EU AI Act Update: Digital Omnibus Proposes Delaying High-Risk Deadlines to 2027

The European Commission has proposed the Digital Omnibus, a legislative package that would push most EU AI Act high-risk enforcement deadlines from August 2026 to late 2027. This is not a rollback — it’s a recalibration that acknowledges what many compliance teams already suspected: the ecosystem isn’t ready.

What’s Changing

The original EU AI Act timeline required compliance with high-risk AI system requirements by August 2, 2026. The Digital Omnibus proposes:

Obligation	Original Deadline	Proposed New Deadline
Annex III high-risk systems (hiring, credit scoring, law enforcement, etc.)	August 2, 2026	December 2, 2027
Annex I high-risk systems (AI in regulated products)	August 2, 2026	August 2, 2028
Generative AI watermarking	August 2, 2026	February 2027

What hasn’t changed: Prohibited AI practices (banned since February 2025) and GPAI model obligations (applicable since August 2025) remain on their current timelines.

Why the Delay

The Commission cited three critical gaps:

1. No harmonized technical standards — Organizations literally cannot demonstrate conformity because the standards to measure against don’t exist yet. CEN-CENELEC working groups are still drafting them.

2. Missing supervisory infrastructure — Many EU member states haven’t established their national AI supervisory authorities. You can’t enforce rules without enforcers.

3. No conformity tools — The conformity assessment framework, common specifications, and practical compliance tools aren’t available. Organizations reported having “no practical way to meet 2026 obligations.”

What This Means for Organizations

Don’t Stop Preparing

The delay is not an invitation to relax. Here’s why:

• The proposal isn’t final — It requires approval from the European Council, Parliament, and Commission. The final text could differ materially.
• AI literacy obligations remain — The February 2025 deadline for AI literacy already passed. Are you compliant?
• GPAI rules are live — If you provide or use general-purpose AI models, obligations have been in force since August 2025.
• Early movers win — Organizations that build AI governance now will be ready regardless of the final timeline. Those that wait until the last minute will scramble again.

Revised Practical Timeline

When	Action
Now	Inventory AI systems, classify risk levels, establish AI governance framework
Q2-Q3 2026	Monitor final Digital Omnibus adoption, begin risk management documentation
Q4 2026	Prepare for Annex III conformity assessment, train teams
2027	Complete conformity assessments for high-risk systems

The European Commission’s Guidance Gap

Adding to the complexity, the Commission missed its own deadline to publish guidelines on high-risk AI systems (originally due February 2026). A final draft is expected in March or April 2026, with final adoption potentially later.

This means organizations are currently navigating without the official guidance that was supposed to clarify exactly which systems qualify as high-risk and what conformity assessment requires.

Our Take

The Digital Omnibus is pragmatic, not permissive. The EU AI Act’s core protections remain intact — prohibited practices are banned, GPAI rules are live, and high-risk requirements are coming. The timeline shift simply acknowledges that you can’t demand conformity assessments when the standards and tools to perform them don’t exist.

Smart organizations will use this extra time to build robust AI governance, not to postpone it. When enforcement does arrive — whether in 2027 or 2028 — it will be real, and it will be strict.

---

Need to assess where you stand? Start a free compliance assessment on Metrica.uno to identify gaps across the EU AI Act and other frameworks.