The Delay, Confirmed
The EU's long-anticipated retreat from its own AI Act timeline is now law. The European Parliament approved the Digital Omnibus on AI on June 16, 2026, by a vote of 423 in favour, 57 against, and 174 abstentions, and the Council of the EU gave its final sign-off on June 29, with the final act signed July 8. The core change: obligations for high-risk AI systems under Annex III—the rules governing AI used in hiring, credit scoring, education, migration, and law enforcement—move from August 2, 2026 to December 2, 2027. High-risk AI embedded in regulated products under Annex I, such as medical devices or machinery, gets until August 2, 2028, a year later than its original August 2027 date (Gibson Dunn).
Not everything moved. Article 50's transparency rules—telling users they're talking to a chatbot, labelling AI-generated content—stay on the original August 2, 2026 schedule, with only a short grace period on watermarking specifically, extending to December 2, 2026. The Omnibus also adds a new prohibition to Article 5 banning AI systems that generate non-consensual intimate imagery or CSAM, the so-called "nudifier" ban, with its own transitional window to December 2026 (European Parliament EPRS briefing).
Steelman: Why This Looks Like a Retreat
The case against the delay isn't frivolous. The high-risk chapter is where the AI Act does its heaviest lifting on fundamental rights—conformity assessments, human oversight, bias testing for systems that decide who gets a loan, a job interview, or a residence permit. European Digital Rights (EDRi) has argued throughout the Omnibus process that provisions meant to give people recourse against harmful automated decisions are being hollowed out, warning that stripped-back transparency and registration requirements risk turning parts of the AI Act into a system of self-certification rather than independent oversight (EDRi). There's a procedural complaint layered on top: an omnibus bill amending a landmark regulation less than two years after it entered into force, without the impact assessment and consultation that ordinary co-decision would require, is a bad precedent regardless of the merits of any single change. Both objections deserve to be taken seriously, not waved away as reflexive opposition to deregulation.
Why the Delay Is the Right Call Anyway
But the steelman assumes the original deadline was a real deadline—one that industry was simply failing to meet. It wasn't. The harmonised technical standards that let a company demonstrate conformity with Annex III obligations were, as of the Council's vote, still not delivered. CCIA Europe—an industry group that has been openly critical of the AI Act's costs—called the postponement "the bare minimum," not a gift, precisely because those standards remain missing and guidance from the AI Office is still pending. CCIA's own complaint wasn't that the delay went too far; it's that negotiators refused to also grant a 12-month grace period for Article 50 labelling, meaning companies get almost no runway to comply with the one deadline Brussels did keep (CCIA).
That is the tell. A compliance regime that requires certifying against standards nobody has published yet isn't rigorous—it's unenforceable and arbitrary, leaving national market-surveillance authorities to invent ad hoc benchmarks or simply not enforce at all. Pushing the start date to when the standards infrastructure might actually exist doesn't weaken the regulation; it's what has to happen before the regulation can function as designed. The alternative—forcing an August 2026 go-live against unfinished rulebooks—would have produced exactly the kind of arbitrary, inconsistent enforcement that erodes legal certainty and public trust in regulation, the very outcome civil-society critics say they want to avoid.
The Selective Nature of the Delay Matters
What the Commission and Parliament chose to not delay undercuts the narrative of wholesale retreat. Article 50's disclosure obligations proceed on schedule. The nudifier and CSAM prohibition, the most rights-protective addition in the entire package, is new law, not a rollback. If this were pure capitulation to industry lobbying, the transparency rules—the cheapest for companies to comply with and the easiest to defer—would have been the first thing traded away. They weren't.
The Actual Lesson
The legitimate grievance here isn't the 16-month delay—it's that the EU set a statutory deadline for a compliance regime it hadn't finished building the plumbing for, and needed an emergency omnibus to fix its own scheduling error. The fix for that isn't fewer delays; it's a standards pipeline that runs ahead of the legislative clock next time, so implementation dates mean what they say. Until CEN-CENELEC delivers the underlying harmonised standards, any fixed date for high-risk obligations is a promise Brussels cannot keep—better to say so now, in daylight, than to let the August 2026 deadline lapse quietly into non-enforcement.