Neural Network - May 2026
In this edition of the Neural Network, we look at key AI developments from April and May 2026.
In regulatory and government updates, EU legislators have reached a provisional deal regarding the AI Act digital omnibus; the EDPS has begun a pilot AI Act sandbox initiative; and UK digital regulators have signalled a joint focus on fast-moving AI and cross-regulatory coordination in the year ahead.
In technology developments and market news, the US Department of War has moved to broaden access to AI capabilities through new agreements with major AI companies; and the European Commission’s ongoing investigation into WhatsApp is emerging as a landmark case at the intersection of competition law and AI distribution.
More details on each of these developments are set out below.
Regulatory and Government updates
- EU Digital Omnibus deal: simplification of AI Act and renewed deadlines
- EDPS launches AI Act regulatory sandbox pilot
- DRCF sets joint priorities for fast moving AI in 2026/27
Technology Developments and Market News
- US military advances “AI first” strategy with classified network AI agreements
- EU takes early action on AI access: interim measures in the Meta / WhatsApp case
Our Publications
Regulatory and Government Updates
EU Digital Omnibus deal: simplification of AI Act and renewed deadlines
On 7 May 2026, the European Parliament (the “Parliament”) and the Council of the European Union (the “Council”) reached a provisional political agreement under the EU’s “Digital Omnibus” package to streamline certain aspects of the EU AI Act (the “AI Omnibus”). Main takeaways from the deal include postponing the main compliance deadlines for high-risk AI systems to 2 December 2027 (Annex III) and 2 August 2028 (Annex I), adding a new prohibition aimed at AI used to produce non-consensual intimate content and avoiding “double-regulation” of machinery products by applying a sector-specific compliance carve-out. You can read more about this development here.
The Council’s Permanent Representatives Committee has since confirmed the full text for the AI Omnibus and authorised its onward submission to Parliament for formal approval. The text, published on 13 May 2026, is still subject to final review and adoption processes. However, its publication indicates that the AI Omnibus is likely to be adopted in substantially this form.
EDPS launches AI Act regulatory sandbox pilot
The European Data Protection Supervisor ("EDPS") has launched a pilot AI regulatory sandbox for EU institutions, bodies, offices, and agencies ("Institutions"), marking an early step in operationalising the EU AI Act's innovation framework. Under Article 57(3) of the EU AI Act, the EDPS may establish an AI regulatory sandbox for Institutions and exercise the roles and tasks of national competent authorities.
The AI Act requires Member States to ensure at least one national AI regulatory sandbox is operational by 2 August 2026 (although this deadline is likely to be postponed to 2 August 2027, under the version of the AI Omnibus proposals published on 13 May 2026). These sandboxes provide a controlled environment that fosters innovation and facilitates the development, training, testing, and validation of innovative AI systems before they are placed on the market or put into service. Competent authorities must provide participants with guidance on regulatory expectations and how to fulfil the EU AI Act's requirements and may issue exit reports that can be used to demonstrate compliance through the conformity assessment process.
The sandbox framework is intended to improve legal certainty, support the sharing of best practices and facilitate access to the EU market for AI systems, when provided by SMEs and start-ups.
DRCF sets joint priorities for fast‑moving AI in 2026/27
In April 2026, the Digital Regulation Cooperation Forum (“DRCF”), the collaborative body bringing together the CMA, Ofcom, ICO, and FCA, published its 2026/27 workplan, setting out its priorities for the final year of its 2024-2027 vision. The workplan signals the regulators’ commitment to a more coherent, cross-regulatory approach to digital regulation, which includes oversight of AI, data, and digital markets.
The Workplan is organised around the DRCF’s five priority pillars. Key priorities for 2026/27 are:
1. Anticipating future developments
A central theme for the DRCF is deepening its work on agentic and generative AI. This includes research on consumer attitudes to AI risks and adoption. A newly established DRCF Research Lab will connect researchers across the four regulators to develop a coordinated research agenda and commission work on topics of cross-regulatory interest.
2. Unlocking innovation and economic growth
The DRCF will continue work on cloud, online advertising, and AI related issues spanning data protection and competition (including foundation models). A Thematic Innovation Hub will shift focus to “Authentication and Trust”, engaging innovators on cross-regulatory challenges around building public trust in modern technologies. The DRCF will also coordinate regulatory input into the Government's Smart Data Guidebook, which will establish guiding principles for future smart data schemes.
3. Protecting people online
The DRCF will continue bilateral collaboration and coordination under the Digital Markets, Competition and Consumers Act regime, with the CMA working closely with other regulators on ongoing Strategic Market Status investigations. The FCA and Ofcom will deepen coordination on online fraud and illegal financial promotions, whilst the ICO and Ofcom will continue to coordinate on online safety and data protection, including age assurance (which you can read more about in our analysis here).
4. Supporting regulator effectiveness
The DRCF will conduct extensive user testing of its AI-powered Digital Library prototype, a "one-stop-shop" for navigating UK digital regulation. Regulator capability building will continue through skills programmes, secondments and sharing lessons from AI pilots between the regulators.
5. Engagement and international collaboration
The DRCF will maintain active engagement with industry, civil society and the Government, continuing outreach to parliamentarians across the political spectrum. Internationally, the DRCF will retain chairmanship of the International Network for Digital Regulation Cooperation (INDRC).
Overall, the 2026/27 Workplan signals to business that regulatory approaches regarding AI, data, competition, and online safety are joined up, rather than each regulator dealing with such issues in isolation.
Technology Development and Market News
US military advances “AI first” strategy with classified network AI agreements
The US Department of War (formerly the Department of Defense) (the “DoW”) has entered into a range of new agreements to deploy frontier AI systems directly onto its highest classification networks, deepening its shift to an "AI-first" military posture.
On 1 May 2026, the DoW announced that Amazon Web Services, Google, Microsoft, NVIDIA, OpenAI, Oracle, SpaceX and Reflection AI will provide AI capabilities within Impact Level 6 (secret) and Impact Level 7 (top secret) environments. The agreements cover both proprietary models, which are AI systems owned and controlled by the supplier, with the underlying technology kept closed, as well as open‑weights models. With open‑weights models, the core model parameters are released so that government users can run and adapt them on their own infrastructure.
The announcement follows the breakdown of the DoW’s relationship with Anthropic, previously the sole supplier of large language models for certain classified applications. Following a contract dispute over permitted uses, Anthropic was treated as a supply‑chain risk to the DoW and its work with federal programmes was curtailed, a move it is now challenging in court.
The new agreements both reflect and reinforce a wider shift towards the treatment of diversified, domestically controlled AI infrastructure as a core element of national security strategy.
EU takes early action on AI access: interim measures in the Meta / WhatsApp case
The European Commission’s (“Commission”) ongoing investigation into Meta (Case AT.41034) is emerging as a landmark case at the intersection of competition law and AI distribution. In April, the Commission escalated its case by issuing a Supplementary Statement of Objections and signalling its intention to impose interim measures requiring Meta to restore third party AI assistants’ access to WhatsApp.
The case stems from changes introduced by Meta in October 2025 to the terms governing access to WhatsApp’s Business API. These changes effectively excluded third-party general purpose AI assistants (such as external chatbots) from interacting with users via WhatsApp, leaving Meta’s own AI as the only integrated assistant on the platform.
The Commission opened formal proceedings in December 2025, taking the preliminary view that Meta may be dominant in the EEA market for consumer communications applications and that the exclusion of rival AI tools could constitute an abuse of dominance under Article 102 TFEU.
In response, Meta replaced the outright restriction with a fee-based access model for third party AI providers. However, last month the Commission concluded (on a preliminary basis) that this revised approach is “effectively equivalent” to a ban, as it may still prevent competitors from accessing WhatsApp users.
The Commission has now indicated that it intends to impose interim measures, a relatively rare step in EU antitrust enforcement. These would require Meta to reinstate third party AI assistants’ access to WhatsApp on pre-October 2025 terms while the investigation continues.
The legal threshold for interim measures is high - the Commission must show a prima facie infringement and a risk of “serious and irreparable harm” to competition. The Commission’s reasoning is that exclusion at this stage could irreversibly distort competition in fast moving AI markets by foreclosing rivals’ access to users and data.
Currently, the Commission has merely indicated its intention to impose interim measures, subject to Meta’s rights of defence. They have not yet been imposed. Meta reportedly proactively offered on 12 May 2026 to temporarily put on hold its fee-based access model for general purpose AI chatbots operating in the EEA for a period of one-month, in a bid to pre-empt any such interim measures being imposed. A formal decision will follow once the Commission has determined whether Meta’s proactive response is deemed to be sufficient to address the Commission’s concerns while it conducts its investigation.
This case reflects a broader shift in enforcement priorities:
- Access to users as essential infrastructure - the Commission is treating WhatsApp as a critical distribution channel for AI assistants, meaning that restricting access may prevent competitors from scaling or even entering the market.
- Early intervention in emerging markets - by considering interim measures, the Commission is signalling a willingness to act before market tipping occurs, rather than waiting for irreversible harm to materialise.
- Leveraging theories applied to AI ecosystems - the case applies traditional Article 102 concepts (refusal to supply / leveraging dominance) to a new context: control over data-rich platforms used to train and deploy AI tools.
- Substance over form in assessing conduct - the Commission’s rejection of Meta’s fee model highlights an important principle: changes in pricing or structure will not avoid scrutiny if their practical effect remains exclusionary.
The Commission is sending a clear message: dominant digital platforms cannot control access to critical distribution channels for AI in a way that disadvantages rivals. Crucially, the use of interim measures indicates that, in AI markets, timing is itself a competition issue and regulators are prepared to intervene early to shape market outcomes.
Our Publications
Workplace AI use puts HR and employment compliance in focus
As AI tools become embedded in day-to-day HR workflows, we have collaborated with our employment team to explore the growing legal and operational risk for employers using AI in the workplace. In an insight published earlier this month, we focussed on key risk areas including recruitment bias and automated decision-making, confidentiality and data leakage and knock-on effects for employee grievances (including DSARs).
To read this analysis in full, and identify tips for your organisation, click here.
