Back to insights
eu-ai-actcompliancedigital-omnibusai-governanceregulation

The EU AI Act Digital Omnibus: What Actually Changed, With Dates

Share on XShare on LinkedInShare on Facebook
The EU AI Act Digital Omnibus: What Actually Changed, With Dates

Short answer: The Digital Omnibus on AI moves the high-risk compliance deadline from 2 August 2026 to 2 December 2027 (stand-alone systems) and 2 August 2028 (AI embedded in regulated products). It does not pause everything: core transparency duties still apply from 2 August 2026, and two new obligations land on 2 December 2026. The rules themselves did not get easier, you got more time to meet them.


EU AI Act Digital Omnibus timeline and revised compliance deadlines

Status as of 16 July 2026

The European Parliament endorsed the Digital Omnibus on AI on 16 June 2026 and the Council gave final approval on 29 June 2026. The regulation enters into force on the third day after publication in the EU Official Journal, expected mid-to-late July 2026. Until that publication happens, the original 2 August 2026 deadline formally remains the legal baseline. Check the adoption status before you rely on the new dates in a board deck or a contract.

Most compliance content published before June 2026 still cites the old timeline. If a consultancy's website tells you the high-risk deadline is August 2026, they have not updated their material since spring.

The revised timeline

DateWhat applies
2 August 2026Core transparency duties under Article 50(1), (3), (4): telling users they are interacting with AI, disclosing deepfakes and AI-generated text in certain contexts. Unaffected by the Omnibus. New generative systems placed on the market from this date must also carry machine-readable content marking from day one.
2 December 2026Content-marking (watermarking) deadline under Article 50(2) for generative systems that were already on the market before 2 August 2026. Same date: the new Article 5 prohibition on AI systems for non-consensual intimate imagery and CSAM takes effect, with fines up to 7% of worldwide turnover.
2 August 2027Member states must have at least one national AI regulatory sandbox running.
2 December 2027High-risk obligations apply to stand-alone Annex III systems: hiring and HR tools, credit scoring, education, critical infrastructure, and the other listed use cases.
2 August 2028High-risk obligations apply to AI embedded in products already covered by EU safety law (Annex I): medical devices, machinery, toys.

The mechanism behind the new dates

The deferral is conditional, not flat. High-risk obligations activate once the European Commission adopts a decision confirming that harmonised standards and support tools are ready, followed by a six-month transition for Annex III systems and twelve months for Annex I. The December 2027 and August 2028 dates are backstops in case that decision never comes. Practically: the deadline could arrive earlier than December 2027 if standards mature fast. Plan against the mechanism, not just the backstop date.

What did not change

The architecture of the AI Act is intact. Risk tiers, the Annex III list, documentation and logging duties, human-oversight requirements, penalty levels, and the governance framework all survive the Omnibus unchanged. Nothing was deleted from your eventual to-do list; items were re-dated.

Three things actually got heavier. The AI Office gained exclusive supervision over systems built on general-purpose models when the model and system come from the same provider. Supply-chain disclosure duties under Article 25 were expanded. And the new Article 5 prohibition arrives with a compliance date earlier than anything on the high-risk list.

Two things got lighter beyond the dates: small mid-cap companies now qualify for the reduced documentation regime that previously covered only SMEs, and both providers and deployers may process special-category personal data where strictly necessary to detect and correct bias, with safeguards, resolving an awkward conflict with Article 9 GDPR.

If you ship SaaS with AI features

Your nearest real deadline is likely 2 August 2026, not 2027. A chatbot, an AI copy generator, or an assistant embedded in your product triggers Article 50 transparency duties on the original date. If you launch a new generative feature after 2 August 2026, machine-readable content marking applies from launch, with no grace period. The 2027 date only helps you if your system sits in Annex III, and most SaaS features do not.

If you use AI in hiring or HR

Recruitment screening, performance evaluation, task allocation, and promotion or termination support are Annex III use cases. Your high-risk obligations now land on 2 December 2027 at the latest. Sixteen extra months is enough time to do this properly once: inventory the systems, classify them, assign accountability, and build the technical documentation while vendors are not yet drowning in identical requests.

If you sell into the EU from outside it

The AI Act applies to providers and deployers whose systems reach EU users, wherever the company sits. For companies in the Gulf and wider MENA region selling AI-enabled products into Europe, the Omnibus window is the cheapest compliance entry point you will get: the requirements are known, the deadline is published, and the consultancies are not yet at capacity. Waiting until 2027 means buying the same work at peak prices. We wrote a companion piece in Arabic on exactly this scenario.

Six things to do during the window

  1. Build the AI inventory now: every system in use or development, its purpose, provider, data types, and user groups. Every later step depends on this list existing.
  2. Classify against Annex III, and write down the reasoning for systems you conclude are not high-risk. Article 6(3) exemptions still require registration, through a simplified process.
  3. Map every user-facing AI interaction against Article 50 before 2 August 2026. This deadline did not move.
  4. If you generate images, audio, video, or text: calendar the marking obligation (2 December 2026 for pre-existing systems) and a documented misuse-risk review for the new Article 5 prohibitions.
  5. Ask your AI vendors for written disclosure of known limitations and failure modes under Article 25. A vendor who cannot produce this is itself a finding.
  6. Re-date your compliance roadmap against the conditional mechanism, and assign someone to watch for the Commission's standards decision.

FAQ

Is the EU AI Act delayed? Partially. High-risk obligations move to 2 December 2027 (Annex III) and 2 August 2028 (Annex I embedded systems). Transparency duties under Article 50 still largely apply from 2 August 2026, and the new content-marking and prohibition deadlines arrive on 2 December 2026.

Is the Omnibus in force today? As of 16 July 2026: adopted by Parliament and Council, awaiting Official Journal publication, in force three days after that. Expected mid-to-late July 2026.

Did any obligations get removed? No. The substance of the high-risk requirements is unchanged. The Omnibus re-dates them, adds one new prohibition, widens SME relief to small mid-caps, and clarifies bias-related data processing.

What is the earliest date the high-risk rules could apply? Earlier than December 2027 in theory: six months after the Commission confirms standards readiness for Annex III systems. December 2027 and August 2028 are the latest possible dates.

Does this affect companies outside the EU? Yes. The AI Act applies based on where your users are, not where your company is registered. Non-EU providers serving EU customers carry the same obligations on the same dates.


DataDiwan builds production AI systems with the audit documentation included, in English, Arabic, and Finnish. If you want your Annex III classification and Article 50 mapping done before the rush, start with a readiness call.

Sources: Council of the EU press release, 29 June 2026; Freshfields, EU AI Act unpacked #34; Gibson Dunn client alert on the Omnibus agreement; Winston Taylor, AI Act rules on high-risk AI delayed. This article summarises regulation for planning purposes and is not legal advice.

Ready to see where your team stands on AI?

Take the free readiness scorecard and get a tailored plan in minutes.

Get Free AI Readiness Scorecard