EU delays AI Act high-risk deadlines, industry welcomes clarity
A provisional Omnibus VII deal delays EU AI Act high-risk rules: stand-alone systems take effect Dec. 2, 2027; embedded high-risk systems take effect Aug. 2, 2028.
The European Parliament and the EU Council reached a provisional agreement under the Omnibus VII package that pushes back key compliance dates in the EU AI Act. The deal sets Dec. 2, 2027 as the application date for stand-alone high-risk AI systems and Aug. 2, 2028 for high-risk systems embedded in products. The agreement also extends some exemptions for small and medium-sized enterprises, reinstates provider obligations to register high-risk systems in an EU database, and delays national rollout of AI regulatory sandboxes until Aug. 2, 2027.
Henna Virkkunen, executive vice president for tech sovereignty, security and democracy at the European Commission, said the timeline changes aim to smooth implementation while maintaining safety requirements. She added that tools to support companies’ compliance with the AI Act will be prepared.
Mark Weir, regional director for the UK and Ireland at Check Point Software, described the revisions as a meaningful evolution in EU AI governance that balances stronger protections with a practical approach to compliance. He said harmonized implementation and reduced overlapping administrative obligations will lower friction for organizations operating across multiple member states and that the provider registration requirement will strengthen enforcement of digital sovereignty plans.
Levent Ergin, chief strategist for agentic AI, regulatory compliance and sustainability at Informatica, noted that extended deadlines do not remove the need for internal AI governance. He said firms must still manage the data that trains models, ensure systems are explainable and maintain human oversight to scale AI beyond experimentation.
The provisional agreement must be formally adopted by the European Parliament and the EU Council before the adjusted dates take effect. If approved, the new schedule will give companies additional time to prepare documentation, testing and oversight structures required for systems classified as high risk under the act.
Regulators have said the EU database for high-risk systems and the national sandboxes are intended to help monitor compliance. Member states and affected companies will follow the formal adoption process and the setup of the supporting sandboxes and databases.
