EU delays high-risk AI rules

The European Parliament and the Council presidency reached a provisional agreement on May 7 to push back the EU AI Act’s main compliance deadline for many high-risk systems. The deal would move the application date for standalone high-risk AI systems to Dec. 2, 2027, from Aug. 2, 2026, and shift the deadline for high-risk AI embedded in regulated products to Aug. 2, 2028. The agreement is part of the EU’s “Omnibus VII” simplification package, which Brussels has used to trim digital compliance burdens while keeping the core structure of the AI Act in place. The changes are not yet law and still need formal approval from both the Council and the European Parliament. ### Which AI rules are being delayed, exactly? The May 7 agreement targets the AI Act’s Chapter III obligations for high-risk systems, which cover the most demanding compliance requirements in the law. Those rules include obligations around risk management, data governance, technical documentation, human oversight, accuracy, cybersecurity and post-market monitoring for systems used in areas such as hiring, education, credit, essential services, biometrics, law enforcement and border management. (consilium.europa.eu) The new timetable set by the co-legislators replaces an earlier Commission approach that would have tied the delay to the later availability of standards and compliance tools. Instead, negotiators inserted fixed dates: Dec. 2, 2027 for standalone high-risk systems listed in Annex III and Aug. 2, 2028 for high-risk AI systems embedded in products covered by sectoral safety laws. (hoganlovells.com) ### What still takes effect on the original schedule? The European Commission’s own AI Act timeline still says prohibited AI practices began to apply on Feb. 2, 2025, and that the law becomes fully applicable on Aug. 2, 2026, subject to staged exceptions. The provisional May 7 deal does not roll back those earlier prohibitions. It also adds a new ban on AI practices involving the generation of non-consensual sexual and intimate content or child sexual abuse material. (consilium.europa.eu) The Commission published draft guidance on May 8 for Article 50 transparency obligations, a sign that Brussels is still preparing for those requirements to bite this year. Those guidelines are meant to help providers, deployers and national authorities apply the transparency rules consistently, including obligations tied to AI-generated or AI-manipulated content. (digital-strategy.ec.europa.eu) ### Why did EU negotiators move the deadline? The Council said on May 7 that the Commission had proposed delaying high-risk rules so they would start once needed standards and tools were available. Legal and industry summaries of the deal said lawmakers accepted that companies and regulators were unlikely to have the technical standards, conformity-assessment tools and administrative structures ready by August 2026. (digital-strategy.ec.europa.eu) Marilena Raouna, Cyprus’s deputy minister for European affairs, said in the Council statement that the agreement would reduce recurring administrative costs and provide a smoother, more harmonised implementation across the bloc. Her statement framed the deal as part of the EU’s broader simplification agenda rather than a rewrite of the AI Act’s risk-based model. (consilium.europa.eu) ### Does the deal change anything besides the dates? The Council statement said the provisional agreement reinstates an obligation for providers to register AI systems in the EU database for high-risk systems even when they consider those systems exempt from high-risk classification. The deal also extends some regulatory exemptions for small and mid-cap firms and seeks to reduce overlap between the AI Act and sector-specific product safety rules. (consilium.europa.eu) A separate change concerns AI-generated content. Proskauer’s summary of the political deal said certain machine-readable marking obligations for AI-generated content would apply from Dec. 2, 2026 — later than the original Aug. 2, 2026 date, but earlier than the Commission had proposed. ### What should companies watch next? (consilium.europa.eu) The next formal step is adoption by the European Parliament and the Council, which both institutions have said they intend to complete before Aug. 2, 2026, the current start date for many high-risk AI obligations. Until that happens, the AI Act’s original calendar remains the law on the books. (proskauer.com) The Commission’s draft Article 50 guidance is open to consultation until June 3, 2026, according to legal summaries citing the publication. That makes the immediate compliance focus less about the delayed high-risk regime and more about transparency rules and other provisions already moving through the AI Act’s phased rollout. (digital-strategy.ec.europa.eu) (proskauer.com)