EU Agrees to Delay the AI Act's High-Risk Rules to 2027 in 'Digital Omnibus' Deal

Europe wrote the world’s first comprehensive rulebook for artificial intelligence. In May 2026, it blinked on the hardest part.

European Union negotiators reached a provisional agreement to delay the AI Act’s toughest “high-risk” obligations by more than a year, trading the law’s original deadlines for a set of later, fixed calendar dates. The deal — part of a broader “Digital Omnibus” simplification package — is a tacit admission that neither regulators nor companies were ready to comply on the original timeline.

What changed

Under the agreement reached on May 6, 2026, and confirmed by member-state representatives on May 13, the high-risk rules for standalone systems listed in the Act’s Annex III are deferred to December 2, 2027, from the original August 2, 2026. Obligations for AI embedded in regulated products under Annex I are pushed further still, to August 2, 2028.

Crucially, negotiators replaced an earlier Commission idea — conditional “trigger” mechanisms that would have switched the rules on once technical standards existed — with hard calendar dates. The goal was predictability: companies wanted to know exactly when the clock starts.

Why the delay

The official reasoning is logistical. The harmonized technical standards that companies need to demonstrate compliance are behind schedule. The compliance tools are not finished. And many member states have not yet designated the national authorities meant to enforce the rules.

In short, the scaffolding around the law wasn’t built in time. Rather than force businesses to comply with rules whose specifics didn’t yet exist, Brussels chose to move the dates.

What is not delayed

The delay is narrower than it sounds. The Act’s outright bans on certain “unacceptable risk” practices have been in force since February 2025, and the rules governing general-purpose AI models — the large foundation models from the likes of OpenAI, Google and Anthropic — have applied since August 2025. Those remain in place.

The deal also adds a new prohibition. Negotiators agreed to ban AI-generated non-consensual intimate imagery — so-called “nudifier” apps — along with AI-generated child sexual abuse material, writing the prohibition into the Act’s Article 5.

The politics

The agreement is the clearest sign yet of a shift in mood in Brussels, from the assertive rule-setting of the Act’s drafting to a competitiveness-minded push to ease the burden on European industry. Supporters frame the Digital Omnibus as common-sense streamlining that keeps Europe in the AI race. Critics — including civil-society groups — warn it risks weakening oversight of exactly the high-stakes systems the law was meant to govern, in areas like hiring, credit and policing.

That tension, between competitiveness and protection, will define the next phase of European tech policy.

What’s next

The deal is still provisional. It takes legal effect only once formally adopted and published in the EU’s Official Journal — expected before August 2, 2026. Companies building high-risk systems now have more runway, but the direction of travel is set: the obligations are coming, just later.

For anyone tracking the global rulebook on AI, the message from Brussels is nuanced. Europe is not abandoning its ambition to regulate artificial intelligence. It is conceding that writing the rules was the easy part — and that making them workable is proving much harder.

Sources

1. Council of the EU — Council and Parliament agree to simplify AI rules (May 7, 2026)
2. European Parliament — AI Act deal on simplification, ban on ‘nudifier’ apps (April 27, 2026)
3. White & Case — EU agrees Digital Omnibus deal to simplify AI rules
4. Gibson Dunn — EU AI Act Omnibus agreement postpones high-risk deadlines