Unorma

EU AI Act

EU AI Act Deadlines in 2026 and 2027: What the Digital Omnibus Actually Changed

The EU AI Act's high-risk deadlines were provisionally delayed by the Digital Omnibus in May 2026. Here's the original timeline, what changed, and what is legally in force right now.

Jasper Claes
Jasper Claes

June 22, 2026 · 10 min read

EU AI Act

If you scoped your EU AI Act compliance program around an August 2026 deadline, you need to read this. In May 2026, EU lawmakers reached a provisional political agreement — known as the Digital Omnibus — that would push the high-risk AI deadlines back by 16 to 24 months. But “provisional agreement” is doing a lot of legal work in that sentence. Here is exactly what changed, what didn’t, and what is legally binding as you read this.

TL;DR

  • The EU AI Act entered into force on August 1, 2024. The original text set high-risk (Annex III) obligations to apply from August 2, 2026 — 24 months later.
  • In May 2026, the EU Council and Parliament reached a provisional political agreement (the 'Digital Omnibus', formally proposed November 19, 2025) to delay high-risk deadlines.
  • The proposed new dates: December 2, 2027 for Annex III stand-alone high-risk systems, and August 2, 2028 for Annex I systems embedded in regulated products (like medical devices, lifts and toys).
  • This agreement is provisional — it still needs formal adoption by the Council and Parliament and publication in the Official Journal before it has legal effect.
  • Until that publication happens, the original August 2, 2026 deadline remains the law on the books. Treat the delay as highly likely, not yet guaranteed.

The Original Law: What the AI Act Actually Says

Regulation (EU) 2024/1689 — the EU AI Act — was published in the Official Journal on July 12, 2024 and entered into force on August 1, 2024, twenty days later, per standard EU legislative procedure. The Act phases its obligations in over several years rather than all at once:

DateWhat applies
February 2, 2025Prohibited AI practices banned; AI literacy obligations begin
August 2, 2025Governance rules and obligations for general-purpose AI (GPAI) models apply
August 2, 2026High-risk AI system obligations apply — as written in the original text (Annex III, stand-alone high-risk systems)
August 2, 2027High-risk obligations apply to AI embedded in products already regulated under other EU product-safety law (Annex I) — as originally written

That August 2026 date for Annex III systems is the one most compliance teams have been building toward. It is still, technically, the date written into force today.

The Digital Omnibus: What Actually Changed in May 2026

In late 2025, the European Commission put forward a legislative package informally known as the Digital Omnibus(proposed November 19, 2025), aimed at simplifying and resequencing parts of the EU’s digital rulebook — including the AI Act’s implementation timeline. On May 7, 2026, the Council and Parliament reached a provisional political agreement on the file.

Under that provisional agreement, the high-risk deadlines would move to:

  • December 2, 2027 for Annex III, stand-alone high-risk systems (originally August 2, 2026) — a delay of roughly 16 months.
  • August 2, 2028 for Annex I systems embedded in regulated products such as medical devices, lifts and toys (originally August 2, 2027) — a delay of roughly 12 months.

According to the European Commission, the stated rationale is to give companies and regulators time to actually have the supporting tools in place — chiefly the harmonized technical standards that high-risk compliance depends on, several of which are still being finalized.

Aug 2024Act entersinto forceFeb 2025Prohibited practicesapplyAug 2025GPAI obligationsapplyAug 2026Original AnnexIII deadlineDec 2027Proposed newAnnex III deadlineAug 2028Proposed newAnnex I deadline
EU AI Act timeline: confirmed milestones vs. the provisionally proposed Digital Omnibus delay.

Why the Delay: The Standards Weren't Ready

The Commission’s stated rationale isn’t political convenience — it's a genuine dependency problem. Much of high-risk compliance under Articles 9 and 10 is meant to be demonstrated by following harmonized technical standards developed by the European standards body CEN-CENELEC, through a working group known as JTC 21. Those standards were originally due by April 30, 2025; the Commission itself later pushed that internal deadline to August 31, 2025, and completion slipped further into late 2025 and beyond.

Standard (in development)Supports which AI Act article
prEN 18228 — Risk managementArticle 9 (risk management system)
prEN 18284 — Data quality & governanceArticle 10 (data and data governance)

Without finalized, published harmonized standards, providers have no officially recognized way to demonstrate conformity efficiently — they'd be building compliance evidence against a moving target. The delay buys time for the standards infrastructure to catch up with the law's own deadlines.

Important nuance

A “provisional political agreement” between the Council and Parliament is not the same as an amended law. Under EU procedure, the text still has to be formally adopted by both institutions and published in the Official Journal before it legally supersedes the existing deadline. As of this writing, that publication has not happened — which means the original August 2, 2026 date remains technically in force.

This is the detail that trips up compliance teams: a political agreement is reported widely, treated as settled by the market, and then referenced by vendors and consultants as if it were already law. It almost certainly will become law in some close form — political agreements at this stage rarely collapse — but until formal adoption and publication, an organization that simply stops preparing for August 2026 is relying on a date that has not yet changed in the statute book.

What This Means for Your Compliance Program

  1. Don't tear up your compliance timeline. The direction of travel is a delay, not a reprieve — high-risk obligations are still coming, just later.
  2. Keep tracking formal adoption. Watch for the final vote in Council and Parliament and, critically, publication in the Official Journal — that's the moment the new dates become binding.
  3. Use the additional runway deliberately. If the delay is finalized, treat the extra months as time to close gaps properly rather than time to deprioritize the program.
  4. Don't assume every deadline moved. The delay proposal targets high-risk (Annex III/Annex I) obligations — prohibitions and GPAI rules that are already in force are not affected.
  5. Document your position. Whichever date you plan around, record why — regulators and auditors will want to see that your timeline reflects an informed reading of the Act's actual legal status, not a rumor.

What Different Roles Should Do Right Now

RoleRecommended action
Provider of a high-risk systemKeep building risk management, data governance and technical documentation — don't wait for the standards to finalize before starting
Deployer of a high-risk systemConfirm which systems you use are affected, and keep human oversight and monitoring practices moving regardless of the exact date
Compliance / legal leadTrack Official Journal publication directly rather than relying on secondhand reporting of the political agreement
Consultancy or auditorAdvise clients based on the current legal text, while flagging the provisional delay as a planning factor, not a settled fact

How to Track the Official Status Yourself

Don't rely on secondhand summaries

The only way to know for certain the delay is legally binding is to check for publication in the Official Journal of the European Union, searchable directly on EUR-Lex, or the European Commission’s own regulatory framework page, both linked in the sources below. Vendor blog posts — including this one — should be treated as a snapshot of the situation at the time of writing, not a substitute for checking primary sources before making a final compliance decision.

Primary Sources

How Unorma Tracks This So You Don't Have To

Stay current automatically

Unorma’s EU AI Act framework is updated as the regulatory picture develops, and gap analysis scores your systems against the obligations that actually apply on the date you check — not a snapshot from when you first set up your account. See our guide to AI compliance software for how the full platform fits together.

Frequently asked questions

Has the EU AI Act's August 2026 deadline officially changed?

Not yet, as of this writing. A provisional political agreement was reached in May 2026 to delay high-risk deadlines, but it still requires formal adoption by the Council and Parliament and publication in the Official Journal before it legally replaces the original August 2, 2026 date.

What are the proposed new deadlines under the Digital Omnibus?

December 2, 2027 for Annex III stand-alone high-risk AI systems, and August 2, 2028 for Annex I systems embedded in already-regulated products such as medical devices, lifts and toys.

Does the delay affect the AI Act's ban on prohibited practices?

No. Prohibited AI practices (in force since February 2025) and general-purpose AI model obligations (in force since August 2025) are not part of the proposed delay — only the high-risk system deadlines are affected.

Should we pause our EU AI Act compliance work until this is confirmed?

No. The proposal delays the deadline; it doesn't remove the obligation. Building the required inventory, risk classification and documentation now means you're ready whichever date ends up being final — and protected if the delay is not adopted as expected.

Why did the EU delay the AI Act's high-risk deadlines?

The Commission's stated rationale is that the harmonized technical standards providers need to demonstrate compliance efficiently — developed by CEN-CENELEC's JTC 21 working group — weren't ready in time, having already slipped past their own internal deadlines.

Where can I verify the AI Act's current legal deadlines myself?

Check EUR-Lex for Official Journal publications and the European Commission's regulatory framework for AI page — both are primary sources and more current than any single article or vendor blog post, including this one.

Does the proposed delay apply the same way to every high-risk AI system?

No — Annex III (stand-alone high-risk systems, like hiring or credit-scoring tools) and Annex I (AI embedded in already-regulated products like medical devices) have different proposed dates: December 2027 and August 2028 respectively.

As a consultancy, how should I advise clients given this uncertainty?

Base formal advice on the current legal text (August 2026) while clearly flagging the provisional delay as a highly likely but not yet final planning factor — and revisit the guidance the moment Official Journal publication happens.

About the author

Jasper Claes
Jasper Claes

Compliance Manager & AI Governance Consultant

Compliance Manager and consultant specializing in AI governance for high-scale technology companies operating in regulated markets.

View full profile