The Digital Omnibus postpones the high-risk obligations for Annex III AI systems from 2 August 2026 to 2 December 2027, and the obligations for high-risk AI in regulated products (Annex I) to 2 August 2028, but it leaves the Article 50 transparency rules and the Article 4 AI literacy duty exactly where they were. This is the single most important thing to understand about the package: the delay is real and substantial for the heaviest compliance regime, but it is narrow. Several obligations that organisations already feel in practice are untouched, and the relief itself is not yet legally binding.
On 7 May 2026 the Council and the European Parliament reached a political agreement on the Digital Omnibus, the first set of amendments to the EU AI Act since its adoption in 2024. The agreement still needs formal adoption and publication in the Official Journal before it takes legal effect, which is expected before 2 August 2026. Until then, the original deadlines remain the law on the books.
Why the delay happened
The original AI Act timeline put the bulk of the high-risk regime into effect on 2 August 2026. That date assumed a working ecosystem of harmonised technical standards, notified bodies for conformity assessment, and national supervisory infrastructure. By late 2025 it was clear that ecosystem was not ready. The harmonised standards from CEN-CENELEC were running behind, the supporting Commission guidelines were still in draft, and many Member States had not yet designated or resourced their market surveillance authorities.
Rather than let obligations bite before the tools to comply with them existed, the legislators chose to move the dates. The Digital Omnibus does this with fixed calendar dates, not with a conditional "stop-the-clock" mechanism tied to the availability of standards. That matters for planning: there is no moving target, and no risk that the deadline springs forward the moment a standard is published.
The new deadline timeline
The table below sets out what moved and what did not. The dates assume the Omnibus is formally adopted and published as agreed.
| Obligation | Original date | New date | Status |
|---|---|---|---|
| Prohibited practices (Article 5) | 2 February 2025 | 2 February 2025 | Unchanged, already applies |
| AI literacy (Article 4) | 2 February 2025 | 2 February 2025 | Unchanged, already applies |
| GPAI model obligations | 2 August 2025 | 2 August 2025 | Unchanged, already applies |
| Article 50 transparency | 2 August 2026 | 2 August 2026 | Unchanged |
| Machine-readable marking for pre-existing generative AI (Art 50(2)) | 2 August 2026 | 2 December 2026 | Short grace period |
| High-risk Annex III (standalone systems) | 2 August 2026 | 2 December 2027 | Postponed ~16 months |
| High-risk Annex I (regulated products) | 2 August 2027 | 2 August 2028 | Postponed 12 months |
The headline is that the regime requiring risk management systems, technical documentation, logging, human oversight, conformity assessment and registration for high-risk systems now lands in December 2027 for the Annex III domains, and in August 2028 for AI built into products already regulated under EU product safety law.
What still applies on the original schedule
The relief is easy to overstate. Three categories of obligation are not postponed and deserve immediate attention.
Article 4, AI literacy. This duty has applied since 2 February 2025. Every provider and deployer must ensure that staff and others operating AI systems on their behalf have a sufficient level of AI literacy, taking into account their technical knowledge, the context of use, and the people affected. The Digital Omnibus does not touch this. We treat Article 4 as the practical front door to compliance, and our Article 4 AI literacy evidence benchmark sets out how to build a defensible evidence file.
Article 50 transparency. From 2 August 2026, deployers must disclose when people are interacting with an AI system, when content is artificially generated or manipulated (including deepfakes), and providers of generative systems must mark outputs in a machine-readable way. These obligations stay on their original date. The only concession is a short grace period: generative AI systems already on the market before 2 August 2026 get until 2 December 2026 to meet the machine-readable marking requirement under Article 50(2).
Prohibited practices and GPAI duties. The Article 5 bans on unacceptable-risk uses, and the obligations for providers of general-purpose AI models, are already in force and unaffected. The Omnibus does add a new prohibition targeting systems whose reasonably foreseeable output is non-consensual intimate imagery or child sexual abuse material, with a transitional period to 2 December 2026.
The classification question moves with the deadline
A postponed deadline does not postpone the classification analysis. Whether a system is high-risk is decided under Article 6, and on 19 May 2026 the Commission published draft guidelines on exactly that question. The consultation on those guidelines closes on 23 June 2026, with final guidelines expected by the end of 2026.
The draft sets out two routes into the high-risk regime. The first is Article 6(1) read with Annex I: a system is high-risk if it is a product, or the safety component of a product, already covered by the EU harmonisation legislation listed in Annex I and subject to third-party conformity assessment. The second is Article 6(2) read with Annex III: a system is high-risk if it is used in one of the listed sensitive domains, such as employment, education, essential services, law enforcement or biometrics.
Two points in the draft sharpen the analysis. The Article 6(3) exceptions, which let a system in an Annex III domain escape the high-risk label when it performs only a narrow procedural or preparatory task, are read narrowly, and they are switched off entirely when the system profiles natural persons within the meaning of Article 4(4) GDPR. And interconnected systems that function together are assessed as a single system for classification purposes, which prevents splitting a high-risk function across components to dodge the threshold. Our explainer on how the Article 6(3) filter works goes deeper on this, alongside the overview of the eight Annex III domains.
The practical consequence: an organisation should still complete its classification mapping now, even though the obligations attaching to a high-risk classification do not bite until December 2027. You cannot build a 2027 compliance programme without first knowing, in 2026, which of your systems fall inside the regime.
What this means for compliance planning
The extra time is best understood as runway, not reprieve. The systems that will be high-risk in December 2027 are largely the same systems organisations are deploying today. The work that the extension buys time for, building risk management systems, assembling technical documentation, arranging conformity assessment and registering systems, is substantial and slow. Organisations that treat the new date as permission to stop are likely to face the same readiness crunch in 2027 that the legislators have just postponed.
A sensible sequence for the next eighteen months looks like this. First, lock down the obligations that already apply: AI literacy evidence under Article 4, and a transparency plan for the August 2026 Article 50 deadline. Second, finish the high-risk classification inventory using the draft Article 6 guidelines, so the scope of the eventual obligations is known. Third, use the runway to December 2027 to build the documentation and governance scaffolding deliberately rather than under deadline pressure. The Digital Omnibus did not lighten the high-risk regime; it gave organisations a better-resourced window to meet it.
A final caution on legal status. None of the new dates are binding until the Omnibus is formally adopted and published in the Official Journal. The political agreement of 7 May 2026 is a strong signal of intent, but the text can still shift in final drafting, and the original 2 August 2026 date remains the operative law until publication. Plan around the new timeline, but document your decisions against the possibility that it slips.