EU delays AI high-risk deadlines

The EU just blinked on the hardest part of its AI law. Not on the bans, and not on the big idea that risky AI should face tougher rules. But on the deadline for the systems that are hardest to police and hardest for companies to certify. On May 7, the European Parliament and Council struck a provisional deal to push those high-risk obligations back, basically admitting that the compliance machinery was not going to be ready in time. ### What exactly got delayed? The main shift hits the AI Act’s high-risk tier. Stand-alone high-risk systems — the Annex III bucket that covers uses like biometrics, critical infrastructure, education, employment, and access to essential services — would now face the new rules on December 2, 2027 instead of August 2, 2026. High-risk AI embedded in regulated products would move to August 2, 2028. Those dates come from the provisional deal the co-legislators announced this week. (consilium.europa.eu) ### Why did Brussels push it back? Because the law was ahead of the plumbing. The AI Act depends on harmonised standards, guidance, conformity-assessment tools, and national enforcement capacity. But those pieces have been lagging, and lawmakers decided it made more sense to delay the toughest obligations than force companies and regulators into a deadline they could not actually meet. The Parliament had already backed postponement in March for that reason. (consilium.europa.eu) ### Is this a rollback or just a pause? Mostly a pause — but a meaningful one. The core risk-based structure stays in place, and the rules already in force are not being erased. The AI Act’s bans on unacceptable-risk practices started applying on February 2, 2025, and general-purpose AI obligations kicked in on August 2, 2025. So this is not Europe abandoning the law. It is Europe narrowing the bottleneck around the most complex compliance layer. (europarl.europa.eu) ### What else changed in the deal? The package is not just a calendar fix. The Council says the deal also streamlines overlap with other EU product rules, reinstates database registration even when a provider claims a system is exempt from high-risk classification, and strengthens the role of the AI Office. Parliament-side materials also point to expanded support measures like sandboxes and clearer implementation tools. In plain English — Brussels is trying to centralize more of the guidance while trimming some of the procedural drag. (ai-act-service-desk.ec.europa.eu) ### What about the new bans people noticed? One of the headline additions is a ban on AI that generates sexual or intimate content without consent, including so-called nudification tools. That matters because the original AI Act was built around risk categories, but these apps created pressure for a cleaner red-line rule. The Council had already added that ban in its March position, and it carried into the provisional agreement. (consilium.europa.eu) ### Who benefits from the delay? Companies building high-risk systems get more time, obviously. But regulators and notified bodies also benefit, because they now have a better shot at getting standards and certification pathways in place before enforcement starts. The catch is that civil-society groups will see this as another example of Europe softening landmark tech rules once implementation gets real. That tension has been there since the Omnibus proposal landed in November 2025. (consilium.europa.eu) ### What still has to happen? This is a provisional political agreement, not the last legal step. The Parliament and Council still need to formally adopt the text. If that happens before August 2, 2026, the new dates become the operative timetable for the high-risk parts of the AI Act. (digital-strategy.ec.europa.eu) ### Bottom line Europe is not tearing up its AI rulebook. It is buying time for the part that was about to collide with reality — the standards, audits, and certification work that make high-risk AI regulation more than a headline. (consilium.europa.eu)