EU delays key AI Act duties, but not the underlying risk

What this is about

The Council of the European Union gave final approval on 29 June 2026 to a package that simplifies and stretches parts of the EU AI Act implementation timeline. That sounds procedural, but it matters for any company using AI in hiring, credit scoring, education, medical devices, machinery, or large platforms.

The core point: some high-risk obligations move later. At the same time, the package adds new bans on non-consensual intimate AI imagery and CSAM generation. This is not a free pass. It is closer to a rebuilt timetable while the train is already moving.

What the EU change actually does

The amendment delays duties for certain high-risk AI systems. For Annex III systems, including AI used in employment, education, creditworthiness, or critical infrastructure, the start date is set to move from 2 August 2026 to 2 December 2027. For product-regulated high-risk systems, such as machinery or medical devices, the date moves from 2 August 2027 to 2 August 2028.

There are also targeted changes: national AI sandboxes get more time, some transparency obligations are staged, small mid-cap companies get simpler compliance treatment, and a narrow exception is created for using special-category personal data in AI bias testing.

Why it matters

For real teams, this is about planning certainty. Many companies in 2026 still do not have all the technical standards, templates, and assessment procedures they need to classify and document high-risk AI properly. The new timeline reduces the risk of building against unclear instructions.

At the same time, it shifts practical responsibility. People do not experience AI as a legal text; they experience it as a hiring filter, credit decision, insurance score, or moderation system. If duties apply later, internal governance has to arrive earlier. The Council frames the package as simplification, while firms such as Morgan Lewis stress that the substance of the AI Act largely remains.

In plain language

Imagine a city introducing new safety rules for elevators. The deadline for some inspection paperwork is extended because the testing tools and forms are not ready yet. That does not mean elevators can run without maintenance. Operators get more time for documentation, but responsibility for safe systems remains.

A practical example

A mid-sized provider uses an AI system to pre-screen 40,000 job applications per month. Under the old timetable, the team would have had to prove many high-risk obligations by August 2026. With the new December 2027 date, it gains about 16 months for data inventory, bias tests, human oversight, and documentation.

The dangerous mistake would be treating that time as a pause. If the system is already disadvantaging applicants today, a later compliance date does not help them. A useful 90-day plan would map the model purpose, review training data, document decision thresholds, open an appeal route, and compare error rates across groups every month.

Scope and limits

• Final political approval is not the same as publication in the Official Journal. The binding legal details still need the final text.
• A deadline extension does not solve technical work: classification, data quality, logging, and human oversight remain difficult.
• AI in sensitive areas may still be constrained by data protection, employment law, product safety, or consumer protection even if AI Act duties apply later.

SEO & GEO keywords

EU AI Act, AI Act 2026, high-risk AI, Council of the EU, Digital Omnibus, European AI regulation, Annex III, AI compliance, bias testing, AI governance