The European Union is in a hurry to slow itself down. With the AI Act's obligations for high-risk systems due to take effect on 2 August 2026, EU lawmakers reached a provisional agreement in early May to push the core Chapter III high-risk obligations back by well over a year — and they now have to formally pass that delay before the original deadline arrives. The vehicle is the Digital Omnibus on AI, a package of targeted amendments the European Commission proposed on 19 November 2025, and the core justification is awkward but candid: the technical standards, common specifications and national enforcement machinery that companies need in order to comply are not ready.
What is being delayed, and what is not
Under the provisional agreement reached by the Council and the European Parliament on 7 May 2026, the headline change is a fixed new timeline for high-risk AI. Obligations for stand-alone high-risk systems under Annex III — AI used in sensitive areas such as biometrics, critical infrastructure, education, employment, law enforcement and border management — would move from 2 August 2026 to 2 December 2027. High-risk AI embedded in products already covered by EU safety legislation, under Annex I, would have until 2 August 2028. The deadline for member states to stand up national regulatory sandboxes would also slip, to 2 August 2027.
It is important not to read this as the AI Act being repealed. Several Article 50 transparency duties still arrive on the original 2 August 2026 date, including obligations relevant to deployers that publish or use certain AI-generated or manipulated content. The grace period for providers to comply with content-marking obligations was shortened from six months to three, setting a 2 December 2026 deadline. The deal also adds a new banned practice: AI systems used to generate child sexual abuse material or non-consensual intimate imagery — so-called nudifiers — would be outlawed, with that ban taking effect on 2 December 2026. The Act's underlying architecture — the risk-tier classification, the rules for general-purpose AI models, and the supervisory role of the EU's AI Office — is unchanged.
Why the delay, and why now
The official reasoning is operational rather than political. According to the European Parliament's own legislative record, the Commission proposed linking the high-risk timeline to the actual availability of the standards and compliance tools that the rules depend on, because the harmonised standards being developed by bodies such as CEN-CENELEC, and the designation of national competent authorities and conformity-assessment bodies, have run behind schedule. In plain terms: the EU concluded it was about to require companies to meet obligations against benchmarks that do not yet exist. The delay is meant to give standards-setters and regulators time to finish the scaffolding before enforcement begins, while signalling that organisations should already be preparing rather than waiting.
The timing is tight by design. The agreement reached on 7 May is provisional — a political deal, not yet law. The European Parliament and the Council must both formally adopt the text, which is expected to happen in June or July, and the amendments only take legal effect once published in the Official Journal. Until the amending regulation is formally adopted and enters into force, the original AI Act timetable remains the operative law; if adoption were to slip past 2 August 2026, the original high-risk obligations would apply from that date as written. That is the unusual pressure point here: the EU is legislating against its own clock to prevent rules it no longer thinks are workable from automatically taking effect.
The objection: relief, or a coverage gap?
Not everyone reads the delay as housekeeping. Michael McNamara, an Irish member of the European Parliament and a co-rapporteur on the file, has been among the critics, and analysts writing for Tech Policy Press argue that pushing back the high-risk rules while keeping the Act non-retroactive could leave some sensitive AI systems outside the framework's reach for far longer than intended. That is a legal-policy interpretation, not a settled enforcement outcome, but it is the core concern: because of the Act's non-retroactivity, some systems placed on the market before the delayed dates could avoid the eventual high-risk obligations. Critics have also questioned how heavily the simplification drive leaned on industry input. The counter-argument from the deal's backers is straightforward: enforcing obligations without finished standards would produce legal uncertainty and inconsistent compliance, which serves no one, including the people the Act is meant to protect.
Both positions can be true at once, which is what makes this hard. Standards genuinely are not ready, and a rushed high-risk regime would have been messy; and a delay plus non-retroactivity genuinely does narrow what the Act will eventually cover. The provisional text does not fully resolve that tension — it buys time and accepts a coverage cost to do so.
The ASEAN read
For policymakers and AI builders in Southeast Asia, the detail of Brussels timelines matters less than the signal. The EU AI Act has been the world's reference point for horizontal AI regulation, the framework that regional governments weighing their own rules have measured themselves against, and that exporters selling into Europe have built compliance roadmaps around. Watching the EU defer its own flagship high-risk obligations — because the supporting standards are not finished — is a useful corrective for anyone treating the Act as a settled template to copy or to comply with on a fixed date. The practical takeaways are concrete: organisations in the region that sell into the EU, or serve EU-regulated customers, now have more runway on the heaviest high-risk requirements but should not down tools, because transparency duties, the content-marking deadline and the new prohibitions are still arriving on schedule. And for regional regulators, the lesson is that the hard part of AI governance is not passing the law; it is building the standards and institutions that make the law operable — the precise step the EU is now buying time to finish.
Key Takeaways
EU lawmakers reached a provisional agreement on 7 May 2026 to defer the AI Act's high-risk obligations: stand-alone Annex III systems move from 2 August 2026 to 2 December 2027, and Annex I systems embedded in products to 2 August 2028.
The agreement is part of the Commission's Digital Omnibus on AI (proposed 19 November 2025); the stated reason is that harmonised standards (CEN-CENELEC) and national enforcement bodies are behind schedule.
It is not yet law. Parliament and the Council must formally adopt it, expected June–July 2026; if that slips past 2 August, the original high-risk timeline applies as written.
This is not a repeal: deployer transparency duties still apply from 2 August 2026, the AI-content watermarking grace period was cut to three months (deadline 2 December 2026), and a new ban on AI-generated CSAM and non-consensual intimate imagery takes effect 2 December 2026.
Supporters call the delay pragmatic given unfinished standards; critics — including Parliament co-rapporteur Michael McNamara and analysts at Tech Policy Press — argue that, because of non-retroactivity, some systems placed on the market before the delayed dates could avoid the eventual high-risk obligations (a legal-policy interpretation, not a settled outcome). For ASEAN exporters, the heaviest deadlines ease but transparency and prohibition deadlines do not.
View author profile → · Editorial policy
