Council and Parliament negotiators reached a political deal on 7 May on the AI Omnibus simplification package. Three things compliance teams need to know: enforcement of certain systems is being further centralised in the AI Office; an EU-level regulatory sandbox is being created; and providers of GenAI systems already on the EU market before 2 August 2026 get a transitional period until 2 December 2026 to comply with content marking and detection obligations. Formal adoption is being pushed before the 2 August enforcement cliff. (European Council press release)

EU Article 50 draft transparency guidelines published — consultation closes 3 June. On 8 May the Commission released its first draft of Article 50 transparency guidelines, covering chatbot disclosure, deepfake labelling, emotion-recognition and biometric-categorisation notices. The guidelines are non-binding but land less than three months before Article 50 becomes applicable on 2 August 2026. Action: decide this week whether to file a consultation response. (Commission draft guidelines)

EU AI Office's GPAI enforcement powers go live 2 August. The one-year grace period since GPAI obligations entered force on 2 August 2025 closes in under 90 days. After that, the AI Office can apply the Article 101 penalty schedule — the higher of 3% of annual worldwide turnover or €15 million — to general-purpose AI model providers. Action: confirm your GPAI documentation, copyright policy, and Code of Practice posture before the grace period ends. (Reg. (EU) 2024/1689 — EUR-Lex)

Connecticut becomes the next US state with a comprehensive AI law. SB 5 — the "AI Responsibility and Transparency Act" — passed both chambers (House 131-17, Senate 32-4), and Governor Lamont confirmed he will sign. The first compliance tranche lands 1 October 2026: subscription-AI disclosures, frontier-developer whistleblower protections (training compute above 10^26 FLOPs), AEDP discrimination amendment, and a regulatory sandbox. AI-companion rules follow 1 January 2027. (Connecticut Mirror)

Pull your EU AI Act compliance owners into a 30-minute calendar block to decide one thing: are you filing a consultation response to the Article 50 draft transparency guidelines by 3 June? The window is three weeks. If yes, scope which product surfaces (chatbots, deepfake/generated-image features, biometric-categorisation, emotion-recognition) need to be covered, and assign a drafting lead today.

Tomorrow is CyberEyeQ Weekly — a digest of the most consequential regulatory developments across cybersecurity, privacy, AI governance, and financial regulation from the past seven days.

CyberEyeQ — Actionable Regulatory Intelligence
Questions or feedback? Reply to this email or write to [email protected].