TL;DR: EU AI Act updates
- The Digital Omnibus changes parts of the EU AI Act timeline, but it does not replace the law or remove its risk-based structure.
- Article 50 transparency obligations still apply from 2 August 2026 for many AI systems interacting with EU users.
- High-risk AI system deadlines moved to 2027 and 2028 because conformity assessment infrastructure was not ready.
- Organizations should continue classification, documentation, and monitoring work instead of treating the delay as a pause.
- Scytale’s AI GRC platform helps teams map EU AI Act requirements to evidence collection and continuous monitoring across compliance programs.
The EU AI Act is entering one of its most important implementation phases, with new obligations taking effect over the next two years. But recent updates to the legislation have left many organizations unsure which deadlines have changed, which requirements still apply, and what action they need to take now.
Much of the recent EU AI Act implementation news and broader AI regulation news in Europe has centered on the Digital Omnibus, which adjusts parts of the AI Act’s implementation timeline while leaving many of its core obligations untouched. For businesses developing, deploying, or using AI systems, keeping up with these AI regulation updates is essential to avoid missed deadlines, unnecessary delays, and costly compliance mistakes.
In this article, we’ll explore what the 2026 Digital Omnibus changed, which EU AI Act deadlines remain in place, the new rules organizations should be aware of, and the practical steps to prepare for EU AI Act compliance.
What changed in 2026: the Digital Omnibus explained
One of the biggest EU AI Act news updates in 2026 came on 29 June, when the Council of the EU gave final approval to the Digital Omnibus on AI. The package was first proposed by the European Commission on 19 November 2025, with negotiators reaching a provisional agreement on 7 May 2026. Formal publication in the Official Journal of the European Union is expected before 2 August 2026, at which point the amendments will become legally binding.
The Digital Omnibus does not replace the EU AI Act or remove its core requirements. Instead, it updates specific parts of the existing legislation while keeping its risk-based framework intact. AI systems are still categorized as prohibited, high-risk, transparency-risk, or lower-risk, with obligations continuing to depend on the level of risk each system presents.
The confusion comes from assuming the entire AI Act has been delayed. It hasn’t. Some implementation deadlines have shifted, while others remain exactly as planned. Understanding which obligations changed, which stayed the same, and when the amendments officially take effect is essential for organizations planning their AI compliance roadmap.
Streamline GRC workflows with no blind spots.
The deadline that didn’t move: August 2, 2026 transparency rules
Despite the changes introduced by the Digital Omnibus, the AI Act’s transparency obligations under Article 50 still take effect on 2 August 2026. This remains one of the first major compliance milestones organizations need to prepare for. While some implementation timelines have shifted, the Digital Omnibus leaves these transparency requirements unchanged.
Article 50 is designed to ensure people know when they are interacting with AI or consuming AI-generated content. Organizations deploying chatbots or virtual assistants must clearly inform users they are interacting with an AI system. Deepfakes and AI-generated images, audio, and video must be labeled accordingly, and AI-generated text published to inform the public on matters of public interest must also disclose that it was generated or substantially produced by AI.
There is one limited exception. Under Article 50(2), providers of AI systems placed on the market before 2 August 2026 have until 2 December 2026 to comply with the machine-readable watermarking requirement. This grace period applies only to watermarking. The broader transparency obligations, including notifying users when they are interacting with AI and labeling AI-generated content, remain effective from 2 August 2026. Any organization deploying chatbots, GPAI-powered content tools, or synthetic media that reaches users in the European Union should review where Article 50 applies and ensure these disclosure requirements are in place before the deadline.
The deadlines that did: High-risk AI systems pushed to 2027 and 2028
While the Digital Omnibus leaves the AI Act’s transparency rules untouched, it does delay the compliance deadlines for high-risk AI systems. Stand-alone high-risk AI systems under Annex III now have until 2 December 2027, instead of 2 August 2026, to comply. AI systems that function as a safety component in Annex I regulated products, including medical devices, machinery, and vehicles, now have until 2 August 2028, rather than 2 August 2027. The Annex III extension affects AI used in areas such as recruitment, credit scoring, education, law enforcement, migration, and border control.
The deadlines were extended because the supporting compliance infrastructure was not ready. Many notified bodies responsible for conformity assessments had not yet been designated, and the harmonized technical standards organizations rely on to demonstrate compliance were still being finalized. The delay gives regulators and businesses more time to prepare without changing the AI Act’s requirements.
The obligations themselves remain unchanged. Organizations developing or deploying high-risk AI systems must continue implementing risk management, data governance, technical documentation, human oversight, conformity assessments, CE marking where required, and EU AI database registration. They should also continue classifying systems according to the EU AI Act risk categories, even though some deadlines have moved.
The Omnibus also gives EU member states an additional year to establish AI regulatory sandboxes, moving that deadline from 2 August 2026 to 2 August 2027.
Updated EU AI Act compliance deadlines
| Deadline | Previous date | New date | Change |
| Article 50 transparency obligations | 2 Aug 2026 | 2 Aug 2026 | No change |
| Article 50(2) machine-readable watermarking for systems placed on the market before 2 Aug 2026 | 2 Aug 2026 | 2 Dec 2026 | Four-month grace period |
| Annex III stand-alone high-risk AI systems | 2 Aug 2026 | 2 Dec 2027 | Deadline extended |
| Annex I safety-component AI in regulated products | 2 Aug 2027 | 2 Aug 2028 | Deadline extended |
| AI regulatory sandboxes | 2 Aug 2026 | 2 Aug 2027 | Deadline extended |
AI-native GRC for how teams work today.
New rules you might have missed
While most of the attention has focused on deadline changes, the Digital Omnibus also introduces several important updates affecting prohibited AI uses, workforce expectations, and regulatory enforcement.
New Article 5 prohibition
The Omnibus introduces a new prohibition on AI systems that generate or manipulate non-consensual intimate imagery (“nudifiers”) or child sexual abuse material (CSAM). The ban applies broadly, including to systems where this type of misuse is a reasonably foreseeable outcome of normal operation, with a transitional period running until 2 December 2026.
A softer AI literacy requirement
Article 4 has applied since 2 February 2025, but the Omnibus relaxes its wording. Rather than requiring organizations to ensure staff are AI literate, they must now support the development of AI literacy through appropriate training and awareness measures.
Stronger enforcement powers for the EU AI office
The Omnibus expands the EU AI Office’s enforcement powers by granting it investigation and on-site inspection authority. It also clarifies the Office’s supervisory role over general-purpose AI (GPAI) models, very large online platforms (VLOPs), and very large online search engines (VLOSEs), adding to recent European Commission AI Office news.
Always-on GRC. Built for modern teams.
What this means for your organization right now
Organizations following recent EU AI Act enforcement news shouldn’t treat the Digital Omnibus as a reason to slow down. Although some deadlines have shifted, compliance efforts should continue. The EU AI Act’s enforcement framework remains unchanged, with penalties of up to €35 million or 7% of global annual turnover. To prepare for the upcoming requirements, your organization should focus on these three priorities:
1. Confirm whether Article 50 applies
Review every AI-powered product, chatbot, customer support tool, content workflow, and synthetic media use case that reaches EU users. If your organization falls within Article 50, the transparency requirements still take effect on 2 August 2026, regardless of the Digital Omnibus.
2. Keep high-risk AI compliance moving
Don’t stop classifying high-risk AI systems or building your EU AI Act compliance program just because some deadlines have moved to 2027 or 2028. Risk management, technical documentation, human oversight, and conformity assessment preparation all take time, and delaying this work will only compress your implementation timeline later.
3. Watch for formal publication
The updated deadlines are not legally binding until the Digital Omnibus is formally published in the Official Journal of the European Union. Legal, product, and compliance teams should monitor publication closely and align on a single source of truth for implementation dates.
How Scytale simplifies EU AI Act compliance
As organizations adopt more AI in compliance and governance processes, Scytale helps map EU AI Act requirements to automated evidence collection and continuous monitoring. The same platform supports 80+ frameworks, including SOC 2, ISO 27001, GDPR, and SOX ITGC. Teams can manage multiple compliance programs from a single platform without rebuilding controls or duplicating work. Backed by dedicated GRC experts, organizations receive guidance throughout their compliance journey.
Scytale tracks regulatory updates like the Digital Omnibus and automatically updates control mappings as regulations evolve, helping your team stay compliant without manually tracking legislative changes. Whether you’re preparing for the August 2026 transparency requirements or future AI obligations, Scytale helps turn EU AI Act requirements into everyday compliance workflows.
FAQs about EU AI Act updates
What is the effective date of the EU AI Act?
The EU AI Act has multiple implementation dates rather than a single effective date. Some provisions already apply, and Article 50 transparency obligations still apply from 2 August 2026, while several high-risk system deadlines now move later under the Digital Omnibus.
What is the current status of the EU AI Act?
The Act remains in force, and the 2026 Digital Omnibus updates parts of its implementation timeline. The Council of the EU gave final approval on 29 June 2026, and the amendments take legal effect once the EU publishes them in the Official Journal.
Is the EU AI Act mandatory?
Yes, the EU AI Act is mandatory for organizations whose AI systems fall within its scope. If your products or services affect EU users, you need to assess whether transparency, prohibited-use, or high-risk obligations apply and prepare evidence accordingly.
What is banned under the EU AI Act?
The EU AI Act bans several unacceptable AI practices, and the 2026 amendments add a new prohibition on systems generating or manipulating non-consensual intimate imagery and CSAM. Scytale’s AI GRC platform helps teams map prohibited-use checks into broader AI governance workflows before deployment decisions move forward.
What are the penalties for EU AI Act non-compliance in 2026?
EU AI Act penalties remain significant in 2026, reaching up to €35 million or 7% of global annual turnover, whichever is higher. Some EU member states also impose additional penalties under national laws. Leading AI GRC platforms like Scytale help organizations stay audit-ready with automated evidence collection, continuous monitoring, and centralized compliance records.
