EU AI Act
EU AI Act Deadlines in 2026 and 2027: What the Digital Omnibus Actually Changed
The EU AI Act's high-risk deadlines were provisionally delayed by the Digital Omnibus in May 2026. Here's the original timeline, what changed, and what is legally in force right now.
June 22, 2026 · 10 min read
EU AI Act
If you scoped your EU AI Act compliance program around an August 2026 deadline, you need to read this. In May 2026, EU lawmakers reached a provisional political agreement — known as the Digital Omnibus — that would push the high-risk AI deadlines back by 16 to 24 months. But “provisional agreement” is doing a lot of legal work in that sentence. Here is exactly what changed, what didn’t, and what is legally binding as you read this.
TL;DR
- The EU AI Act entered into force on August 1, 2024. The original text set high-risk (Annex III) obligations to apply from August 2, 2026 — 24 months later.
- In May 2026, the EU Council and Parliament reached a provisional political agreement (the 'Digital Omnibus', formally proposed November 19, 2025) to delay high-risk deadlines.
- The proposed new dates: December 2, 2027 for Annex III stand-alone high-risk systems, and August 2, 2028 for Annex I systems embedded in regulated products (like medical devices, lifts and toys).
- This agreement is provisional — it still needs formal adoption by the Council and Parliament and publication in the Official Journal before it has legal effect.
- Until that publication happens, the original August 2, 2026 deadline remains the law on the books. Treat the delay as highly likely, not yet guaranteed.
The Original Law: What the AI Act Actually Says
Regulation (EU) 2024/1689 — the EU AI Act — was published in the Official Journal on July 12, 2024 and entered into force on August 1, 2024, twenty days later, per standard EU legislative procedure. The Act phases its obligations in over several years rather than all at once:
| Date | What applies |
|---|---|
| February 2, 2025 | Prohibited AI practices banned; AI literacy obligations begin |
| August 2, 2025 | Governance rules and obligations for general-purpose AI (GPAI) models apply |
| August 2, 2026 | High-risk AI system obligations apply — as written in the original text (Annex III, stand-alone high-risk systems) |
| August 2, 2027 | High-risk obligations apply to AI embedded in products already regulated under other EU product-safety law (Annex I) — as originally written |
That August 2026 date for Annex III systems is the one most compliance teams have been building toward. It is still, technically, the date written into force today.
The Digital Omnibus: What Actually Changed in May 2026
In late 2025, the European Commission put forward a legislative package informally known as the Digital Omnibus(proposed November 19, 2025), aimed at simplifying and resequencing parts of the EU’s digital rulebook — including the AI Act’s implementation timeline. On May 7, 2026, the Council and Parliament reached a provisional political agreement on the file.
Under that provisional agreement, the high-risk deadlines would move to:
- December 2, 2027 for Annex III, stand-alone high-risk systems (originally August 2, 2026) — a delay of roughly 16 months.
- August 2, 2028 for Annex I systems embedded in regulated products such as medical devices, lifts and toys (originally August 2, 2027) — a delay of roughly 12 months.
According to the European Commission, the stated rationale is to give companies and regulators time to actually have the supporting tools in place — chiefly the harmonized technical standards that high-risk compliance depends on, several of which are still being finalized.
Why the Delay: The Standards Weren't Ready
The Commission’s stated rationale isn’t political convenience — it's a genuine dependency problem. Much of high-risk compliance under Articles 9 and 10 is meant to be demonstrated by following harmonized technical standards developed by the European standards body CEN-CENELEC, through a working group known as JTC 21. Those standards were originally due by April 30, 2025; the Commission itself later pushed that internal deadline to August 31, 2025, and completion slipped further into late 2025 and beyond.
| Standard (in development) | Supports which AI Act article |
|---|---|
| prEN 18228 — Risk management | Article 9 (risk management system) |
| prEN 18284 — Data quality & governance | Article 10 (data and data governance) |
Without finalized, published harmonized standards, providers have no officially recognized way to demonstrate conformity efficiently — they'd be building compliance evidence against a moving target. The delay buys time for the standards infrastructure to catch up with the law's own deadlines.
The Legal Limbo: Why August 2026 Is Still the Law on the Books
Important nuance
This is the detail that trips up compliance teams: a political agreement is reported widely, treated as settled by the market, and then referenced by vendors and consultants as if it were already law. It almost certainly will become law in some close form — political agreements at this stage rarely collapse — but until formal adoption and publication, an organization that simply stops preparing for August 2026 is relying on a date that has not yet changed in the statute book.
What This Means for Your Compliance Program
- Don't tear up your compliance timeline. The direction of travel is a delay, not a reprieve — high-risk obligations are still coming, just later.
- Keep tracking formal adoption. Watch for the final vote in Council and Parliament and, critically, publication in the Official Journal — that's the moment the new dates become binding.
- Use the additional runway deliberately. If the delay is finalized, treat the extra months as time to close gaps properly rather than time to deprioritize the program.
- Don't assume every deadline moved. The delay proposal targets high-risk (Annex III/Annex I) obligations — prohibitions and GPAI rules that are already in force are not affected.
- Document your position. Whichever date you plan around, record why — regulators and auditors will want to see that your timeline reflects an informed reading of the Act's actual legal status, not a rumor.
What Different Roles Should Do Right Now
| Role | Recommended action |
|---|---|
| Provider of a high-risk system | Keep building risk management, data governance and technical documentation — don't wait for the standards to finalize before starting |
| Deployer of a high-risk system | Confirm which systems you use are affected, and keep human oversight and monitoring practices moving regardless of the exact date |
| Compliance / legal lead | Track Official Journal publication directly rather than relying on secondhand reporting of the political agreement |
| Consultancy or auditor | Advise clients based on the current legal text, while flagging the provisional delay as a planning factor, not a settled fact |
How to Track the Official Status Yourself
Don't rely on secondhand summaries
Primary Sources
- European Commission — Regulatory framework for AI — the Commission’s own summary of the Digital Omnibus timeline change.
- EUR-Lex — Regulation (EU) 2024/1689 — the full, current legal text of the EU AI Act.
How Unorma Tracks This So You Don't Have To
Stay current automatically
Frequently asked questions
Has the EU AI Act's August 2026 deadline officially changed?
Not yet, as of this writing. A provisional political agreement was reached in May 2026 to delay high-risk deadlines, but it still requires formal adoption by the Council and Parliament and publication in the Official Journal before it legally replaces the original August 2, 2026 date.
What are the proposed new deadlines under the Digital Omnibus?
December 2, 2027 for Annex III stand-alone high-risk AI systems, and August 2, 2028 for Annex I systems embedded in already-regulated products such as medical devices, lifts and toys.
Does the delay affect the AI Act's ban on prohibited practices?
No. Prohibited AI practices (in force since February 2025) and general-purpose AI model obligations (in force since August 2025) are not part of the proposed delay — only the high-risk system deadlines are affected.
Should we pause our EU AI Act compliance work until this is confirmed?
No. The proposal delays the deadline; it doesn't remove the obligation. Building the required inventory, risk classification and documentation now means you're ready whichever date ends up being final — and protected if the delay is not adopted as expected.
Why did the EU delay the AI Act's high-risk deadlines?
The Commission's stated rationale is that the harmonized technical standards providers need to demonstrate compliance efficiently — developed by CEN-CENELEC's JTC 21 working group — weren't ready in time, having already slipped past their own internal deadlines.
Where can I verify the AI Act's current legal deadlines myself?
Check EUR-Lex for Official Journal publications and the European Commission's regulatory framework for AI page — both are primary sources and more current than any single article or vendor blog post, including this one.
Does the proposed delay apply the same way to every high-risk AI system?
No — Annex III (stand-alone high-risk systems, like hiring or credit-scoring tools) and Annex I (AI embedded in already-regulated products like medical devices) have different proposed dates: December 2027 and August 2028 respectively.
As a consultancy, how should I advise clients given this uncertainty?
Base formal advice on the current legal text (August 2026) while clearly flagging the provisional delay as a highly likely but not yet final planning factor — and revisit the guidance the moment Official Journal publication happens.
Key terms in this article
About the author

Compliance Manager & AI Governance Consultant
Compliance Manager and consultant specializing in AI governance for high-scale technology companies operating in regulated markets.
View full profileKeep reading
More from the blog
AI Compliance Software
AI Compliance Software
What Is AI Compliance Software? A Complete Guide for 2026
AI compliance software turns scattered spreadsheets and PDFs into a live system of record for every AI system you build or use. Here's what it does, who needs it, and how to evaluate it.
ISO 42001
ISO 42001
ISO 42001 Certification Requirements: The Complete Checklist
ISO 42001 has 10 clauses and 38 Annex A controls. This is the complete, plain-language checklist for what you actually need to have in place before your audit.
NIST AI RMF
NIST AI RMF
The NIST AI RMF Playbook Explained: Govern, Map, Measure, Manage
Govern, Map, Measure, Manage — the NIST AI RMF's four functions sound simple. Here's what each one actually requires you to do, with the playbook's real structure.