EU AI Act: the new 2027–2028 high-risk deadlines explained (Digital Omnibus on AI)
Veröffentlicht June 6, 2026 · 5 Min. Lesezeit
On 7 May 2026, the Council of the EU and the European Parliament reached a provisional agreement on the Digital Omnibus on AI — the first set of amendments to the EU AI Act since it entered into force. The headline change: the core high-risk obligations are postponed, giving providers and deployers materially more runway to comply. Here is exactly what moved, what did not, and what it means if you are an SME getting ready.
What changed: the new high-risk timeline
The high-risk regime — conformity assessments, technical documentation, risk management, human oversight, EU database registration — now applies on later, fixed dates:
| High-risk category | Old date | New date |
|---|---|---|
| Stand-alone systems (Annex III) | 2 Aug 2026 | 2 December 2027 |
| Embedded in regulated products (Annex I) | 2 Aug 2027 | 2 August 2028 |
The stated rationale: the harmonised standards (CEN-CENELEC) and support tools that operationalise the high-risk requirements are running behind schedule, so the extra time lets them land before enforcement begins.
What did not change
- Prohibited practices (Article 5) — in force since 2 February 2025.
- GPAI model obligations — applicable since 2 August 2025.
- Transparency obligations (Article 50) — still apply from 2 August 2026 (largely unaffected by the Omnibus).
- A new prohibition on AI generating non-consensual intimate content (including CSAM) is introduced, applying from 2 December 2026.
Important: provisional, not yet final
This is a provisional political agreement. The changes take legal effect only once the Omnibus is formally adopted and published in the Official Journal — expected before 2 August 2026. The new dates above reflect the agreed text.
What this means if you are an SME
A later deadline is not a reason to wait. Building conformity for a high-risk system — risk management, data governance, Annex IV technical documentation, a fundamental rights impact assessment, post-market monitoring — typically takes many months. The extra runway is best spent getting it right, not deferring the start.
Not sure which tier applies to your system? Try our free EU AI Act Risk Checker — no signup required.
SetAIComply helps you classify your AI systems, auto-draft your Annex IV documentation, and track every milestone — now reflecting the new 2027–2028 dates. See pricing or start a free 14-day trial.