Skip to content

EU AI Act deadlines after the 2026 omnibus

By Philipp Kant 5 min read

The EU AI Act (Regulation (EU) 2024/1689) is the European Union’s AI law, applied in stages since August 2024. Its deadlines moved in May 2026: the Digital Omnibus agreement postpones the high-risk obligations to 2 December 2027 and 2 August 2028, while the Article 50 transparency duties still apply from 2 August 2026.

Most of what circulates about “the August 2026 deadline” was written before that agreement. Here is the timeline as it stands now, and what it means if you run AI anywhere in your business.

The deadlines, before and after the May 2026 omnibus

ObligationEnacted dateAfter the omnibus
Prohibited practices (Art. 5)2 Feb 2025In force, unchanged
AI literacy for staff (Art. 4)2 Feb 2025In force, unchanged
GPAI model rules and penalties2 Aug 2025In force, unchanged
Transparency duties (Art. 50)2 Aug 20262 Aug 2026, unchanged
Machine-readable content marking, systems already on the market2 Aug 2026Grace period to 2 Dec 2026
New ban: AI that generates non-consensual intimate images or CSAMnot in the 2024 text2 Dec 2026
High-risk systems, stand-alone (Annex III)2 Aug 20262 Dec 2027
High-risk in regulated products (Annex I)2 Aug 20272 Aug 2028

The high-risk deadlines moved, but the law is not paused

On 7 May 2026, Council and Parliament negotiators agreed on the Digital Omnibus on AI; the Council confirmed the deal on 13 May. It moves the heavy compliance package for high-risk systems (risk management, data governance, technical documentation, conformity assessment, CE marking, registration) from August 2026 to December 2027 for Annex III systems, and to August 2028 for AI embedded in regulated products.

Two things to keep straight:

  • Formal adoption and publication in the Official Journal are still pending, expected before 2 August 2026. Until publication, the enacted dates formally remain the law.
  • Everything that already applies keeps applying. The prohibitions, the AI literacy duty, the GPAI rules, and the penalty framework are in force today.

So “is the AI Act delayed?” has a precise answer: the high-risk track is, by 16 and 12 months. The rest is not.

What still lands on 2 August 2026: Article 50 transparency

The transparency duties were not postponed. From 2 August 2026:

  • Chatbots and voice systems must be designed so people know they are talking to an AI, unless that is obvious from context.
  • Generated audio, images, video, and text need machine-readable marking. Deepfakes and AI text published to inform the public need a visible label on top.
  • Permitted emotion recognition or biometric categorisation means the exposed people must be informed.

Systems already on the market get a grace period for the machine-readable marking until 2 December 2026. New systems do not.

For most small and mid-sized companies, this is the first AI Act deadline that actually bites: a support chatbot, an AI voice agent on the phone, or AI-generated marketing content all fall under Article 50.

What already applies today

  • Prohibited practices (since 2 February 2025): manipulation that causes harm, social scoring, emotion recognition at the workplace, untargeted face scraping, and the other Article 5 practices. These are banned outright; there is no compliance path.
  • AI literacy (since 2 February 2025): staff who operate or use AI need training matched to their role. This applies to every company using AI, regardless of risk class.
  • GPAI rules (since 2 August 2025): obligations for providers of general-purpose models, plus the penalty framework. Fines reach €35M or 7% of global turnover for prohibited practices and €15M or 3% for most other violations; for SMEs, the lower of the two amounts.

What the new dates mean for a typical SMB use case

  • A chatbot or voice agent on your website: transparency duties, August 2026. Disclosure and marking are design work, not lawyer work. Plan it into the next release.
  • AI in recruiting, screening, or worker management: Annex III high-risk. The deadline moved to December 2027, but the work did not shrink: vendor selection, documentation, human-oversight design, and provider conformity all take quarters, not weeks. Treat December 2027 as a completion date, not a start date.
  • AI-generated content in marketing: marking duties from August 2026, visible labels where the content informs the public.
  • Internal use of general assistants (drafting, summarizing, coding): typically minimal risk. AI literacy still applies, and the classification is per use case: the moment the same model starts screening applicants, the classification changes.

The classification logic is the same one we apply when we build AI into German SMBs: the use case decides, not the tool. And as with GDPR cookie compliance, the companies that handle it calmly are the ones that classify early instead of reacting to the first warning letter.

Check your use case in two minutes

Our free EU AI Act Risk Check classifies one AI use case with six plain-language questions: risk class, the obligations for your role (provider or deployer), and the deadlines above, in English or German. It already reflects the omnibus dates.

FAQ

Is the EU AI Act delayed? Partially. The May 2026 omnibus agreement moves the high-risk obligations to 2 December 2027 (Annex III) and 2 August 2028 (Annex I). The prohibitions, AI literacy, GPAI rules, and the Article 50 transparency duties are not delayed.

Do we have to do anything before August 2026? If you run a chatbot, voice agent, or publish AI-generated content: yes, the Article 50 transparency and marking duties apply from 2 August 2026. The AI literacy duty applies already.

Are the new high-risk dates final? The political agreement is done and Council-confirmed; formal adoption and Official Journal publication are expected before August 2026. Until publication, the enacted dates formally remain. December 2027 is the planning basis most legal teams now work with.

We only use ChatGPT and Copilot internally. Are we affected? Mostly by the AI literacy duty. Internal drafting and summarizing is typically minimal risk. The classification flips when a use case touches an Annex III area, for example using AI to screen job applications.

What are the fines? Up to €35M or 7% of global annual turnover for prohibited practices, up to €15M or 3% for most other violations. For SMEs, the lower of the two amounts applies. The penalty framework has been in force since August 2025.


We build AI systems that clear these requirements by design: classification, disclosure, logging, and human oversight planned in from the start. See our services or run the AI Act Risk Check on your use case first.

Have something in mind?

Send a short email describing the problem and what success looks like. We read every one and reply within a few days.