The market read the Digital Omnibus as a reprieve. It read it wrong.
On 7 May 2026, the Council and the Parliament reached a provisional agreement to defer the stand-alone high-risk obligations of the EU AI Act from 2 August 2026 to 2 December 2027 (Council of the EU, 7 May 2026). Sixteen months of relief. Recruitment tools, credit scoring, biometric systems, education and critical infrastructure: the whole Annex III build package moved down the calendar.
The headline wrote itself. The deadline slipped, the pressure is off. That reading confuses two different clocks. One governs what you must build. The other governs what a regulator can do to you. Only the first clock moved.
The enforcement machine keeps its date
August 2, 2026 still turns on. The penalty regime becomes applicable that day: up to 35 million euro or 7% of worldwide turnover for prohibited practices, and up to 15 million euro or 3% of worldwide turnover for other breaches (EU AI Act, Article 99).
The Commission's power to fine general-purpose model providers goes live on the same date: up to 3% of worldwide turnover or 15 million euro, whichever is higher, including where a provider refuses to give evaluators access to the model behind your workflow (EU AI Act, Article 101). National market surveillance authorities can open investigations and sanction from that day (European Commission, 2026). And the Article 50 transparency duties apply: you must disclose synthetic media and machine interaction to the people exposed to them (EU AI Act, Article 50).
None of that was in the Omnibus. The agreement deferred the obligations you owe. It left untouched the machinery that acts when they are not met.
The Omnibus moved the build obligation. It did not move the evidence obligation. The clock on your audit trail runs from the system you ship today, not from December 2027. Hikari Blue · operator note
Why the delay is a trap dressed as relief
The high-risk requirement you now owe in December 2027 includes automatic logging across the lifetime of the system (EU AI Act, Article 12). An audit trail is not a document you author in 2027. It is a property of a system built in 2026. Every model you deploy this year without that property is a system you will re-engineer later, under deadline and under scrutiny.
For a CTO or a CISO, two obligations do not wait for 2027 at all. Transparency on generated content applies in August. So does the discipline of your general-purpose model providers. If your provider cannot produce a model for a regulator's evaluation, that exposure is now theirs by law and your dependency in practice (EU AI Act, Article 101). Model routing and provider substitution stop being a procurement preference. They become a continuity control.
There is a further precision that belongs on the record. The December 2027 deferral is a political agreement, not yet law. It takes legal effect only when the Omnibus is published in the Official Journal, expected before 2 August 2026 (Council of the EU, 7 May 2026). Until that publication, the standing legal text still reads 2 August 2026 for Annex III. Banking on the delay before it is printed is a governance decision your board should take on purpose, not inherit by default.
The question to bring to the next board
The question is not whether you are ready for December 2027.
Ask whether the systems you ship this quarter will produce their own evidence, or whether someone will hand-stitch it later.
One is architecture. The other is a liability with a due date.
References
- European Commission, 2026. Regulatory framework on AI · implementation timeline. Shaping Europe's digital future. digital-strategy.ec.europa.eu
- Council of the EU, 7 May 2026. Artificial intelligence: Council and Parliament agree to simplify and streamline rules (Digital Omnibus). consilium.europa.eu
- EU AI Act, Article 99 · Penalties. Regulation (EU) 2024/1689. artificialintelligenceact.eu/article/99
- EU AI Act, Article 101 · Fines for providers of general-purpose AI models. artificialintelligenceact.eu/article/101
- EU AI Act, Article 50 · Transparency obligations for providers and deployers of certain AI systems. artificialintelligenceact.eu/article/50
- EU AI Act, Article 12 · Record-keeping. artificialintelligenceact.eu/article/12
The Hikari Blue team · Austin, July 2026