IA 360
Regulatory Framework

Brussels proposes delaying high-risk AI rules until 2027

The European Commission is proposing to delay some AI Act obligations for high-risk systems from August 2026 to December 2027, setting up a political battle between those calling for simplification and those warning of weaker safeguards.

5 min read Leer en español

The European Commission unveiled the so-called Digital Omnibus on Wednesday, a package aimed at simplifying several of the European Union’s digital regulations. Its most significant measure for artificial intelligence is a delay to the general obligations for high-risk AI systems: they would shift from August 2026 to December 2027 if the proposal is approved.

The change affects tools that can influence important decisions about people, such as software used to screen CVs, grade exams or assess loan applications. It is not a suspension of the AI Act, but a change to its timeline and some of its requirements. However, it comes as the EU law has only just begun to be rolled out and reopens the debate over whether Brussels is scaling back its regulatory ambitions in response to competitive pressure from the United States and China.

What is being delayed — and why it matters

The AI Act classifies certain uses of AI as high-risk because of their potential impact on rights, employment, education, access to essential services or safety. To market or use them, providers and operators must meet stringent requirements covering risk management, data quality and governance, technical documentation, activity logs, human oversight, and guarantees of accuracy, robustness and cybersecurity.

In practice, these obligations are the law’s operational core for many companies, public authorities and financial institutions. The August 2026 date was particularly important for systems listed in Annex III of the regulation, including those linked to employment, education, credit and certain public services.

The Commission justifies the new timeline by pointing to member states’ delays in preparing supervisory infrastructure and the complexity of adapting companies to the rules. Several countries missed the August 2025 deadline to designate their national competent authorities, Hanane Taidi, director general of the TIC Council, which represents conformity assessment organisations, told Euronews.

Without those authorities and bodies authorised to verify compliance, the system envisaged by the AI Act cannot operate fully. The assessment has a practical basis: an ambitious regulation needs supervisors, technical guidance and certification procedures in place before it can be enforced consistently.

Simplification is not the same as deregulation

The political problem lies in the reform’s scope. The Digital Omnibus does not merely provide more time; it also proposes changes that would affect data protection and the use of information in decisions about essential financial services. Under the proposal, certain data that are currently restricted could be used in those processes under new conditions.

That is where the main risk emerges. A credit or insurance system can reproduce bias if it learns from historical data reflecting existing inequalities. The obligation to assess and reduce those risks does not by itself eliminate discrimination, but it does provide a basis for auditing the system, challenging decisions and holding those responsible to account.

Consumer and digital rights organisations argue that the delay shifts the cost of institutional unpreparedness onto people subject to automated decisions. Tech trade group CCIA, whose members include Amazon, Apple, Google and Uber, has welcomed the delay, while calling for deeper changes, including a review of the compute threshold used to identify AI models that pose a systemic risk.

The disagreement highlights two different problems that are often conflated. One is bureaucratic: preventing a European small business from facing paperwork that is impossible to interpret or duplicative. The other is substantive: deciding which protections should remain in place when an algorithm influences employment, education or access to credit. Reducing administrative burdens may be reasonable; weakening controls over high-impact decisions has more direct consequences for citizens.

A proposal that must still clear Parliament and the Council

The Digital Omnibus does not change the law immediately. The Commission has put forward a legislative proposal that will have to be negotiated and approved by the European Parliament and the Council of the EU. The process is likely to be difficult because it includes amendments to the General Data Protection Regulation (GDPR), and because many MEPs, particularly from left-wing and centrist groups, have already voiced their opposition.

Brussels is also facing an uncomfortable precedent: the AI Act was approved in 2024 after years of negotiations and presented as the world’s first major horizontal law on artificial intelligence. Changing its deadlines before many of its provisions have taken effect feeds the impression that Europe designed rules without yet having the administrative capacity needed to enforce them.

For companies developing or deploying high-risk systems, the proposal would presumably provide more time to adapt. For national authorities, it would mean additional time to build teams, criteria and oversight mechanisms. The question is whether that time will be used to make the AI Act workable or to gradually hollow out the obligations that made it significant.

Share this article

This website uses cookies to improve the browsing experience. Cookie policy.