Skip to content
easyAI
Products▼
  • AI Foundation Audit
  • AI ROI Calculator
  • GDPR Accountability Snapshot
Insights
  • Products
    • AI Foundation Audit
  • Free Tools
    • AI ROI Calculator
    • GDPR Accountability Snapshot
  • Insights
  1. Home
  2. Insights
  3. EU AI Act Deadlines in 2026: What the Omnibus Changed

EU AI Act Deadlines in 2026: What the Omnibus Changed

The corrected EU AI Act timeline after the Digital Omnibus: what moved to December 2027, what still lands on 2 August 2026, and what to do first.

EU AI Act Deadlines in 2026: What the Omnibus Changed
Methodology by Daniela Piskackova — Co-founder & AI Audit Lead·Published July 13, 2026

If you read that the EU AI Act's high-risk rules land on 2 August 2026, you are reading advice written before the Digital Omnibus. That amendment moved one block of obligations to 2027 — and left everything else exactly where it was. The result is a timeline most published guides now get wrong: the deadline that actually touches a company using AI is not the one that was delayed. Here is the corrected schedule, what moved, what did not, and what you must still do before 2 August 2026.

Quick Answer. After the Digital Omnibus, most EU AI Act deadlines still stand: it delayed only the Annex III high-risk obligations, from 2 August 2026 to 2 December 2027. The Article 50 transparency rules and enforcement still start on 2 August 2026, and the bans, literacy duty and penalties have applied since 2025.

Last updated: 13 July 2026 · Verified against Regulation (EU) 2024/1689 as amended by the Digital Omnibus (adopted and signed; awaiting Official Journal publication).

Summary

EU AI Act deadlines after the Omnibus — one block moved, the rest stands
│
├─ Already in force — nothing to wait for
│   ├─ 2 Feb 2025 · Art. 5 bans + Art. 4 AI-literacy duty
│   └─ 2 Aug 2025 · GPAI rules + Art. 99 penalties applicable
│
├─ 2 Aug 2026 — arrives on schedule, NOT delayed
│   ├─ Art. 50 transparency: label chatbots and AI content
│   └─ Enforcement machinery + supervisory powers switch on
│
└─ What the Omnibus actually moved
    ├─ Annex III high-risk: 2 Aug 2026 → 2 Dec 2027
    ├─ Sandboxes to 2 Aug 2027; Annex I high-risk 2 Aug 2028
    └─ "We have until 2027" holds only for high-risk you may not run

What changed — and what didn't — after the Digital Omnibus?

The Digital Omnibus is a simplification amendment to the AI Act. It is adopted and signed and awaiting Official Journal publication: the Council of the EU gave its final green light on 29 June 2026, and the act was signed on 8 July 2026, under procedure 2025/0359(COD) [3][4]. Until it appears in the Official Journal it is not yet in force, but its content is fixed — which is why planning to it now is safe, and why "as amended" without that status line is not good enough.

What the Omnibus did is narrow. It pushed back the Annex III high-risk regime — the heavy obligations for systems used in sensitive contexts such as hiring, creditworthiness and access to essential services — from 2 August 2026 to 2 December 2027 [3]. It also moved the date for national regulatory sandboxes. That is the extent of the relief that matters to most organisations.

What it did not touch is the part an ordinary AI-using company actually carries. The Article 50 transparency duties still begin on 2 August 2026. The enforcement machinery still switches on then. And the obligations that have been live since 2025 — the Article 5 bans, the Article 4 AI-literacy duty, general-purpose AI rules and the Article 99 penalties — are unchanged and already binding [1][2]. For a fuller walk-through of what a company using AI owes and how the pieces fit together, our complete EU AI Act documentation guide sets out the deployer-first path; this article is the timeline that sits underneath it.

The corrected EU AI Act timeline (post-Omnibus)

Here is the schedule after the Digital Omnibus. The two rows to read carefully are the ones in bold: the date that did not move, and the one that did.

DateWhat applies
2 Feb 2025Article 5 prohibitions + Article 4 AI-literacy duty (already in force)
2 Aug 2025GPAI obligations + Article 99 penalties applicable since this date
2 Aug 2026Article 50 transparency + enforcement machinery — NOT delayed
2 Dec 2026legacy Article 50(2) branch + NCII/CSAM prohibited-practice additions
2 Aug 2027national regulatory sandboxes operational (moved by the Omnibus)
2 Dec 2027Annex III high-risk obligations (delayed by the Omnibus from 2 Aug 2026)
2 Aug 2028Annex I high-risk obligations

The headline error in most ranking content is to fold the whole Act into a single "2 August 2026" or "delayed to 2027" line. Neither is true. The Act arrives in layers, some already past, and the Omnibus only shifted one of them [1][2].

Which EU AI Act deadlines were delayed — and which were not?

The single most useful way to hold the change in your head is a two-column split: what the Omnibus moved on the right, and what it left in place on the left. The left column is the part that binds a company using AI in 2026.

NOT delayed — still applies as scheduledDelayed by the Digital Omnibus
Article 5 prohibitions — in force since 2 Feb 2025Annex III high-risk obligations — now 2 Dec 2027 (was 2 Aug 2026)
Article 4 AI-literacy duty — in force since 2 Feb 2025National regulatory sandboxes — now operational 2 Aug 2027
GPAI obligations — since 2 Aug 2025
Article 99 penalties — applicable since 2 Aug 2025
Article 50 transparency — from 2 Aug 2026
Enforcement machinery — from 2 Aug 2026

Which of these is your deadline depends on what your AI system does. The routing is short:

Which EU AI Act deadline governs an AI system after the Digital OmnibusRoutes an AI system to its governing deadline: prohibited use was banned on 2 February 2025; a chatbot or content generator takes Article 50 transparency on 2 August 2026, not delayed; an Annex III high-risk use takes the full duties on 2 December 2027, delayed by the Omnibus; an Annex I safety component on 2 August 2028; everything else is limited or minimal risk with no dated deadline.

Yes

No

Yes

No

Yes

No

Yes

No

Which deadline governs
this AI system?

Prohibited use?
Art. 5

Already banned
since 2 Feb 2025

Chatbot, or generates /
manipulates content?

Art. 50 transparency
2 Aug 2026 · NOT delayed

Annex III high-risk use?
hiring · credit · essential services

Full high-risk duties
2 Dec 2027 · delayed by Omnibus

Safety component of a
regulated product? Annex I

Annex I high-risk
2 Aug 2028

Limited / minimal-risk
no dated deadline of its own

Which EU AI Act deadline governs your system — the Omnibus only moved the high-risk branches.

In words, the tree routes like this:

  • Is the use prohibited (Article 5)? It has been banned since 2 February 2025 — there is no compliant version, and the Omnibus changed nothing here [1].
  • Is it a chatbot, or does it generate or manipulate content? Article 50 transparency applies from 2 August 2026. This was not delayed — label the AI and disclose it [1].
  • Is it an Annex III high-risk use — hiring, credit scoring, access to essential services? The full high-risk duties apply from 2 December 2027, the date the Omnibus moved [3].
  • Is it an Annex I safety component of a regulated product? Those high-risk duties apply from 2 August 2028 [1].
  • Anything else — the everyday chatbots, drafting aids and AI features in ordinary software — is limited or minimal risk, with no dated deadline of its own.

Two duties sit across every branch regardless of tier: the Article 4 AI-literacy duty (live since February 2025) and the Article 99 penalties (applicable since August 2025). So "we have until 2027" is only true for the high-risk branch — a branch most deployers never enter.

What must you still do before 2 August 2026?

Because the delay applies only to high-risk systems, the practical to-do list for an ordinary deployer is unchanged and near-term. None of it waits for 2027. Before 2 August 2026:

  1. Inventory and classify every AI system. You cannot know which deadline applies until you know what each system does and which tier it falls in. This is the step that turns the timeline above into your timeline.
  2. Publish Article 50 transparency notices on customer-facing AI — chatbots, AI-written content, synthetic media — ready for the 2 August 2026 date [1].
  3. Run the Article 4 AI-literacy training and keep the records. This duty has been live since 2 February 2025, so if you have not done it, it is already overdue rather than upcoming [1].
  4. File your vendor and policy documents, so the paper trail exists before a customer or regulator asks — enforcement powers arrive on the same 2 August 2026 date [2].
  5. Diarise 2 December 2027 only if classification actually placed one of your systems in Annex III. For most deployers, it will not.

The free EU AI Act Documentation tool does steps one to four for you: it classifies each system you describe, states which of these dates applies to it, and generates the register, transparency notices, policy and training records as an editable pack. Free checkers tell you if the Act concerns you; this generates the documents that prove you acted on it.

Generate your own EU AI Act report + document pack — free, in ~20 minutes: https://aiprioritymap.com/en/tools/eu-ai-act

When the "delay" does not help you

The comfort in "high-risk pushed to 2027" is real but narrow, and it breaks down in four ways worth naming plainly.

First, the delay is only the Annex III high-risk regime. If none of your systems are high-risk — the common case — the Omnibus gives you nothing to defer, because your live duties are transparency and literacy, both on the near timeline [1][3].

Second, the duties already in force stay in force. Penalties have been applicable since 2 August 2025, and a regulator assessing a 2026 breach is not bound by a 2027 date that governs a different tier [1][2].

Third, the AI Act sits on top of your existing obligations, not instead of them. If your AI processes personal data, the GDPR applies in full and does not move with the Omnibus. Our cornerstone on how the AI Act sits alongside GDPR and UK data rules maps the overlap, which the delay does not touch.

Fourth, a delayed deadline is still a deadline. Annex III preparation — classification, oversight, records and, for many deployers, a fundamental rights impact assessment — takes months, not days. Treating 2 December 2027 as "later" rather than "start now" is how a delay becomes a scramble.

What to do on Monday

Do not wait for the Official Journal, and do not plan to the one date that moved. Take an hour, list every AI system your company uses, and classify each against the tiers above — that single step tells you which row of the timeline is yours. For most companies the answer is the near one: transparency and literacy, live in 2026, not the high-risk regime that slid to 2027. For the full deployer-first method behind this timeline, work through the complete EU AI Act documentation guide, then generate your pack and attach the dated roadmap to your next customer questionnaire.

The Digital Omnibus delayed only the Annex III high-risk regime, to 2 December 2027. Article 50 transparency and enforcement still start on 2 August 2026, and the bans, AI-literacy duty and penalties have been live since 2025. The deadline that binds most companies using AI was never delayed.

Generate your own EU AI Act report + document pack — free, in ~20 minutes: https://aiprioritymap.com/en/tools/eu-ai-act

Related insights

  • EU AI Act Compliance: The Documentation Guide — the deployer-first five-step path and the nine-document pack this timeline sits under.
  • AI Governance from Day One: GDPR and the EU AI Act — how the AI Act sits alongside GDPR and existing data rules, unchanged by the Omnibus.

Last updated: July 2026. Version 1.0.

Frequently Asked Questions

Did the Digital Omnibus delay the EU AI Act?+
Only one part of it. The Digital Omnibus moved the Annex III high-risk obligations from 2 August 2026 to 2 December 2027. It did not move the Article 50 transparency rules or the enforcement machinery, which still start on 2 August 2026. The Article 5 bans, Article 4 AI-literacy duty and penalties have applied since 2025.
What EU AI Act deadline applies on 2 August 2026?+
Two things start on 2 August 2026: the Article 50 transparency obligations — telling people when they deal with AI and labelling AI-generated content — and the enforcement machinery, including the authorities that supervise the Act. The Digital Omnibus did not delay either. Only the Annex III high-risk regime moved past this date.
When do high-risk AI obligations apply after the Omnibus?+
Annex III high-risk obligations — systems used for hiring, credit or access to essential services — now apply from 2 December 2027, moved by the Digital Omnibus from 2 August 2026. Annex I high-risk systems, the safety components of regulated products, follow on 2 August 2028. Most everyday business AI is not high-risk at all.
Is the EU AI Act already in force in 2026?+
Yes. The Article 5 prohibitions and the Article 4 AI-literacy duty have applied since 2 February 2025. General-purpose AI obligations and the Article 99 penalties have applied since 2 August 2025. The Act is live and enforceable now; the 2026 and 2027 dates only add further obligations on top of what already binds you.
Do I have to do anything before 2 August 2026?+
Yes. Inventory and classify your AI systems, publish Article 50 transparency notices on customer-facing AI, run the Article 4 AI-literacy training that is already overdue, and file your vendor and policy records. None of this waits for the high-risk 2027 date, which most deployers never reach.

Sources

  1. 1.Regulation (EU) 2024/1689 — Artificial Intelligence Act (consolidated text, CELEX 32024R1689) — European Parliament and Council of the European Union · 2024↗
  2. 2.Timeline for the implementation of the EU AI Act — European Commission — AI Act Service Desk · 2026↗
  3. 3.Artificial intelligence: Council gives final green light to simplify and streamline rules (29 June 2026) — Council of the European Union · 2026↗
  4. 4.Digital Omnibus on AI — proposal COM(2025) 836 (CELEX 52025PC0836) — European Commission · 2025↗
  5. 5.Regulatory framework on AI — European Commission · 2024↗

Want this run on your business?

AI Foundation Audit — a structured assessment of your AI footprint: integration risks, governance gaps, ROI opportunities. Delivered as a comprehensive report you can act on.

Start your audit →

You receive your Executive Report and Implementation Brief — tailored to your business and delivered immediately.

AI by the math. No deck, no meetings. No call. Just click.

PRODUCTS
  • AI Foundation Audit
  • All products
COMPANY
  • About
  • Contact
  • info [at] easy-audit [dot] ai
LEGAL
  • Terms of Service
  • Privacy Policy
  • AI Transparency
  • Cookie Policy
  • Complaints

© 2026 easyAI · All rights reserved. · easyAI is operated by DDN Consulting s.r.o., based in the EU.

Inspired by ISO/IEC 42001 + NIST AI RMF + EU AI Act principles. easyAI is not a certification body. Our methodology is inspired by ISO 42001 and NIST AI RMF principles; we do not provide formal certification or conformity audits.

easyAI