Enterprise DNA

Omni by Enterprise DNA

Enterprise DNA Resources

Latest AI and industry news. Practical AI operating-system thinking for owners, operators, and teams doing real work.

220k+

Data professionals

Omni

AI agents and apps

Audit

Map the manual work

News Trending Regulation

EU Parliament Votes to Delay High-Risk AI Rules to 2027

The EU Parliament approved fixed new deadlines for high-risk AI compliance: December 2027 for standalone systems, August 2028 for embedded products.

Enterprise DNA | | via EU Council
EU Parliament Votes to Delay High-Risk AI Rules to 2027

If your business builds or deploys AI systems in Europe, the calendar just shifted. On March 26, 2026, the European Parliament voted to approve changes to the EU AI Act, setting fixed new deadlines for high-risk AI compliance and opening formal trilogue negotiations with the Council and Commission.

The headline number: businesses now have until December 2, 2027 to comply with high-risk AI rules for standalone systems, and August 2, 2028 for AI embedded in regulated products. The original timeline would have required compliance significantly earlier.

This is not a reprieve. It is a reframe.

What Changed

The EU AI Act’s high-risk provisions were always the most demanding part of the regulation. They require conformity assessments, documentation, human oversight mechanisms, and registration in an EU-wide database. The problem was that the standards bodies tasked with writing the technical specifications needed to meet those requirements missed their deadlines — aiming for end of 2026 at the earliest.

Rather than leave businesses chasing a moving target, the Council and Parliament opted for fixed dates. The old model of “rules apply once standards are ready” created legal uncertainty. Fixed dates create predictability, which businesses and their legal teams can actually plan around.

The changes come packaged in the EU’s “Omnibus VII” simplification legislation, which is designed to reduce compliance burdens across multiple digital laws simultaneously.

Key amendments in the final text:

  • Fixed compliance dates replace the conditions-based approach. Standalone high-risk AI systems must comply by December 2, 2027. AI embedded in regulated products (medical devices, machinery, vehicles) has until August 2, 2028.
  • SME exemptions extended to small mid-cap companies, not just micro and small enterprises.
  • New prohibition added on AI systems that generate non-consensual sexual or intimate imagery, and child sexual abuse material. This fills a gap in the original Act.
  • Database registration reinstated — providers must register AI systems in the EU database even when they believe their system is exempt from high-risk classification.
  • AI regulatory sandboxes postponed until December 2, 2027, giving national authorities more time to establish them.

The Trilogue Phase Begins

The Parliament’s vote on March 26 formally opens trilogue — the three-way negotiation between Parliament, Council, and Commission that will produce the final agreed text. A final vote is targeted for around July 2026, with the amended rules then proceeding through standard publication and entry-into-force processes.

What this means practically: the December 2027 and August 2028 dates could still shift slightly during trilogue, though both Parliament and Council are aligned on the fixed-date approach. The risk of significant reversal is low.

What This Means for Business

If you are operating entirely outside the EU, these rules may still apply to you. The AI Act has extraterritorial reach — if your AI system’s output is used in the EU, even by a third party, you can fall within scope.

If you are building AI products for European customers, the new dates give you more runway but do not change what you need to build. Conformity assessment, human oversight, technical documentation, and risk management systems are still required. Starting those processes now means you arrive at December 2027 with evidence of compliance, not a last-minute scramble.

If you are deploying AI internally in areas covered by the high-risk provisions — HR and recruitment, education, credit scoring, critical infrastructure, law enforcement — you need to understand where your systems fall on the risk classification spectrum. The exemption-registration requirement for self-assessed non-high-risk systems is a new obligation that many teams have not accounted for.

If you are an AI vendor selling into European enterprise accounts, your buyers are going to start asking harder questions about EU AI Act compliance documentation in 2026 and 2027. Having clear answers before they ask is a competitive advantage.

The direction of travel has not changed. The EU is building one of the world’s most comprehensive AI regulatory frameworks, and it will eventually be enforced. The delay is pragmatic — standards were not ready, regulators needed more time to stand up national infrastructure — but it does not signal any softening of intent.

The Broader Compliance Picture

Globally, the regulatory environment for AI is fragmenting in interesting ways. The US pushed a federal framework in March 2026 that would preempt state-level AI laws and avoid creating a new federal regulator. The EU is moving toward detailed sector-specific rules with mandatory conformity assessment. These are genuinely different models, and multinational businesses building AI products need separate strategies for each.

For businesses primarily in the US market, the EU AI Act matters as a leading indicator. US regulation will eventually arrive in some form, and the categories of harm the EU is focusing on — biometric surveillance, employment discrimination, credit scoring — are exactly the areas US regulators are watching too.

The practical move right now: use the extended timeline to build compliance infrastructure properly, not to defer it. Document your AI systems, classify them by risk tier, map your data flows, and establish human oversight processes. December 2027 sounds distant. It is not.


For a deeper walkthrough of tools like this and how they fit together, the free Working With Claude field guide covers the ecosystem end to end. Get the guide.