On 7 May 2026, the European Parliament and the Council of the EU reached political agreement on the Digital Omnibus on AI — a package of targeted amendments to Regulation (EU) 2024/1689 (the AI Act). The headline change: compliance obligations for high-risk AI systems under Annex III shift from 2 August 2026 to 2 December 2027. For IT teams already working toward the original deadline, this changes the timeline but not the destination.
What changed
The Omnibus introduces three deadline shifts:
- Annex III high-risk systems (biometrics, critical infrastructure, recruitment, employee evaluation, access to education): new deadline is 2 December 2027, moved from 2 August 2026.
- Annex I high-risk AI in regulated products (medical devices, machinery): shifted from 2 August 2027 to 2 August 2028.
- Transparency for AI-generated content (watermarking of images, audio, video): pushed back four months to 2 December 2026.
The agreement is political, not yet formally adopted. The Council and Parliament are expected to vote in June or July 2026. If the Omnibus is not enacted before 2 August 2026, the original deadlines remain in force.
What did not change
Several obligations remain unaffected:
- Prohibited AI practices (Article 5) — social scoring, manipulative systems, sensitive biometric categorisation — have been banned since 2 February 2025.
- AI literacy (Article 4) — organisations must ensure that staff working with AI systems have adequate knowledge and training. This obligation applies now.
- Transparency for interactive AI systems under Article 50 — the requirement to inform users that they are interacting with AI (chatbots, automated helpdesks) — remains tied to 2 August 2026.
For typical ITSM deployments — helpdesk chatbots, automated ticket categorisation, request routing — the transparency requirements still apply in August. The delay covers only high-risk systems under Annexes I and III.
Other changes in the Omnibus
Beyond timeline shifts, the deal includes substantive simplifications:
- Extended SME protections now cover small mid-cap companies, reducing the compliance burden for smaller organisations deploying AI.
- Eliminated regulatory overlap — machinery manufacturers using AI no longer face duplicative requirements under both the AI Act and the Machinery Regulation.
- A new EU-wide regulatory sandbox allows companies to test AI systems across the entire Union, rather than being limited to national sandboxes.
What to do now
The delay is not a reason to pause. Organisations that have not started preparing should:
- Complete an AI systems inventory and risk classification — without this, it is impossible to determine which deadlines apply to your organisation.
- Implement transparency labelling on all chatbots and automated AI responses — the 2 August 2026 deadline for this has not moved.
- Verify that AI-generated content (images, video, audio) carries machine-readable markers — the new deadline for this is 2 December 2026.
- Begin documentation, risk management frameworks, and conformity assessment preparation for high-risk systems — sixteen months to meet Annex III requirements is not generous.
The 7 May 2026 agreement gives organisations more time for the most demanding obligations. But transparency, AI literacy, and the ban on prohibited practices remain in force without exception. If preparation has not started, the right time is now — not December 2027.