Home/Blog/Digital Omnibus Deadline
REGULATORY UPDATEApril 8, 2026

EU AI Act Deadline: August 2026 or December 2027?
What the Digital Omnibus Means for Your Compliance Timeline

The EU Digital Omnibus on AI proposes pushing the high-risk AI system deadline from August 2, 2026 to December 2, 2027. Both the European Parliament and Council support this extension. Trilogue negotiations are underway with a target deal by April 28, 2026. But until it passes, the original deadline is still legally binding. Here is what changed, what has not, and what you should be doing right now.

TL;DR

The Digital Omnibus proposes moving the Annex III high-risk deadline to December 2, 2027.

AI systems embedded in regulated products (medical devices, machinery) would get until August 2, 2028.

Parliament voted 569-45 in favor. Trilogue talks are targeting a deal by April 28, 2026.

The Omnibus is not law yet. The August 2, 2026 deadline is still legally binding.

Compliance work is identical regardless of timeline. Starting now gives you breathing room. Waiting is a gamble.

What is the Digital Omnibus?

On November 19, 2025, the European Commission published the Digital Omnibus on AI — a legislative package proposing targeted amendments to the EU AI Act. The name comes from the Latin omnibus, meaning "for all," signaling a cross-cutting review of multiple digital regulations simultaneously.

The Omnibus is not a rewrite of the AI Act. The Commission has explicitly rejected characterizations of it as deregulation, calling it a "structural recalibration." The core framework — risk classification, prohibited practices, high-risk requirements, enforcement penalties — remains intact.

What it does change is the timeline and some procedural requirements around how organizations demonstrate compliance.

Why the extension?

The compliance infrastructure needed to support the AI Act was not ready on schedule. Harmonized standards for high-risk requirements have been delayed. At least 12 EU member states missed the deadline to designate national competent authorities. 19 had not appointed single points of contact. Key guidance documents from the Commission — including practical guidance on high-risk classification under Article 6 — arrived late or remain pending.

In short, the EU was about to enforce a law that many member states were not yet equipped to supervise, against standards that had not been published, with guidance that had not been finalized. The Omnibus addresses this by tying the enforcement date to actual readiness rather than a fixed calendar date.

The proposed new deadlines

CategoryOriginalProposed
Annex III standalone high-risk AI systemsAug 2, 2026Dec 2, 2027
AI systems embedded in regulated productsAug 2, 2027Aug 2, 2028
Synthetic content watermarking (Art. 50)Aug 2, 2026Nov 2, 2026
GPAI model obligationsAug 2, 2025No change
Prohibited practicesFeb 2, 2025No change

Source: Council position (March 13, 2026), Parliament position (March 26, 2026). Both institutions are aligned on these dates.

Where things stand today

The legislative process has moved fast. The Council agreed its negotiating position on March 13, 2026. The European Parliament's IMCO and LIBE committees adopted their joint position on March 18, and the full Parliament confirmed it on March 26 with a 569-45 vote.

Trilogue negotiations between the Parliament, Council, and Commission began immediately — the same day as the Parliament vote. The Cypriot Presidency has stated its ambition to reach a political agreement by April or May 2026. The current schedule targets a deal at the second trilogue session on April 28, 2026.

The Parliament and Council positions are closely aligned on the deadline extension. The main areas of negotiation involve the scope of the AI Office's supervisory powers, the treatment of AI literacy obligations, and whether the SME documentation carve-out survives in its current form.

What else changes

New prohibited practice: non-consensual deepfakes

Both co-legislators propose banning AI systems capable of generating realistic sexually explicit images or videos of identifiable individuals without consent. This would be added to Article 5 of the AI Act.

SME simplified documentation

Organizations with fewer than 750 employees and under €150M annual turnover may qualify for simplified Annex IV technical documentation. This carve-out must survive trilogue to take effect.

AI literacy obligations

The Commission and Council propose making AI literacy a framework led by institutions rather than a binding obligation on providers. Parliament wants to keep it mandatory but lower the threshold. This is a live negotiation point.

AI Office exclusive competence

The AI Office would become exclusively competent for AI systems based on GPAI models from the same provider, and for AI systems integrated into very large online platforms or search engines under the DSA. National authorities would retain responsibility in areas like law enforcement and financial institutions.

Three scenarios for your compliance timeline

Scenario 1: Omnibus passes before August 2

Deadline moves to December 2, 2027. You have 16 additional months. If you started compliance work now, you are ahead of the market. Most competitors will not begin until Q1 2027.

Scenario 2: Trilogue stalls or is delayed

The Parliament and Council have different positions on AI Office scope, SME carve-outs, and AI literacy. If talks stall past June, no Omnibus deal is in place before August 2. The original deadline applies. Organizations that paused compliance work have a problem.

Scenario 3: Omnibus passes but SME carve-out is narrowed

The Parliament's position on SME documentation relief is less generous than the Council's. The final text could limit or condition the carve-out in ways that exclude your organization. Full Annex IV documentation would still be required.

In all three scenarios, the compliance work is identical. What changes is whether you do it with breathing room or under deadline pressure.

What you should be doing right now

Regardless of how the Omnibus lands, the following should be completed or underway:

01
AI system inventory. Catalogue every AI system your organization deploys, with ownership and use-case documented.
02
Risk classification. Assess each system against Annex III high-risk categories. Document the classification rationale.
03
Gap analysis. Audit your existing documentation against Articles 9-17. Identify what you have, what is partial, and what is missing.
04
Start Annex IV documentation. Even if you expect the deadline extension, drafting technical documentation reveals gaps that take months to fix.
05
Article 50 transparency. Customer-facing chatbots must identify themselves as AI. Any AI-generated content must be marked in machine-readable format. This deadline is not moving significantly.

Find your compliance gaps before the deadline finds you

Upload your existing AI documentation and get a gap report against Articles 9-17 in under 5 minutes. Free during beta.

Start your free compliance audit

Related

EU AI Act Compliance Guide — Articles 9-17 →

Article-by-article breakdown of 68+ requirements for high-risk AI systems.

How AI Attest works →

Gap analysis, guided templates, cascade invalidation, and cryptographic audit trails.

FAQ — Common compliance questions →

Deadlines, classification, costs, and how AI Attest compares to consultants.

See where your AI system stands

Upload your documentation and get a gap report in minutes. Free during beta.

Start your free audit