement. 'This AI Act agreement provides strong support for businesses by reducing routine administrative costs,' she said. 'The agreement ensures legal certainty and makes implementation across the EU smoother and more standardized, while strengthening the EU's digital sovereignty and overall competitiveness.'

Cyprus currently holds the rotating EU Council presidency, giving it a central role in brokering the compromise.

The tension between regulation and competitiveness is not unique to the EU. The United States has largely favored a light-touch, executive-order-based approach under both the Biden and Trump administrations. China has implemented its own AI regulations but with different priorities around content control and social stability.

How This Compares to Global AI Regulation

The EU's revised approach places it in an interesting middle ground on the global regulatory spectrum:

• United States: No comprehensive federal AI law; relies on sector-specific guidance and executive orders. The Trump administration has rolled back Biden-era AI safety requirements.
• United Kingdom: Pursuing a 'pro-innovation' framework without a single overarching AI statute, instead empowering existing regulators.
• China: Has implemented multiple AI-specific regulations including rules on generative AI, deepfakes, and algorithmic recommendations.
• Canada: The Artificial Intelligence and Data Act (AIDA) remains under development with uncertain timelines.

Even in its watered-down form, the EU AI Act remains the most comprehensive AI regulatory framework in the Western world. The delay, however, means that practical enforcement of its most impactful provisions won't begin for over 2 years — an eternity in AI development timescales.

What This Means for Businesses and Developers

For companies operating in or selling into the EU market, the revised timeline creates both relief and uncertainty. The immediate priorities are clear.

Short-term (by December 2025): Organizations must prepare for mandatory AI content watermarking. This affects any company producing or distributing AI-generated content in the EU market. Technical teams should begin evaluating watermarking solutions now.

Medium-term (by December 2027): Companies deploying high-risk AI systems in areas like HR tech, education technology, biometrics, or public safety have additional time to build compliance infrastructure. However, smart organizations will begin preparation now rather than waiting until the deadline approaches.

Ongoing: The deepfake pornography ban creates immediate obligations for platforms hosting user-generated content. Content moderation teams and AI detection systems will need upgrading.

For U.S.-based AI companies — including OpenAI, Anthropic, Google DeepMind, and Meta AI — the extended timeline provides breathing room but doesn't eliminate the need for EU-specific compliance planning.

Looking Ahead: What Happens Next

The preliminary agreement must still be formally ratified by both the European Parliament and the EU Council. While this is typically a procedural step, the political dynamics around AI regulation remain fluid.

Several developments to watch in the coming months:

The European Parliament is expected to vote on the final text before the summer recess. National governments will then need to implement the provisions into domestic law. The EU AI Office, established to oversee enforcement, will need to publish detailed guidance on watermarking standards and deepfake content detection requirements.

Meanwhile, the AI technology landscape will continue evolving at breakneck speed. By December 2027 — when high-risk AI provisions finally take effect — the industry may look dramatically different from today. Models that seem cutting-edge now could be obsolete, and entirely new categories of AI risk may have emerged.

The fundamental question remains whether the EU can regulate AI effectively while maintaining competitiveness with the U.S. and China. This watered-down agreement suggests European lawmakers are still searching for that balance — and that the corporate sector currently holds significant leverage in shaping the outcome.