Before the EU AI Act Delay Deal: The Digital Omnibus and the High-Risk Calendar

Historical update: this article was originally published in April 2026, when the EU AI Act high-risk delay was still moving through Parliament, Council, and trilogue negotiations. On May 7, 2026, EU lawmakers reached a political agreement on the Digital Omnibus AI amendments. The current planning dates are December 2, 2027 for many stand-alone high-risk AI systems and August 2, 2028 for high-risk systems integrated into regulated products, subject to formal adoption and Official Journal publication.

This archive explains the pre-agreement debate: why the August 2, 2026 deadline was under pressure, what the proposed new deadlines looked like, what was not being delayed, and why readiness work still mattered. For current planning, use the newer EU AI Act Digital Omnibus agreement guide.

What the Digital Omnibus Was in April

The Digital Omnibus is a legislative simplification package the European Commission published in November 2025. It bundles together targeted amendments to the GDPR, the AI Act, the ePrivacy framework, and related digital rules. The Commission's stated goal is to reduce complexity and align overlapping obligations across the EU's digital rulebook, not to rewrite AI policy on the fly.

In the April drafts, the AI Act portion of the Omnibus was significant. It did three things.

• ●Proposed a delay of up to 16 months for most high-risk AI system obligations, conditional on harmonized compliance standards being available.
• ●Proposed pushing the deadline for AI-generated content marking and labeling rules (watermarking and similar transparency measures) out to November 2026.
• ●Proposed softening the AI literacy obligation in Article 4 — from a binding requirement into something closer to encouragement, in some proposed versions.

The April Proposed Deadlines

In April 2026, the Commission, Parliament committees, and Council still had slightly different views on exact dates. The Parliament committee text adopted by IMCO and LIBE on March 18, 2026 set two application dates that later became the main planning dates in the May 7 political agreement.

• ●December 2, 2027 — application date for stand-alone high-risk AI systems under Annex III (biometrics, critical infrastructure, education, employment, essential public and private services, law enforcement, migration, justice, and democratic processes).
• ●August 2, 2028 — application date for high-risk AI systems embedded in products already covered by EU sectoral safety legislation (medical devices, machinery, toys, etc.).
• ●November 2, 2026 — compliance deadline for watermarking and marking of AI-generated audio, image, video, and text content.

Why a Delay Was Even on the Table

A delay of this scale is unusual for the EU. It did not happen because lobbying worked — it happened because the machinery needed to make the law operational was not in place. Three specific gaps drove the Commission's proposal.

• ●Harmonized standards are not ready. CEN and CENELEC — the European standardization bodies tasked with producing the technical standards companies rely on to demonstrate conformity — missed their 2025 delivery deadline. They are now targeting end of 2026. Without standards, "conformity assessment" has no concrete yardstick.
• ●Member state authorities have not been designated. Many EU countries have still not appointed the national market surveillance authorities that enforce the AI Act. Several have only partially appointed them. Enforcement without enforcers is difficult.
• ●Commission guidance has slipped. The Commission itself missed deadlines for publishing implementing guidance on high-risk classification, GPAI, and other operational questions. Companies have been told to comply with rules that the regulator has not yet finished explaining.

Where the Process Stood in April

EU lawmaking involves three institutions: the Commission proposes, while Parliament and Council amend and co-decide. When this article first ran, all three had positions on the Digital Omnibus AI amendments but had not yet reached political agreement. That changed on May 7, 2026, when EU lawmakers announced a deal. The April procedural snapshot still helps explain how the dates converged.

• ●Commission (November 2025): Proposed the original Omnibus text, including the delay mechanism tied to standards availability.
• ●Council of the EU (March 13, 2026): Adopted a negotiating mandate with a different set of dates than the Commission proposed.
• ●European Parliament, IMCO + LIBE committees (March 18, 2026): Adopted a joint position by 101-9 setting December 2, 2027 and August 2, 2028 as the main high-risk dates.
• ●May 7, 2026 political agreement: Parliament and Council reached a deal on the Digital Omnibus AI amendments. Formal adoption and Official Journal publication remain the final legal steps.

What Is NOT Being Delayed

It is important to separate the politics of the delay from its actual legal scope. Several parts of the AI Act are not part of the Omnibus delay and remain fully in force.

• ●Prohibited practices (Article 5). The bans on real-time remote biometric identification in public spaces (with narrow exceptions), social scoring by public authorities, subliminal manipulation, and exploitation of vulnerable groups have been in force since February 2, 2025. Penalties of up to €35 million or 7% of global turnover apply today.
• ●GPAI model obligations. Transparency, documentation, copyright, and systemic-risk obligations for general-purpose AI model providers have been in force since August 2, 2025. The GPAI Code of Practice framework continues to apply.
• ●AI literacy (Article 4). Formally in force since February 2025. Some Omnibus drafts would have softened the obligation to "encouragement," but organizations should still treat AI literacy as a live governance requirement for AI systems serving EU users.
• ●Governance rules and the AI Office. The EU AI Office, the AI Board, and Scientific Panel structures have all been operational since August 2025. They are not paused.

Penalties and Extraterritorial Reach Are Unchanged

Even after the May 7 political agreement, two baseline features do not move.

The penalty structure stays the same. Prohibited practices: up to €35 million or 7% of worldwide turnover. Other infringements: up to €15 million or 3%. Supplying incorrect or misleading information to regulators: up to €7.5 million or 1%.

The geographic scope stays the same. The AI Act applies to providers and deployers placing AI systems on the EU market or whose AI system output is used in the EU — regardless of where the provider is incorporated. U.S., UK, and other non-EU companies that serve EU customers are in scope exactly as they were before.

The April Posture: Keep Building, Retune the Calendar

In April, the sensible posture was to treat the August 2026 date as legally live while planning for a likely delay. After the May 7 political agreement, the planning baseline changed: affected high-risk systems should now be scheduled around December 2, 2027 or August 2, 2028, while teams track formal adoption and publication.

The practical lesson stayed the same. Do not stop the Annex III readiness program. Keep the system inventory, risk classification, data-governance work, technical documentation, human oversight, logging, post-market monitoring, and vendor evidence moving. Slow only the expensive steps that depend on unfinished harmonized standards or final regulator guidance.

What Still Carried Forward

The Omnibus changed timing; it did not make the AI Act irrelevant. The April work plan still maps well to the post-agreement posture, with the calendar reset around the new high-risk dates.

• ●Do not pause the Annex III inventory. You still need to know which AI systems fall in high-risk tiers. Classification does not depend on the application date.
• ●Keep building AI literacy. Training and role clarity remain low-regret governance work even if the exact legal framing shifts.
• ●Watch transparency and content-marking duties. Generative AI disclosures, deepfake disclosures, and content-marking controls still belong on the roadmap.
• ●Delay only premature conformity work. If a step depends on unfinished harmonized standards, plan it carefully instead of paying for an assessment against moving targets.
• ●Track formal adoption. The political agreement is the important planning signal, but Parliament and Council adoption plus Official Journal publication are still the remaining legal milestones.

The Bigger Picture

The Digital Omnibus delay does not mean the EU AI Act is collapsing. It means the law was ambitious, the operational machinery (standards, authorities, guidance) wasn't ready, and the EU is adjusting dates to preserve the law's effectiveness rather than launch it into a vacuum.

For organizations outside the EU, the lesson is more subtle. The EU AI Act is still the most comprehensive AI regulation anywhere. Its prohibitions, GPAI obligations, and penalty structure are in force and enforceable today. The delay affects timing, not the law's reach.

The organizations investing in governance infrastructure now — risk management, classification, documentation, human oversight, training — are not wasting effort. They are building the program the AI Act still expects, on a schedule that now fits the post-agreement runway.

Related Regulations

Sources & References