The EU AI Act high-risk deadline just moved. The detail most coverage is missing matters more than the headline.
On May 7, the European Parliament and Council reached provisional agreement on the Digital Omnibus. High-risk AI compliance shifts from August 2, 2026 to:
➡️ December 2, 2027 for Annex III systems (biometrics, employment, education, law enforcement, critical infrastructure)
➡️ August 2, 2028 for Annex I systems (high-risk AI embedded in regulated products)
The headline is the delay. The detail is Article 111.
The AI Act is not retroactive. Systems placed on the market before the new dates do not have to comply with high-risk requirements, unless they undergo a substantial modification after that date — meaning a change to the system's design, function, or intended purpose that affects compliance.
For compliance and risk teams, the question shifts:
What is in our AI inventory today, and what crosses the December 2027 line?
A few things did not move:
➡️ Article 50 transparency obligations still apply August 2, 2026 for new systems
➡️ Watermarking for generative AI already on the market kicks in December 2, 2026
➡️ Prohibited practices, AI literacy, and GPAI obligations are unchanged
The teams treating this as breathing room will be in the weakest position by 2027. The teams using it to build a defensible AI inventory and a working substantial-modification process will be ready.
If your AI governance program was scoped around August 2026, this is the moment to revisit scope, not stand down.
#EUAIAct #AICompliance #RegulatoryUpdate #AIGovernance #DigitalRegulation
On May 7, the European Parliament and Council reached provisional agreement on the Digital Omnibus. High-risk AI compliance shifts from August 2, 2026 to:
➡️ December 2, 2027 for Annex III systems (biometrics, employment, education, law enforcement, critical infrastructure)
➡️ August 2, 2028 for Annex I systems (high-risk AI embedded in regulated products)
The headline is the delay. The detail is Article 111.
The AI Act is not retroactive. Systems placed on the market before the new dates do not have to comply with high-risk requirements, unless they undergo a substantial modification after that date — meaning a change to the system's design, function, or intended purpose that affects compliance.
For compliance and risk teams, the question shifts:
What is in our AI inventory today, and what crosses the December 2027 line?
A few things did not move:
➡️ Article 50 transparency obligations still apply August 2, 2026 for new systems
➡️ Watermarking for generative AI already on the market kicks in December 2, 2026
➡️ Prohibited practices, AI literacy, and GPAI obligations are unchanged
The teams treating this as breathing room will be in the weakest position by 2027. The teams using it to build a defensible AI inventory and a working substantial-modification process will be ready.
If your AI governance program was scoped around August 2026, this is the moment to revisit scope, not stand down.
#EUAIAct #AICompliance #RegulatoryUpdate #AIGovernance #DigitalRegulation
Shared byAri Tan - 13 days ago
Log in to comment
Loading ..
Related Articles
Live Discussion: Why CMPs Fail Audits Despite Passing Configuration Checks
Understanding the Difference Between Consent Management and Consent Programs
Rising Trends in AI Adoption, Data Strategy, and Consumer Trust: Insights from OneTrust
OneTrust Welcomes Brandon Epperson and Ethan Sailers: A Night of Insightful Conversations
Understanding the Gap Between CMP Configuration and Real-World Compliance
Kickoff Success for New AI Governance Program with Ryan and Brandon Leading the Way
4
0/100