Current law versus proposed changes
The safest planning move is to separate binding dates from proposed dates. This page does that in one place and shows the operational reading that makes sense now.
EU AI Act Current Law vs Proposed Changes: What Applies Now (May 2026)
Current law remains in force until the amending act is formally adopted and published. The EU AI Act’s original application dates still govern planning, even after the 7 May 2026 political agreement. General provisions including AI literacy and prohibitions have applied since February 2025. GPAI model obligations and governance structures applied from August 2025. The majority of rules—including Annex III high-risk systems, Article 50 transparency obligations, and national enforcement—remain scheduled to apply on 2 August 2026 under the law as it stands today. The Digital Omnibus proposal and subsequent Council and Parliament positions suggest possible delays to certain high-risk rules and additional simplifications, but these amendments have not been adopted. Until a new regulation is formally published and enters into force, teams must plan against the current timeline.
Law status box (8 May 2026)
- Current applicable law: Regulation (EU) 2024/1689 with staggered dates set in Article 113. High-risk Annex III obligations and Article 50 transparency rules are still due 2 August 2026.
- Proposal stage: Commission Digital Omnibus proposal (November 2025), Council position (13 March 2026), Parliament position (26 March 2026). These texts propose linking high-risk application dates to readiness of standards and support tools, fixed later dates in some versions, extensions of SME measures to small mid-caps, and other clarifications.
- Status: A political agreement was announced on 7 May 2026, but no amending act has yet been formally adopted and published. Operational teams should therefore treat the original dates as the binding baseline while monitoring negotiations.
Direct answer
The EU AI Act is not delayed. No amendments have been finalised that alter the current legal timeline. Most substantive obligations still point to 2 August 2026. The Commission’s Digital Omnibus initiative, Council agreement, and Parliament vote in March 2026 reflect a shared desire to improve implementability through targeted changes—primarily linking high-risk rules more closely to the availability of harmonised standards and guidance, extending certain SME facilitations, and providing legal certainty on interplay with sectoral legislation. These are proposals only.
Practical implication: organisations that pause all preparation because they “heard the law was postponed” risk being unprepared if the original dates hold or if negotiations conclude with only modest shifts. Conversely, rushing into overly detailed conformity assessments for every possible high-risk use case before standards are finalised may create rework. The safest path is to advance no-regret foundational work now and keep high-risk technical documentation flexible.
This page separates current law, proposal/negotiation status, and recommended operational actions so compliance, legal, and product teams can make confident decisions without blurring what is mandatory today with what might change.
The institutional status tracker
The original AI Act was published in the Official Journal in July 2024 and entered into force on 1 August 2024. Its phased timeline is set in Article 113 and remains the law of the land.
Current institutional positions (as of 8 May 2026):
- European Commission (19 November 2025 proposal): Introduced the Digital Omnibus package to simplify digital rules. For the AI Act it proposed linking the application of high-risk rules to the availability of support tools (especially harmonised standards and guidelines). It suggested a maximum 16-month adjustment window once tools are ready and extended certain SME simplifications. The proposal explicitly aims to avoid implementation cliffs while preserving the Act’s risk-based approach.
- Council of the EU (13 March 2026): Reached a common position supporting streamlining measures. Details remain focused on making the rules workable for businesses while maintaining protections. The Council text aligns with the goal of tying high-risk obligations more closely to practical readiness.
- European Parliament (26 March 2026): Adopted its position with concrete proposed dates: 2 December 2027 for most Annex III high-risk AI systems and 2 August 2028 for those covered by existing EU product-safety legislation. It also proposed moving the compliance deadline for certain Article 50 transparency/watermarking measures to 2 November 2026, introduced a new prohibition on non-consensual “nudifier” AI systems (with safety carve-outs), extended SME facilitations to small mid-cap companies (SMCs), and clarified reduced overlap with sectoral legislation.
Why operational teams should not rewrite roadmaps yet: None of these texts is final law. Even after political agreement, the formal adoption, publication, and any transitional provisions will take months. National transposition and authority readiness also take time. Treating any single institutional position as the new baseline creates unnecessary oscillation. The prudent approach is to maintain a current-law baseline plan and maintain a narrow “monitor and adapt” workstream for the high-risk and transparency elements most likely to see timeline movement.
See the latest official timeline at the AI Act Service Desk and our guide EU AI Act timeline for 2026 and beyond.
What could change if the proposal becomes law
If the final amending regulation closely follows the March 2026 texts, the following shifts are possible (all labelled clearly as proposed):
Timing changes (most material)
- Annex III high-risk systems could move from 2 August 2026 to late 2027 (the 7 May political agreement points to 2 December 2027).
- High-risk AI embedded in products already covered by sectoral EU legislation could apply even later (proposed 2 August 2028).
- The Commission could still accelerate these dates if standards and guidance are ready earlier.
- Article 50 transparency obligations for providers and deployers of certain AI systems would likely remain anchored around mid-to-late 2026, though specific watermarking/labelling compliance periods may be extended slightly.
Scope and simplification effects
- Extended simplified technical documentation and other facilitations from SMEs to small mid-cap enterprises.
- Clearer rules on interplay with existing product-safety legislation, potentially reducing duplicative requirements.
- New explicit prohibition on certain non-consensual intimate image generation systems (“nudifiers”), subject to technical safety exceptions.
Parts that matter most for different actors
- SMEs and SMCs: Greatest potential relief through extended simplified modalities and later high-risk deadlines.
- Deployers: Benefit from clearer guidance on obligations and later high-risk system availability, giving more time to prepare fundamental rights impact assessments (FRIA) and human oversight processes.
- GPAI / non-EU model providers: Core obligations (from August 2025) appear largely untouched by the Omnibus. Authorised representative requirements under Article 54 remain relevant for many non-EU providers.
- Publishers and chatbot operators: Article 50 transparency work (disclosure that content is AI-generated) is still likely required from 2026 and is low-regret to prepare now.
These changes remain proposed until a final regulation is adopted. Current law timelines continue to govern planning.
Current law versus proposal matrix
| Topic | Current law | Proposal (negotiation status) | Institutional status | Recommended action today |
|---|---|---|---|---|
| AI literacy | Applies since 2 Feb 2025 (Article 4) | No material change proposed | Consensus across institutions | Implement organisation-wide literacy programme now. Link to Article 4 AI literacy: what you actually need to do |
| Annex III high-risk timing | 2 August 2026 | Linked to standards readiness; possible shift to Dec 2027 (Parliament) or later for sectoral products | Political agreement announced; pending formal adoption | Classify systems and begin risk inventories. Delay final technical files until standards stabilise. |
| Article 50 timing | 2 August 2026 for most transparency obligations | Possible extension for specific watermarking/labelling to Nov 2026 | Parliament proposes later compliance window | Start building disclosure workflows and templates. See Article 50 transparency obligations explained |
| GPAI and governance | Obligations applied 2 Aug 2025; governance bodies required | Largely untouched; some reinforcement of AI Office powers discussed | Stable | Maintain model documentation and systemic-risk assessment if applicable. |
| National authority preparation | Member States required to designate authorities and penalties framework by 2 Aug 2025 | No major change to designation timeline | On track | Engage with your national competent authority via the AI Act Service Desk national resources page. |
Operational playbook for uncertain timing
Focus on work that delivers value under both current law and any likely amended version.
Do now (no-regret actions)
- Maintain an up-to-date AI system inventory with clear role mapping (provider vs deployer vs distributor).
- Deliver AI literacy training scaled to roles—already mandatory since February 2025.
- Build Article 50 transparency processes: clear disclosures for chatbots, deepfakes, and AI-generated content. Create reusable templates.
- Collect vendor evidence and model cards from GPAI providers. Non-EU providers should evaluate authorised representative needs under Article 54.
- Classify your systems against the current Annex III criteria and document the reasoning.
- Establish basic risk assessment and human oversight habits.
- Map existing policies (data governance, incident response, quality management) to AI Act concepts so they can be extended later.
Work that can safely wait for final wording
- Finalised conformity assessment dossiers and CE marking for high-risk systems (if dates move, much of this work may need updating).
- Highly detailed post-market monitoring plans that depend on final guidance.
- Full quality management system (QMS) certification efforts before harmonised standards are referenced in the Official Journal.
What to monitor
- Outcome of trilogue negotiations and final adopted text.
- Publication of harmonised standards by CEN/CENELEC and their referencing in the Official Journal.
- AI Office guidelines on high-risk classification, transparency, and FRIA templates (expected throughout 2026).
- National authority designation and sandbox availability in your operating countries.
What changes by role
| Role | Risk if you wait | Low-regret actions now | What to monitor |
|---|---|---|---|
| Provider (high-risk or GPAI) | Missing 2026 deadlines if dates hold; last-minute scramble | Inventory systems, document classification rationale, prepare technical documentation templates | Final high-risk application date and standardisation status |
| Deployer | Inability to perform oversight or FRIA when systems arrive | Build literacy programmes, create intake questionnaires for AI vendors, draft internal usage policies | Article 50 requirements and national authority guidance |
| Non-EU GPAI provider | Uncertainty on authorised representative and downstream obligations | Appoint EU representative where required; publish model documentation | Any changes to Article 54 or systemic risk rules |
| Publisher or chatbot deployer | Regulatory surprise on transparency labelling | Implement clear “AI-generated” disclosures and user information flows | Article 50 final compliance window |
| HR or recruitment buyer | Using non-compliant high-risk tools later | Assess current recruitment AI against Annex III; request supplier evidence | High-risk classification for employment tools and any sectoral interplay clarifications |
Real-world examples
- A startup heard rumours of postponement and delayed all Article 50 work. When customer contracts began requiring transparency commitments in Q1 2026, they had no reusable disclosure language and lost deal velocity.
- A non-EU GPAI provider postponed appointing an authorised representative, assuming the Omnibus would rewrite the entire GPAI chapter. The core GPAI obligations from August 2025 remained unchanged, creating compliance gaps with EU customers.
- A large deployer used the uncertainty period to build an internal AI evidence register and literacy matrix. When vendors asked for due-diligence information, they could respond quickly—work that remains valuable regardless of the final high-risk start date.
FAQ
Is the AI Act delayed already? No. The core regulation has not been amended. Current legal deadlines, including 2 August 2026 for most high-risk and transparency rules, still apply.
Should we wait for the Omnibus outcome? Only for the most technical high-risk conformity work. Foundational tasks (inventory, literacy, transparency processes, classification reasoning) deliver value today and under any plausible amended timeline. Waiting entirely creates unnecessary risk.
Can enforcement happen before the proposal is final? Yes. Prohibitions have been applicable since February 2025. National authorities are being designated. Market surveillance and enforcement infrastructure is being built on the current legal framework.
How should non-EU companies plan around uncertainty? Treat current law as the baseline. Non-EU providers of GPAI models should comply with obligations that already apply and prepare documentation that downstream EU deployers will request. Monitor the authorised representative requirements under Article 54 and maintain a watching brief on high-risk timeline changes.
Common mistakes
- Treating any single press release or institutional position as the new legal reality.
- Halting all AI governance work because “the law is changing.”
- Over-investing in detailed technical files for systems that may see delayed application or updated guidance.
- Failing to distinguish between provider and deployer obligations, especially for organisations that both build and use AI.
- Assuming Article 50 transparency obligations will be significantly postponed—they remain one of the more stable near-term requirements.
Action checklist
- [ ] Confirm your current AI systems inventory is up to date and roles are clearly assigned.
- [ ] Roll out role-appropriate AI literacy training (mandatory since 2025).
- [ ] Create and test Article 50 disclosure templates for chatbots, content generators, and deepfakes.
- [ ] Classify systems against current Annex III criteria and document the analysis.
- [ ] Request model documentation and compliance evidence from all GPAI vendors.
- [ ] Subscribe to official updates from the AI Act Service Desk and set a quarterly review cadence for negotiation outcomes.
- [ ] Identify your national competent authority and bookmark relevant sandbox or support programmes.
- [ ] Run a lightweight gap assessment against current (not proposed) obligations.
Stay ready regardless of final dates. Sign up for current-law monitoring updates and test your organisation’s evidence readiness with the Evidence Scanner. It generates concrete artefacts you can use with vendors, customers, and internal stakeholders today.
Further reading
- EU AI Act timeline for 2026 and beyond
- EU AI Act spring 2026 update: current law versus proposal
- Article 4 AI literacy: what you actually need to do
- Article 50 transparency obligations explained
Primary sources
- AI Act Service Desk Timeline and FAQ
- eur-lex.europa.eu/eli/reg/2024/1689/oj/eng (original Regulation)
- Digital Omnibus proposal and annexes (European Commission, November 2025)
- Council press release (13 March 2026)
- European Parliament position (26 March 2026)
- AI Office guidelines announcements (2025–2026)
This page reflects the official position as of 6 June 2026 and will be updated when final texts are adopted. We will update it promptly when new texts are adopted.
Turn this reading into an actionable report
Use the free scanner to map your likely role, detect likely obligations, and see which evidence is missing.