EU AI Act Omnibus:
What changed and what didn't
A provisional political agreement reached in May 2026 extends key high-risk AI deadlines. August 2, 2026 enforcement powers are unchanged. Here's what your compliance programme needs to know.
The one thing to understand
Supervisory authorities have full enforcement powers from August 2, 2026 regardless of the Omnibus timeline. The extension gives you more time to meet high-risk obligations — it does not give you more time to know what you have.
Updated enforcement timeline
Prohibited AI — already enforced
Article 5 prohibitions are live. Social scoring, real-time biometric surveillance in public spaces, manipulation of vulnerable groups — all banned. No change under Omnibus.
Article 5GPAI obligations — already enforced
General Purpose AI model providers must comply with Articles 53–55: technical documentation, copyright summaries, transparency, and adversarial testing for systemic risk models. No change under Omnibus.
Articles 53–55Enforcement powers go live — inventory deadline
Supervisory authorities gain full enforcement powers from this date. All organisations must have completed their AI inventory and risk classification. Prohibited AI and GPAI compliance will be actively reviewed. This date is unchanged by the Omnibus.
Annex III, Articles 5, 53–55High-risk AI (Annex III) — full obligations
Standalone high-risk AI systems (hiring, credit scoring, education, law enforcement, biometrics, migration) must meet full Article 9–27 obligations: risk management, technical documentation, human oversight, conformity assessment, EU database registration. Extended from August 2, 2026 under Omnibus provisional agreement.
Annex III, Articles 9–27, 43, 49High-risk AI embedded in products (Annex I)
AI systems integrated into regulated products — medical devices, machinery, toys, aviation, automotive — face full obligations from this date. Extended under Omnibus provisional agreement.
Annex I, Articles 9–27What your organisation should still be doing
The extension changes the deadline, not the work.
Complete your AI inventory
You cannot navigate a split enforcement landscape without knowing exactly what AI systems you operate, where they sit in the risk classification, and which deadline applies to each. Supervisory authorities can ask for this from August 2, 2026.
Classify every system by risk tier
Prohibited, high-risk (Annex III or Annex I), limited-risk, or minimal-risk. The classification determines which deadline and which obligations apply. Misclassification is itself a compliance failure.
Don't pause high-risk compliance work
The extension to December 2027 is 18 months. That sounds like a lot. High-risk AI conformity assessments, technical documentation, and risk management systems take 3–9 months to build properly. Organisations that use the extension to restart the "do we need to do this" conversation will find themselves back here in 2027 in a worse position.
Document your assumptions
The Omnibus is a provisional agreement — it requires formal adoption by Parliament and Council. Until that happens, treat August 2, 2026 as operative for all obligations. Any compliance programme built on the Omnibus timeline should document that assumption explicitly so it's auditable if the architecture changes.
Important: The Omnibus is not yet law
The May 2026 agreement is a provisional political agreement. It requires formal adoption by both the European Parliament and the Council of the EU before taking legal effect. Until that happens, the original EU AI Act dates remain operative. Any compliance programme built around the Omnibus extended timelines should treat that as an assumption, not a certainty, and document it as such.
Know where your AI systems stand
Assess any AI system against the EU AI Act in under 5 minutes. Free risk classification, compliance roadmap, and article-referenced requirements — updated for the Omnibus timeline.
Assess your AI systems free →No credit card required