The EU AI Act’s long revision process is now complete. On June 29, 2026, the Council of the European Union formally adopted the AI Act simplification package, giving it final legal force. The European Parliament had already endorsed the text on June 16. Together, those two votes close the legislative loop that began back in early 2026 when it became clear the original August 2, 2026 high-risk compliance deadline was impossible for most businesses to hit.
Publication in the Official Journal of the European Union is expected within days. The regulation enters into force three days after that. For any organisation using AI in markets that touch EU consumers or employees, the clock on a new, more achievable set of deadlines has now officially started.
What the New Deadlines Actually Are
The law as formally adopted sets two core dates for high-risk AI compliance:
- December 2, 2027 — for standalone high-risk AI systems (software that is itself the AI product, such as CV screening tools, credit scoring systems, or AI used for employee management)
- August 2, 2028 — for high-risk AI embedded in physical products regulated under existing EU product safety laws (medical devices, industrial machinery, vehicles)
For most businesses, the December 2, 2027 date is the one to track. That gives you roughly 18 months from today. It sounds generous, but the compliance requirements under Articles 9 through 17 of the AI Act are substantive. Risk management systems, technical documentation, transparency obligations, and human oversight measures all need to be in place by that date, not initiated by it.
The New Content Ban Worth Noting
The simplification package added a provision that was not in the original Act: a prohibition on AI systems that generate non-consensual intimate images of real people, or that digitally remove clothing from existing images to reveal intimate parts. This ban applies from December 2026 — far earlier than the high-risk deadlines. Any AI product that touches image generation or editing needs a review against this provision now.
Why This Moment Matters
Previous reporting covered the political milestones: the trilogue agreement in April, the second streamlining deal in May. But a political agreement is not law. Today’s formal adoption is. The regulation will be published. The deadlines are real. The fines for non-compliance with high-risk AI rules — up to 15 million euros or 3 percent of global annual turnover, whichever is higher — now have a fixed enforcement date behind them.
For businesses that have been treating EU AI compliance as “something to revisit when it’s final,” it is now final.
What This Means for Business
The 18-month runway is real, but it narrows faster than it looks. Here is what organisations using AI in EU-exposed contexts should do in the next 90 days:
Complete your AI inventory. You cannot comply with rules you have not mapped. Every AI system touching EU employees, customers, or decision-making should be documented. Capture the system’s purpose, what data it processes, and what decisions it influences.
Run a risk classification pass. Annex III of the EU AI Act lists the high-risk categories. Employment, education, credit, essential services, law enforcement, and biometrics are all on that list. If your system touches those areas, it is likely in scope. If you are unsure, assume yes and work backward from there.
Do not wait for the interim period to pass. The EU AI Act does not have a phased grace period the way GDPR did. December 2, 2027 is not a soft launch. Regulators in member states are building enforcement capacity now, and some will move quickly once the date arrives.
Check the content generation ban for December 2026. If you build or deploy any AI image generation or editing tool, review whether it could be used to generate or manipulate intimate imagery. This ban is active far earlier than the high-risk deadlines and carries full enforcement weight.
The EU AI Act has been in preparation since 2021. That long lead-up means regulators have had time to develop clear expectations. The June 29 adoption is not a starting pistol — it is a closing bell on the “not yet official” arguments. For businesses operating in Europe, the policy response that was optional last week is mandatory work now.
If you want the playbook other teams are using with Claude and Codex right now, grab the free Working With Claude field guide. Download it here.