EU AI Act Timeline: The New Deadlines After the 2026 Omnibus

The EU AI Act timeline just changed. On 16 June 2026, the European Parliament approved a package of amendments known as the digital omnibus that postpones the heaviest obligations of the AI Act by one to two years, delays one transparency requirement, and adds a new prohibition. The changes still need formal adoption by the Council before they become law, but the direction is set. This article lays out the new EU AI Act timeline, what moved, what did not, and what it means for organizations preparing to comply.

What Changed in the EU AI Act Timeline

The European Parliament approved the digital omnibus on 16 June 2026 by 423 votes to 57, with 174 abstentions. The package is designed to give organizations more time to comply while keeping the risk-based architecture of the AI Act intact. In short, it postpones the high-risk obligations, delays the provider watermarking requirement, bans a category of harmful AI, and reduces overlaps with other EU laws. It is not yet final: the Council must still formally adopt it, which is expected before 2 August 2026. For how the AI Act sits alongside other frameworks, see the guide on EU AI Act compliance compared with NIST and ISO 42001.

The New High-Risk Deadlines

The most significant change is the postponement of obligations for high-risk AI systems:

• Stand-alone high-risk systems listed in Annex III move from 2 August 2026 to 2 December 2027.
• High-risk AI embedded as safety components in products covered by EU sectoral legislation, listed in Annex I, move from 2 August 2027 to 2 August 2028.

The extra time is intended to let the necessary technical standards and guidance be finalized first, since much of what organizations need to comply was not going to be ready in time.

What Did Not Move: Transparency Stays in August 2026

This is the part most easily misread. Most of the AI Act’s transparency obligations under Article 50 still apply from 2 August 2026, including the duty to tell people when they are interacting with an AI system such as a chatbot, and the duty for those deploying AI to clearly label deepfakes and AI-generated text published on matters of public interest.

Only one transparency rule moved. The provider obligation to embed machine-readable marking in AI-generated content, the watermarking requirement, is delayed to 2 December 2026, and that extension applies to generative systems already placed on the market before 2 August 2026. Systems launched after that date are expected to comply right away. In other words, the labelling duties most organizations face are still arriving in August, and only the technical marking piece gets a short reprieve.

A New Prohibition: The Nudifier Ban

The omnibus also adds a new prohibited practice to Article 5 of the AI Act. It bans AI systems that generate child sexual abuse material or that create intimate or sexually explicit images, video, or audio of an identifiable person without consent. The prohibition applies to both providers placing such systems on the EU market and deployers using them for that purpose, with compliance required by 2 December 2026.

There is a safe harbour for systems that include adequate technical safeguards to prevent this misuse. The practical implication is concrete: any organization offering general-purpose image or media generation needs documented preventive safeguards as part of its risk management, not as an afterthought.

Other Changes Worth Knowing

• Fewer overlaps with sectoral law. AI acting as a safety component in machinery will be governed by the Machinery Regulation rather than facing both that and the AI Act.
• A clearer “safety component” definition. AI that only assists users or optimizes performance will not automatically be high-risk if its failure does not create health or safety risks.
• Bias correction. Processing special-category personal data to detect and correct bias is permitted across AI systems where strictly necessary, with safeguards.
• Relief for smaller firms. Existing exemptions for small and medium enterprises are extended to small mid-cap enterprises.
• Stronger central enforcement. The EU AI Office gains a clearer supervisory role over certain general-purpose AI systems.

The Complete EU AI Act Timeline at a Glance

• 2 February 2025 Prohibited AI practices already in force.
• 2 August 2025 Obligations for general-purpose AI models already in force.
• 2 August 2026 Most provisions apply, including most Article 50 transparency obligations and enforcement powers.
• 2 December 2026 Watermarking for generative systems on the market before August 2026; nudifier ban compliance.
• 2 August 2027 Deadline for member states to establish AI regulatory sandboxes.
• 2 December 2027 High-risk obligations for stand-alone Annex III systems.
• 2 August 2028 High-risk obligations for Annex I embedded systems.

This EU AI Act timeline reflects the package approved by Parliament on 16 June 2026 and remains subject to formal adoption by the Council.

What Organizations Should Do Now

1. Do not slow down. The delay is time to prepare, not to stop. Standards and guidance may arrive close to the new deadlines, leaving little room to adapt.
2. Inventory and classify your AI. Map every system, whether stand-alone, embedded, built in-house, or procured. Everything else depends on this.
3. Meet the August 2026 transparency duties now. Put chatbot disclosure and deepfake and public-interest labelling in place.
4. Plan watermarking for December 2026. If you ship generative features into the EU, prepare machine-readable marking and detection.
5. Document safeguards for generative media. If you offer image or media generation, build and record preventive safeguards against prohibited content.
6. Build a governance framework. Align to the AI Act’s risk-based approach using a recognized standard, covered in this guide to ISO 42001 and AI legal risk.

Elevate Consult helps organizations turn the AI Act timeline into a working compliance plan. The ISO 42001 AI Governance Readiness Bundle is a structured place to start.

How Elevate Consult Helps

Elevate Consult helps organizations interpret the EU AI Act timeline and build governance programs aligned to it and to ISO 42001 and the NIST AI Risk Management Framework. The work spans scoping and classification, transparency and labelling controls, and the documentation that demonstrates a credible path to compliance as the deadlines approach.

Organizations preparing for the AI Act can start a conversation with the Elevate team.

Key Takeaways

• The EU AI Act timeline changed on 16 June 2026, when Parliament approved the digital omnibus, though Council adoption is still pending.
• High-risk obligations move to 2 December 2027 for stand-alone Annex III systems and 2 August 2028 for Annex I embedded systems.
• Most Article 50 transparency duties still apply from 2 August 2026; only provider watermarking moves to 2 December 2026, with grandfathering for existing systems.
• A new Article 5 prohibition bans AI that generates child sexual abuse material or non-consensual intimate imagery, with compliance by 2 December 2026.
• The package also reduces overlaps with sectoral law, eases rules for smaller firms, and strengthens the EU AI Office.

Frequently Asked Questions

What is the new EU AI Act timeline?

Under the digital omnibus approved by the European Parliament on 16 June 2026, high-risk obligations move to 2 December 2027 for stand-alone Annex III systems and 2 August 2028 for Annex I embedded systems. Most Article 50 transparency obligations still apply from 2 August 2026, while the provider watermarking requirement moves to 2 December 2026, the same date by which a new ban on nudifier systems must be met. The package still requires formal adoption by the Council.

Did the EU delay the AI Act?

In part. The European Parliament approved a package on 16 June 2026 that postpones the high-risk AI obligations by roughly one to two years and delays the provider watermarking requirement to 2 December 2026. It does not repeal the AI Act or change its risk-based architecture, and most other deadlines, including most transparency obligations in August 2026, remain in place. The changes still need formal adoption by the Council.

When do high-risk AI obligations apply under the EU AI Act?

Under the approved changes, obligations for stand-alone high-risk AI systems listed in Annex III apply from 2 December 2027, and obligations for high-risk AI embedded as safety components in regulated products listed in Annex I apply from 2 August 2028. These replace the earlier dates of 2 August 2026 and 2 August 2027.

Are the EU AI Act transparency rules delayed?

Mostly no. The duties to disclose AI chatbots and to label deepfakes and AI-generated public-interest text still apply from 2 August 2026. Only the provider obligation to embed machine-readable marking in AI-generated content, the watermarking requirement, moves to 2 December 2026, and that extension applies to generative systems placed on the market before 2 August 2026.

What is the EU nudifier ban?

The digital omnibus adds a prohibition to Article 5 of the AI Act on AI systems that generate child sexual abuse material or that create intimate or sexually explicit imagery of an identifiable person without consent. It applies to providers and deployers, takes effect on 2 December 2026, and includes a safe harbour for systems with adequate safeguards to prevent such misuse.