The message has been loud and clear to tech companies that are hoping to get an extension of time to implement regulations involving artificial intelligence: the deadline isnโt going anywhere. Despite demands for an extension by tech companies that feel cornered by the regulations, the European Union has announced that the AI Act obligations are set to come into effect as scheduled in 2026. The development is a turning point in AI regulation across the world.
Commission launches stop-the-clock transition steps
The European Commission has adopted the Digital Omnibus package, which contains specific changes affecting the application of the AI Act with the overall compliance schedule intact. It provides a “stop-the-clock” transitional period for high-risk AI systems, conditional on the Commission’s adoption of support measures such as harmonized standards and guidelines. Its application to high-risk AI systems under Annex III is expected after the decision, with a long-stop date of December 2, 2027, while those under Annex I are given twelve months with a deadline of August 2, 2028.
The Commission also extended deadlines for general-purpose AI systems to allow providers of GPAI systems available on the market before August 2026 to update their systems by February 2027. The package also cuts registration obligations by requiring no mandatory registration to be carried out by providers of specific high-risk AI systems, but adopts a new model of self-assessment.
Smaller mid-cap businesses get appropriate compliance relief
The Digital Omnibus package introduces relief for small mid-cap companies, which will be considered entities having up to 750 employees or a turnover of up to โฌ150 million, regarding the technical documentation requirement for high-risk AI systems, which was hitherto restricted to small and medium-sized enterprises.
It should be noted that the Commission has set up an EU-level GPAI sandbox, enabling the development of general-purpose AIs to be tested under the supervision of the AI Office, and these efforts reflect the commitment of the EU to ensure that there is a balance between regulatory compliance and the realities associated with the implementation process in the context of company size. Cloud switchover obligations are clarified for cloud services involving high customization, with less rigorous regimes for custom-made data processing services.
Several companies in various sectors were campaigning for a delay due to overlaps in regulation, different implementations across countries, and a need for more clarity on a trans-regime framework. Nevertheless, in any case, what the Commission has done is to keep to the original timeline and accommodate flexibility in certain sectors via the stop-the-clock tool and GPAI timelines. The Digital Omnibus package constitutes the first gesture by the Commission to improve the EU’s digital rulebook.
Broader digital framework consolidation moves forward
The Digital Legislation Omnibus Regulation brings harmony to the disjointed regime on data sharing under the Data Act, incorporating the Data Governance Act provisions and certain Open Data Directive duties. This legislation enhances trade secrets and third-country provisions so that companies are exempted from data sharing if thereโs a high potential exposure to trade secrets or data in countries with poor data protection laws.
The Commission has also proposed simplification of the process of notifying cybersecurity incidents for key EU laws, including the extension of the time to notify GDPR from 72 to 96 hours, and only for high-risk personal data breaches. A โsingleโ EU notification portal will be established by ENISA to help organizations fulfill notifications for different cyber legislations such as GDPR, NIS2, DORA, CER, and eIDAS Regulation.
The tough stance taken by the EU regarding the deadlines for the implementation of the AI Act is a huge indication that European regulators value regulatory certainty more than the convenience of the industries affected. Although the scale of relief acknowledges the difficulties involved, the bottom line has still not changed; companies need to gear up for full-fledged compliance with AI in 2026.
