EU AI Act Deadlines in 2026: What the Omnibus Changed
The corrected EU AI Act timeline after the Digital Omnibus: what moved to December 2027, what still lands on 2 August 2026, and what to do first.

If you read that the EU AI Act's high-risk rules land on 2 August 2026, you are reading advice written before the Digital Omnibus. That amendment moved one block of obligations to 2027 — and left everything else exactly where it was. The result is a timeline most published guides now get wrong: the deadline that actually touches a company using AI is not the one that was delayed. Here is the corrected schedule, what moved, what did not, and what you must still do before 2 August 2026.
Quick Answer. After the Digital Omnibus, most EU AI Act deadlines still stand: it delayed only the Annex III high-risk obligations, from 2 August 2026 to 2 December 2027. The Article 50 transparency rules and enforcement still start on 2 August 2026, and the bans, literacy duty and penalties have applied since 2025.
Last updated: 13 July 2026 · Verified against Regulation (EU) 2024/1689 as amended by the Digital Omnibus (adopted and signed; awaiting Official Journal publication).
Summary
EU AI Act deadlines after the Omnibus — one block moved, the rest stands │ ├─ Already in force — nothing to wait for │ ├─ 2 Feb 2025 · Art. 5 bans + Art. 4 AI-literacy duty │ └─ 2 Aug 2025 · GPAI rules + Art. 99 penalties applicable │ ├─ 2 Aug 2026 — arrives on schedule, NOT delayed │ ├─ Art. 50 transparency: label chatbots and AI content │ └─ Enforcement machinery + supervisory powers switch on │ └─ What the Omnibus actually moved ├─ Annex III high-risk: 2 Aug 2026 → 2 Dec 2027 ├─ Sandboxes to 2 Aug 2027; Annex I high-risk 2 Aug 2028 └─ "We have until 2027" holds only for high-risk you may not run
What changed — and what didn't — after the Digital Omnibus?
The Digital Omnibus is a simplification amendment to the AI Act. It is adopted and signed and awaiting Official Journal publication: the Council of the EU gave its final green light on 29 June 2026, and the act was signed on 8 July 2026, under procedure 2025/0359(COD) [3][4]. Until it appears in the Official Journal it is not yet in force, but its content is fixed — which is why planning to it now is safe, and why "as amended" without that status line is not good enough.
What the Omnibus did is narrow. It pushed back the Annex III high-risk regime — the heavy obligations for systems used in sensitive contexts such as hiring, creditworthiness and access to essential services — from 2 August 2026 to 2 December 2027 [3]. It also moved the date for national regulatory sandboxes. That is the extent of the relief that matters to most organisations.
What it did not touch is the part an ordinary AI-using company actually carries. The Article 50 transparency duties still begin on 2 August 2026. The enforcement machinery still switches on then. And the obligations that have been live since 2025 — the Article 5 bans, the Article 4 AI-literacy duty, general-purpose AI rules and the Article 99 penalties — are unchanged and already binding [1][2]. For a fuller walk-through of what a company using AI owes and how the pieces fit together, our complete EU AI Act documentation guide sets out the deployer-first path; this article is the timeline that sits underneath it.
The corrected EU AI Act timeline (post-Omnibus)
Here is the schedule after the Digital Omnibus. The two rows to read carefully are the ones in bold: the date that did not move, and the one that did.
| Date | What applies |
|---|---|
| 2 Feb 2025 | Article 5 prohibitions + Article 4 AI-literacy duty (already in force) |
| 2 Aug 2025 | GPAI obligations + Article 99 penalties applicable since this date |
| 2 Aug 2026 | Article 50 transparency + enforcement machinery — NOT delayed |
| 2 Dec 2026 | legacy Article 50(2) branch + NCII/CSAM prohibited-practice additions |
| 2 Aug 2027 | national regulatory sandboxes operational (moved by the Omnibus) |
| 2 Dec 2027 | Annex III high-risk obligations (delayed by the Omnibus from 2 Aug 2026) |
| 2 Aug 2028 | Annex I high-risk obligations |
The headline error in most ranking content is to fold the whole Act into a single "2 August 2026" or "delayed to 2027" line. Neither is true. The Act arrives in layers, some already past, and the Omnibus only shifted one of them [1][2].
Which EU AI Act deadlines were delayed — and which were not?
The single most useful way to hold the change in your head is a two-column split: what the Omnibus moved on the right, and what it left in place on the left. The left column is the part that binds a company using AI in 2026.
| NOT delayed — still applies as scheduled | Delayed by the Digital Omnibus |
|---|---|
| Article 5 prohibitions — in force since 2 Feb 2025 | Annex III high-risk obligations — now 2 Dec 2027 (was 2 Aug 2026) |
| Article 4 AI-literacy duty — in force since 2 Feb 2025 | National regulatory sandboxes — now operational 2 Aug 2027 |
| GPAI obligations — since 2 Aug 2025 | |
| Article 99 penalties — applicable since 2 Aug 2025 | |
| Article 50 transparency — from 2 Aug 2026 | |
| Enforcement machinery — from 2 Aug 2026 |
Which of these is your deadline depends on what your AI system does. The routing is short:
In words, the tree routes like this:
- Is the use prohibited (Article 5)? It has been banned since 2 February 2025 — there is no compliant version, and the Omnibus changed nothing here [1].
- Is it a chatbot, or does it generate or manipulate content? Article 50 transparency applies from 2 August 2026. This was not delayed — label the AI and disclose it [1].
- Is it an Annex III high-risk use — hiring, credit scoring, access to essential services? The full high-risk duties apply from 2 December 2027, the date the Omnibus moved [3].
- Is it an Annex I safety component of a regulated product? Those high-risk duties apply from 2 August 2028 [1].
- Anything else — the everyday chatbots, drafting aids and AI features in ordinary software — is limited or minimal risk, with no dated deadline of its own.
Two duties sit across every branch regardless of tier: the Article 4 AI-literacy duty (live since February 2025) and the Article 99 penalties (applicable since August 2025). So "we have until 2027" is only true for the high-risk branch — a branch most deployers never enter.
What must you still do before 2 August 2026?
Because the delay applies only to high-risk systems, the practical to-do list for an ordinary deployer is unchanged and near-term. None of it waits for 2027. Before 2 August 2026:
- Inventory and classify every AI system. You cannot know which deadline applies until you know what each system does and which tier it falls in. This is the step that turns the timeline above into your timeline.
- Publish Article 50 transparency notices on customer-facing AI — chatbots, AI-written content, synthetic media — ready for the 2 August 2026 date [1].
- Run the Article 4 AI-literacy training and keep the records. This duty has been live since 2 February 2025, so if you have not done it, it is already overdue rather than upcoming [1].
- File your vendor and policy documents, so the paper trail exists before a customer or regulator asks — enforcement powers arrive on the same 2 August 2026 date [2].
- Diarise 2 December 2027 only if classification actually placed one of your systems in Annex III. For most deployers, it will not.
The free EU AI Act Documentation tool does steps one to four for you: it classifies each system you describe, states which of these dates applies to it, and generates the register, transparency notices, policy and training records as an editable pack. Free checkers tell you if the Act concerns you; this generates the documents that prove you acted on it.
Generate your own EU AI Act report + document pack — free, in ~20 minutes: https://aiprioritymap.com/en/tools/eu-ai-act
When the "delay" does not help you
The comfort in "high-risk pushed to 2027" is real but narrow, and it breaks down in four ways worth naming plainly.
First, the delay is only the Annex III high-risk regime. If none of your systems are high-risk — the common case — the Omnibus gives you nothing to defer, because your live duties are transparency and literacy, both on the near timeline [1][3].
Second, the duties already in force stay in force. Penalties have been applicable since 2 August 2025, and a regulator assessing a 2026 breach is not bound by a 2027 date that governs a different tier [1][2].
Third, the AI Act sits on top of your existing obligations, not instead of them. If your AI processes personal data, the GDPR applies in full and does not move with the Omnibus. Our cornerstone on how the AI Act sits alongside GDPR and UK data rules maps the overlap, which the delay does not touch.
Fourth, a delayed deadline is still a deadline. Annex III preparation — classification, oversight, records and, for many deployers, a fundamental rights impact assessment — takes months, not days. Treating 2 December 2027 as "later" rather than "start now" is how a delay becomes a scramble.
What to do on Monday
Do not wait for the Official Journal, and do not plan to the one date that moved. Take an hour, list every AI system your company uses, and classify each against the tiers above — that single step tells you which row of the timeline is yours. For most companies the answer is the near one: transparency and literacy, live in 2026, not the high-risk regime that slid to 2027. For the full deployer-first method behind this timeline, work through the complete EU AI Act documentation guide, then generate your pack and attach the dated roadmap to your next customer questionnaire.
Related insights
- EU AI Act Compliance: The Documentation Guide — the deployer-first five-step path and the nine-document pack this timeline sits under.
- AI Governance from Day One: GDPR and the EU AI Act — how the AI Act sits alongside GDPR and existing data rules, unchanged by the Omnibus.
Last updated: July 2026. Version 1.0.
Frequently Asked Questions
Did the Digital Omnibus delay the EU AI Act?
What EU AI Act deadline applies on 2 August 2026?
When do high-risk AI obligations apply after the Omnibus?
Is the EU AI Act already in force in 2026?
Do I have to do anything before 2 August 2026?
Sources
- 1.Regulation (EU) 2024/1689 — Artificial Intelligence Act (consolidated text, CELEX 32024R1689) — European Parliament and Council of the European Union · 2024
- 2.Timeline for the implementation of the EU AI Act — European Commission — AI Act Service Desk · 2026
- 3.Artificial intelligence: Council gives final green light to simplify and streamline rules (29 June 2026) — Council of the European Union · 2026
- 4.Digital Omnibus on AI — proposal COM(2025) 836 (CELEX 52025PC0836) — European Commission · 2025
- 5.Regulatory framework on AI — European Commission · 2024
Want this run on your business?
AI Foundation Audit — a structured assessment of your AI footprint: integration risks, governance gaps, ROI opportunities. Delivered as a comprehensive report you can act on.
You receive your Executive Report and Implementation Brief — tailored to your business and delivered immediately.
