Advisory Note: As the EU AI Act’s revised timeline takes shape, organizations must prepare for near-term obligations that remain on track while planning for delayed high-risk AI requirements. HaystackID’s AI governance, information governance, privacy, cybersecurity, and cyber discovery professionals help organizations assess AI risks, strengthen governance frameworks, and build defensible compliance programs that support regulatory readiness, operational efficiency, and legal defensibility.
The Council of the EU gave final approval on June 29 to the rewrite of Europe’s Artificial Intelligence Act, confirming delayed high-risk deadlines that now await publication in the Official Journal to take effect.
That vote clears the last political hurdle for the digital omnibus. It also sets up a tight sequence: the amendment must still enter into force even as the AI Act’s broader Aug. 2, 2026, application date approaches, including the AI Office’s full enforcement role.
The package, the seventh simplification bundle the European Commission proposed on Nov. 19, 2025, cleared Parliament on June 16 by a vote of 423 to 57, with 174 abstentions. At that stage it still needed the Council’s sign-off to become law, as reported. The Council supplied it on June 29. The amended regulation takes effect three days after publication in the EU’s Official Journal, expected within weeks.
What the package confirms
The delay that had been provisional is now confirmed, awaiting only publication in the Official Journal to enter into force. Standalone high-risk systems under Annex III, covering uses such as hiring, credit scoring, biometric identification, and education, face a compliance date of Dec. 2, 2027. High-risk AI embedded as a safety component in regulated products under Annex I, from medical devices to industrial machinery, has until Aug. 2, 2028. Machine-readable watermarking obligations for AI-generated content systems placed on the market before Aug. 2, 2026, shift to Dec. 2, 2026, after the Council cut the grace period from six months to three, though the broader Article 50 transparency duties still begin Aug. 2, 2026. The ban on nonconsensual nudification tools and AI-generated child sexual abuse material carries that same Dec. 2, 2026, compliance date.
Michael McNamara, a Renew lawmaker from Ireland and co-rapporteur on the file, said the nudification ban targets tools that “impact real people, overwhelmingly women, with the purpose of humiliating, degrading and objectifying them,” and would “enter into force before the end of this year.”
The August collision
Final political approval sharpens a wrinkle. Even with high-risk relief now confirmed, most of the AI Act still applies from Aug. 2, 2026. That date brings the AI Office, the Commission’s enforcement arm, into its full enforcement role, with authority to demand information, order changes, and levy fines. So the broader application date lands with the amendment still moving toward entry into force, bringing that enforcement role to bear on the obligations the omnibus left largely on track, including the existing prohibited-practices regime, Article 50 transparency duties, and general-purpose AI oversight. The omnibus routes enforcement of certain general-purpose systems through the AI Office to centralize that work.
General-purpose AI, already on the clock
For the general-purpose AI models behind chatbots and image generators, obligations have applied since Aug. 2, 2025, backed by a General-Purpose AI Code of Practice approved a day earlier and Commission guidance on which providers fall in scope. Models placed on the market before that date have until Aug. 2, 2027, to conform. None of that moved in the omnibus. Providers who expected the simplification package to loosen general-purpose rules did not get their wish.
What the rewrite still trims
Beyond deadlines, the adopted text narrows the Act in ways that survived to final approval. Machinery products with AI functions answer to sector-specific safety rules rather than duplicate AI Act requirements. A tightened definition of safety component means AI that only assists users or optimizes performance avoids automatic high-risk status when a malfunction poses no health or safety risk. Developers may process personal data where strictly necessary to detect and correct bias, with safeguards. Existing small-business exemptions extend to small mid-cap enterprises. The Council also postponed the deadline for national AI regulatory sandboxes to Aug. 2, 2027. Co-rapporteur Arba Kokalari of Sweden cast the simplification as a way to keep technology companies building and staying in Europe, a competitiveness argument that ran through the debate.
What practitioners should do next
For compliance, privacy, and information governance teams, final adoption converts planning assumptions into fixed dates. Map which AI uses fall under Annex III versus Annex I to know whether the 2027 or 2028 clock applies. Confirm whether any deployed or purchased tool touches the new nudification prohibition, which arrives first. And prepare for the AI Act’s broader Aug. 2, 2026, application date, including the AI Office’s full enforcement role, which reaches the obligations the omnibus left largely on track. The extended high-risk timeline gives organizations room to finish conformity, documentation, and human-oversight work, provided they treat the confirmed dates as deadlines and not distant suggestions.
With the rewrite now settled, the uncertainty shifts from what the rules say to how fast Europe will enforce the parts it kept. Is your AI compliance program built for the deadlines that moved, or the ones that did not?
News sources
- Parliament hits pause on high-risk AI rules and bans nudifier apps (Newsline by HaystackID)
- AI Act: EP approves simplification measures and “nudifier” app ban (European Parliament)
- Artificial Intelligence: Council gives final green light to simplify and streamline rules (Council of the EU)
- EU AI Act Omnibus Agreement: Postponed High-Risk Deadlines and Other Key Changes (Gibson Dunn)
- EU’s General-Purpose AI Obligations Are Now in Force, With New Guidance (Skadden)
- Implementation Timeline (EU Artificial Intelligence Act)
Assisted by GAI and LLM Technologies
Source: HaystackID published with permission from ComplexDiscovery OÜ




