Rules on ‘high-risk’ AI to be delayed under EU ‘omnibus’ deal

The ‘high-risk’ AI regime is one of the most significant features of the EU AI Act with cross-sector relevance. Broadly, it imposes obligations on providers, deployers, importers and distributors of high-risk AI systems around matters such as risk management, data quality, transparency, human oversight and accuracy, as well as registration, quality management, monitoring, record-keeping, and incident reporting. Pinsent Masons has developed a guide to help businesses understand what constitutes a ‘high-risk’ AI system.

Currently, the rules on high-risk AI systems are due to come into effect on 2 August 2026, but law makers at the European Parliament and the Council of Ministers today confirmed plans to delay implementation.

Under the provisional agreement the institutions have struck – which has still to be formally ratified – the rules applicable to stand-alone high-risk AI systems would apply from 2 December 2027, while the rules regarding high-risk AI systems embedded in products would apply from 2 August 2028.

The planned delay is designed to provide more time for EU policymakers to formulate standards, tools and guidelines to help businesses meet their obligations under the new regime. It forms part of a broader package of measures contained in a proposed Digital Omnibus on AI Regulation (AI Omnibus).

In proposing the AI Omnibus last November, the European Commission had proposed delaying the high-risk AI regime but at that stage had suggested the 2 December 2027 and 2 August 2028 dates should serve as backstop dates for implementation. Under its plan, earlier implementation would have been possible depending on when new standards, tools and guidelines were issued. However, a spokesperson for the European Parliament has confirmed to Out-Law that the co-legislators have agreed to instead go for fixed dates, in the hope that this would increase clarity and predictability.

Frankfurt-based Dr Nils Rauer of Pinsent Masons, who specialises in AI regulation, said: “The political agreement on the AI Omnibus package is a pragmatic step towards greater legal certainty. By pushing back key obligations for high-risk systems, lawmakers have recognised that the AI Act cannot work effectively without clear standards, guidance and compliance tools in place. This should give businesses a more realistic implementation timeline and help align regulatory requirements with a more mature compliance framework.”

“At the same time, the changes reinforce the European Commission’s central role in determining when the regime becomes operational in practice, leaving companies reliant on secondary measures that are still to be finalised,” he said.

The Commission’s AI Omnibus proposals were set out alongside separate plans for a Digital Omnibus Regulation, which provides for changes to a raft of other EU tech and data regulations beyond the EU AI Act. Together, the package has been designed to streamline and simplify the rules businesses face in the name of bolstering the EU’s competitiveness.

As well as agreeing on new fixed dates for implementation of the high-risk AI regime, the Parliament and Council have confirmed that providers of such systems will be required to register those systems in the EU database for high-risk systems, even if they consider their systems to be exempted from classification as high-risk. 

Other changes provided for in the deal include regulatory exemptions for small mid-cap companies (SMCs) and the removal of overlapping requirements for AI embedded in regulated products, which reflects long‑standing industry concerns about duplicative compliance burdens.

Co-legislators also agreed to a limited grace period for generative AI providers to ensure the output of their models is labelled as such: providers whose gen-AI models are released before 2 August 2026 will have until 2 December 2026 – not 2 February 2027 as the Commission had initially proposed – to apply watermarking or other transparency solutions.

Rauer said: “The package makes progress on simplification, particularly by removing overlapping requirements for AI embedded in regulated products, a longstanding concern for industry. But much will depend on how the framework is implemented in practice, including coordination between regulators and the timely delivery of clear guidance. Other elements, such as AI literacy obligations, will need close scrutiny to ensure they do not introduce new layers of uncertainty under the banner of simplification.”

The text that has been provisionally agreed is still subject to lawyer-linguist checks and validation. A European Parliament spokesperson said a final version of the text is expected by the end of the month at latest, at which point the processes for its formal adoption – which include votes in the Parliament and Council – can proceed.