EU AI Act deadlines may move — but your compliance work should not pause

Last updated: 28 April 2026.

If you’re an EU startup or SME preparing for the 2 August 2026 wave of EU AI Act obligations, you may have seen headlines claiming the timeline will be delayed via an “AI/Digital Omnibus” package.

Here’s the practical truth:

• Yes: there is credible political momentum for shifting some high‑risk timelines.
• No: you should not stop building your AI systems inventory, classifying systems, and preparing documentation.
• Your safest stance until the law changes: plan for 2 August 2026 and treat any delay as extra buffer.

This post is a short “signal → action” update. For the full baseline schedule, see our EU AI Act timeline guide.

What happened (in plain language)

In April 2026, multiple legal and compliance briefings reported that EU lawmakers are negotiating an “Omnibus” package that may amend application dates for parts of the AI Act—especially for stand‑alone high‑risk systems listed in Annex III.

Two common postponement dates being discussed:

• Annex III high‑risk (stand‑alone): from 2 Aug 2026 to 2 Dec 2027
• Annex I high‑risk (embedded in regulated products): to 2 Aug 2028

These are not the dates you should bet your compliance program on until the amendment is final and published.

What changes (if the Omnibus is adopted)

If the Omnibus is adopted in time and the new dates become binding, the biggest change for many SMEs is timeline pressure, not the nature of the work:

• You might get more time for Annex III high‑risk obligations.
• You will still need the same core building blocks: inventory, classification, governance, documentation, logging, oversight, incident processes, vendor controls.

What does NOT change

Even if timelines move, these are still the right “Week 1” moves:

1. Inventory every AI system you build or use (including third‑party tools and “shadow AI”).
2. Classify each system (prohibited / high‑risk / limited / minimal).
3. Clarify your role (provider vs deployer) — it determines your duties.
4. Start building evidence (policies, logs, training, templates) that you can show to customers and investors.

If you do nothing else today: run the free assessment and generate a baseline pack:

• Run the AI Act assessment
• Use the output to drive your 2026 compliance checklist

What SMEs should do this week (7 actions)

1. Keep “Aug 2026” as your internal planning baseline until the Official Journal / EUR‑Lex confirms a change.
2. Add one sentence to your stakeholder messaging (investors, customers, procurement):
   “We plan for 2 Aug 2026 until EUR‑Lex says otherwise; any postponement is buffer, not a reason to delay governance.”
3. Finish the AI systems inventory (names, purpose, data, users, vendor, role).
4. Do initial classification (especially Annex III candidates) and document the reasoning.
5. Implement a “vendor AI tool” gate (approved tools list + data rules + OAuth permissions review).
6. Start an evidence folder (even if drafts): policies, training notes, logs, DPIA/FRIA triggers, incident playbook.
7. Schedule a 30‑minute monthly review to update your plan when the legislative text becomes final.

What NOT to do

• Don’t “wait for certainty.” You’ll lose months that you could have used to build reusable governance.
• Don’t treat postponement rumors as compliance advice. Until the text is adopted and published, the original dates remain the safest operating assumption.

Is 2 August 2026 still the EU AI Act deadline?

For planning purposes, yes. There are active negotiations that may amend some application dates, but you should treat 2 Aug 2026 as the baseline until the final amending text is adopted and published.

Should we pause our AI Act compliance work until the dates are confirmed?

No. Inventory, classification, role mapping, vendor controls, logging, and documentation are reusable governance work. If deadlines move, you get buffer—not a free pass.

What is the safest “one sentence” to tell investors or customers?

“We plan for 2 Aug 2026 until EUR‑Lex says otherwise; if timelines move, we’ll use the buffer to refine documentation and controls.”

What should we do first if we have zero compliance program today?

Start with an AI systems inventory (including third‑party tools) and an initial risk classification. If you want a fast baseline, run the free AI Act assessment and use the output to drive the 2026 checklist.

Sources (April 2026)

• Ropes & Gray: AI Omnibus negotiations and expected timelines
  https://www.ropesgray.com/en/insights/viewpoints/102mquz/ai-omnibus-trilogue-underwaywhat-to-expect-as-negotiations-progress
• OneTrust: summary of proposed fixed application dates and governance changes
  https://www.onetrust.com/blog/how-the-eu-digital-omnibus-reshapes-ai-act-timelines-and-governance-in-2026/

Next step (fast)

If you want a concrete starting point in under 10 minutes:

1. Run the free AI Act assessment
2. Export your baseline outputs
3. Use them as the to‑do list for the AI Act compliance checklist for 2026