EU delays high‑risk AI rules

The EU’s AI Act is still happening. But the hardest part of it just got pushed back. On May 7, 2026, negotiators from the Council of the EU and the European Parliament reached a provisional deal to simplify the law’s rollout. The big change is timing — the toughest obligations for high-risk AI systems will now apply on December 2, 2027 for stand-alone systems and August 2, 2028 for AI embedded in products. That is later than the old August 2, 2026 trigger for high-risk rules, and it matters because companies have been building toward a deadline while the technical playbook was still unfinished. (consilium.europa.eu) ### What counts as “high-risk” here? Under the AI Act, “high-risk” does not mean “powerful model.” It means AI used in settings where safety, health, or fundamental rights are on the line — things like critical infrastructure, law enforcement, employment, and certain regulated products. These systems face the heavy compliance stack: risk management, documentation, human oversight, robustness testing, and conformity checks before they go to market. (digital-strategy.ec.europa.eu) ### Why did the EU delay it? Basically, the law moved faster than the implementation machinery. The Commission has been relying on harmonised standards to turn broad legal duties into technical instructions companies can actually follow. Those standards are still being developed by CEN and CENELEC across ten areas, from risk management to cybersecurity and conformity assessment. Without them, firms can read the law, but they still have to guess how to prove compliance. (digital-strategy.ec.europa.eu) ### So what exactly changed? The provisional deal locks in a fixed delay instead of an open-ended wait. Stand-alone high-risk AI systems now move to December 2, 2027. High-risk AI embedded in products moves to August 2, 2028. The deal also broadly keeps the Commission’s simplification push, including wider relief for small mid-caps and some targeted reductions in requirements. (consilium.europa.eu) ### What’s the machinery-rule piece? This is one of the most practical changes. The deal clarifies the overlap between the AI Act and machinery rules by taking machinery-linked AI out of the AI Act’s standalone high-risk bucket. That matters for industrial and construction use cases — inspection systems, design tools, QA systems, robotics software — because companies were worried about being hit twice by overlapping product-safety and AI obligations. (iapp.org) ### Did negotiators only make it softer? No — they also added a new ban. The agreement prohibits AI practices used to generate non-consensual sexual or intimate content and child sexual abuse material. So this is not just a deregulatory move. It is a trade: less timing pressure and less overlap in some places, but sharper prohibitions in others. (consilium.europa.eu)ament-agree-to-simplify-and-streamline-rules/)) ### Is the deal final? Not yet. It is a provisional agreement, which means the Parliament and Council still need to formally adopt it. But politically, this is the hard part. Once that happens, the revised dates become the operative timeline companies plan around. (consilium.europa.eu)ussels? Because compliance timing shapes product roadmaps. A later date gives companies more room to test AI systems in real workflows instead of rushing to certify against half-built standards. The catch is that the delay does not erase the rules. It just gives Europe time to finish the measuring tape before it starts handing out penalties. (digital-strategy.ec.europa.eu) ### Bottom line? The EU did not back away from regulating high-risk AI. It admitted that a law this technical needs standards, tools, and cleaner boundaries with other product rules before the toughest obligations bite. For companies building industrial and safety-adjacent AI, that is a real reprieve — but not a free pass.