The EU AI Act deadline everyone is still getting wrong
TL;DR. If your AI compliance plan is built around a 2 August 2026 deadline for high-risk systems, it is built around a date that no longer applies. A 2026 amendment to the EU AI Act (the "Digital Omnibus") pushed the high-risk obligations back by more than a year. The two dates that actually matter this year are 2 August 2026 (transparency duties for AI you already run) and 2 December 2026 (a new prohibition plus the end of a labelling grace period). The full high-risk regime for standalone systems now lands on 2 December 2027. Here is the corrected timeline, and what to do with the time you did not know you had.
Why this is worth two minutes of your attention
The EU AI Act is the first comprehensive AI law in a major market, and a lot has been written to help companies prepare for it. The trouble is that most of that writing was published before mid-2026, and the schedule changed underneath it.
Search "EU AI Act deadline" today and you will still find agencies and consultancies warning that high-risk AI obligations bite on 2 August 2026. Some of them are selling a compliance sprint against that date. The date is wrong. It was deferred, in law, in the summer of 2026. Acting on the old date means spending money and management attention on a deadline that is now sixteen months further out than you were told.
This is not a reason to relax. It is a reason to plan against the correct schedule instead of a stale one.
The three dates that are actually live
Most of the confusion comes from treating the AI Act as one big switch that flips on a single day. It was never that. The regulation phases in over several years, and the 2026 amendment moved some of those phases without touching others. Here is what is genuinely in force or imminent, as opposed to what the older content warns about.
| Date | What applies | Status |
|---|---|---|
| 2 February 2025 | Ban on "unacceptable-risk" practices; AI-literacy duties | In force |
| 2 August 2025 | Rules for general-purpose AI models; governance and penalties structure | In force |
| 2 August 2026 | Article 50 transparency duties: labelling AI-generated content, telling people when they are interacting with an AI | Live this year, unchanged by the amendment |
| 2 December 2026 | New prohibition (AI-generated non-consensual intimate imagery and CSAM); end of the grace period on machine-readable AI-content marking | New, added by the amendment |
| 2 August 2027 | Member-State AI regulatory sandboxes operational | Extended to here (from 2 August 2026) |
| 2 December 2027 | Standalone high-risk systems (recruitment, credit scoring, and similar) | Deferred here from the old 2 August 2026 date |
| 2 August 2028 | High-risk AI built into regulated products | Deferred from 2027 |
The single most important row is the fifth one. The high-risk obligations that older content puts in August 2026 are now in December 2027. If your business uses AI to screen job applicants, score credit, or make decisions in the other high-risk categories the Act lists, you have materially more runway than the internet is telling you.
What actually changed, and where it came from
The original AI Act is Regulation (EU) 2024/1689. It entered into force on 1 August 2024 with the phased schedule above, and the original full-application date for high-risk systems was 2 August 2026.
In late 2025 the European Commission proposed a package informally called the "Digital Omnibus," partly in response to how hard the high-risk rules were proving to implement on the original timeline. It moved through the usual process during 2026: a provisional agreement in the spring, adoption by the European Parliament on 16 June 2026, and final adoption by the Council on 29 June 2026. It has since been published in the Official Journal and is in force. The deferral is not a proposal you are waiting on. It is the law that applies now. Its effect on the dates is what the table above reflects: standalone high-risk systems deferred to December 2027, product-embedded high-risk to August 2028, the regulatory sandboxes extended to August 2027, and a new prohibition added for December 2026.
One honest caveat, because this article is about getting the facts right. Knowing the schedule moved is not the same as knowing where your own systems sit in it. Whether a given system is "high-risk," and whether you are its provider or its deployer, are specific legal questions with specific answers, and they decide which of these dates actually binds you. This piece gives you the corrected calendar so you plan against the right one. It does not replace your counsel classifying what you actually run.
The number nobody has that you should be suspicious of
While we are on the subject of getting facts right: you have probably seen a statistic claiming that some large percentage of companies, often "78%," are "not ready" for the AI Act. We went looking for the source of that number. It traces to vendor press releases that cite "a current market analysis" with no name, no sample size, and no methodology, and it is worded differently in different places by the same vendors who publish it. It exists to sell compliance services.
There is real data on AI Act readiness, but it is older and more modest. German industry association Bitkom surveyed 602 companies shortly after the Act entered into force in 2024 and found that only about a quarter had engaged with it at all, and that most of those who had said they would need outside help to implement it. Deloitte Legal's German survey from the same period found under half had seriously engaged with implementation. Those are real, methodologically transparent figures. They are also snapshots from 2024, which is exactly why nobody quotes them: they are less alarming and harder to stretch than an invented round number.
The point is not that readiness does not matter. It is that you should be able to see where any "urgency" number comes from before you spend against it, and a lot of the ones aimed at you do not survive that test.
What to do with the time
The deferral is a gift only if you use it deliberately rather than as an excuse to stop. Three moves are worth making now, regardless of which category your AI falls into.
- Inventory what you actually run. Most companies cannot list their AI uses, let alone classify them by risk. You cannot comply with a regime you have not mapped. This is unglamorous and it is the whole foundation.
- Handle the August 2026 transparency duties now, because those are live. If you generate content with AI or run a chatbot customers talk to, the labelling and disclosure obligations are in force this year and did not move. This is the near-term work.
- Classify your high-risk uses against the corrected December 2027 date, not the old one. If you are hiring, lending, or otherwise operating in a high-risk category, you have more time to do this properly. Use it for a real design, not a panic retrofit.
The difference between doing this well and doing it in a fright is mostly the calendar. You now have the correct one.
Sources
- Regulation (EU) 2024/1689 (the EU AI Act) and its procedure file, EUR-Lex.
- The Digital Omnibus on AI: adopted by the European Parliament 16 June 2026 and the Council 29 June 2026, published in the Official Journal. Corroborated across published client alerts from Gibson Dunn, White & Case, and DLA Piper, among others.
- EU AI Act phased-application schedule (Article 113) and the amended high-risk dates.
We build production AI software for a living, which means we live inside these rules rather than lecturing about them. If you want the corrected timeline mapped against what your company actually runs, that is the kind of thing our first conversation covers.
Frequently asked questions
- Did the EU AI Act high-risk deadline really move?
- Yes, and it is now binding law. The 2026 Digital Omnibus amendment deferred the application date for standalone high-risk AI systems from 2 August 2026 to 2 December 2027, and for product-embedded high-risk systems from 2027 to 2 August 2028. It was adopted by the European Parliament in June 2026, by the Council later that month, and published in the Official Journal.
- What EU AI Act obligations still apply in 2026?
- Two. The Article 50 transparency duties (labelling AI-generated content, disclosing AI interactions) apply from 2 August 2026 and were not changed. A new prohibition and the end of a content-marking grace period apply from 2 December 2026.
- Is the 2 February 2025 ban on prohibited practices still in effect?
- Yes. The ban on unacceptable-risk practices took effect 2 February 2025 and is unaffected by the 2026 amendment.
- Should we stop our AI Act preparation because the deadline moved?
- No. The deferral gives you time to prepare properly rather than a reason to stop. The transparency duties are live this year, and the high-risk classification work is more valuable done carefully than done in a rush.
- Where is the 78% of companies are not ready figure from?
- It traces to vendor press releases with no named source or methodology, published by firms selling compliance services. The real readiness data (Bitkom, Deloitte Legal) is from 2024 and more modest. Treat unsourced round numbers with suspicion.