If you have been managing your EU AI Act program against a single date β€” 2 August 2026 β€” that plan is now wrong in two directions at once. On 7 May 2026, the Council of the EU and the European Parliament reached provisional agreement on the Digital Omnibus package, deferring the most demanding high-risk obligations well beyond August. But several obligations land or are already in force regardless, the deferral is not yet law, and the penalty regime that can reach EUR 35 million or 7% of worldwide annual turnover has been enforceable since February 2025.

The net effect is not β€œrelax.” It is β€œstop planning around one deadline and start building the program you will need across three.” This piece lays out what actually changes in August 2026, what high-risk classification means in practice, the governance and documentation duties, who in your organization should own them, the penalty tiers, and a concrete checklist for the next sixty days. For the broader context of how these regulatory pressures are reshaping leadership roles, see The State of Security Leadership in 2026.

Why this matters now

The AI Act entered into force on 1 August 2024 and phases in over several years. Two phases already bite. Since 2 February 2025, the prohibitions on unacceptable-risk practices (Article 5 β€” social scoring, certain biometric categorization, manipulative systems, untargeted facial-image scraping) have applied, and so has the obligation to ensure AI literacy among staff who operate AI systems (Article 4). Since 2 August 2025, the obligations on general-purpose AI (GPAI) model providers and the bulk of the governance and penalty machinery (Articles 99 and 101) have applied.

That last point is the one leaders most often miss. The penalty framework is already live. You do not get to wait until 2027 to be fined for a prohibited practice or for misleading a regulator.

What was scheduled for 2 August 2026 was the heaviest tranche: the full provider obligations for high-risk AI systems listed in Annex III (Articles 8 to 17), the deployer obligations (Article 26), and the related conformity-assessment and registration duties. On 7 May 2026, EU lawmakers provisionally agreed to defer these. Under the Omnibus compromise, obligations for standalone Annex III high-risk systems move to 2 December 2027, and obligations for high-risk AI embedded in products already regulated under Annex I (medical devices, machinery, toys, lifts, radio equipment) move to 2 August 2028. The stated reason is the late arrival of the harmonized technical standards that organizations need in order to demonstrate conformity.

Two cautions for leaders. First, this is a provisional political agreement; it takes legal effect only on formal adoption and publication in the Official Journal, expected before 2 August 2026. If that slips, the original August date could still apply to some systems. Second, the deferral buys time to build, not permission to stop. Conformity assessment, technical documentation, and a quality management system are not tasks you complete in a quarter.

What the Act actually requires

The Act is risk-tiered. Most systems are minimal or limited risk and carry only light transparency duties (for example, telling users they are interacting with an AI, and marking AI-generated content). The weight of the regime falls on two categories.

High-risk systems. A system is high-risk if it is a safety component of a product covered by Annex I, or if it falls within the use cases listed in Annex III: biometric identification, critical infrastructure, education and vocational training, employment and worker management (including CV-screening and candidate-ranking tools), access to essential private and public services (including credit scoring), law enforcement, migration and border control, and the administration of justice. The practical filter for most enterprises is simple: do you use AI to make or materially support decisions about hiring, firing, credit, access to services, or safety? If yes, assume high-risk until proven otherwise.

Providers of high-risk systems must establish a risk management system (Article 9), apply data governance and quality criteria to training and testing data (Article 10), maintain detailed technical documentation (Article 11) and automatic logging (Article 12), ensure transparency and human oversight (Articles 13 and 14), and meet accuracy, robustness and cybersecurity requirements (Article 15). They must run a conformity assessment, draw up an EU declaration of conformity, affix CE marking, and register the system in the EU database before placing it on the market. Deployers β€” the organizations using a high-risk system β€” carry their own duties under Article 26: operating per instructions, assigning competent human oversight, monitoring, retaining logs, and informing affected people in certain contexts.

General-purpose AI (GPAI) models. These obligations are already in force (since 2 August 2025). Every GPAI provider must maintain technical documentation, publish a summary of training data, and respect EU copyright rules. Providers of GPAI models posing systemic risk β€” broadly, the largest frontier models β€” face additional duties: model evaluation and adversarial testing, systemic-risk assessment and mitigation, serious-incident reporting to the European AI Office, and cybersecurity protection. If you procure or fine-tune a foundation model, you inherit exposure here even if you did not train it.

Who owns this

This is the question that determines whether a program ships or stalls, and most organizations get it wrong by assuming a single owner exists. AI Act compliance is inherently cross-functional, and the duties do not map cleanly onto any one existing role.

The CISO owns the security and robustness requirements of Article 15 β€” adversarial robustness, resilience to data poisoning and model evasion, and the cybersecurity of the AI system itself β€” plus logging integrity under Article 12 and incident detection feeding the reporting obligations. The CISO is the natural owner of the technical control layer, but not of the legal classification or the lawfulness of processing.

The DPO owns the overlap with GDPR, which is substantial: the data governance duties of Article 10, the lawful basis and data-minimization analysis for training data, and the data protection impact assessment that frequently runs alongside the AI Act’s fundamental-rights impact assessment for high-risk deployers. The DPO role is expanding precisely because AI governance sits at the GDPR seam; we cover that shift in detail in the DPO’s expanding role. But the DPO’s statutory independence under GDPR means they should advise and audit, not own the operational delivery β€” assigning them end-to-end accountability creates a conflict of interest.

A designated AI governance lead or AI Officer owns the connective tissue: maintaining the inventory of AI systems, running classification, coordinating conformity assessments, owning the quality management system, and serving as the single point of contact for market surveillance authorities. The Act does not mandate this title, but in practice an organization with meaningful high-risk exposure needs one accountable executive who is neither the CISO nor the DPO, supported by a cross-functional committee that includes legal, procurement, product, and the business units actually deploying the systems.

The failure mode to avoid is diffusion: everyone is consulted, no one is accountable, and the inventory is never finished. Name one accountable owner, give them a budget line, and have them report to the board.

The penalties

The Act sets three tiers of administrative fines, applied by national market surveillance authorities (with the European AI Office holding direct enforcement over GPAI rules):

  • Up to EUR 35 million or 7% of total worldwide annual turnover, whichever is higher, for breaching the Article 5 prohibitions on unacceptable-risk practices. This is the headline tier, and it is live now.
  • Up to EUR 15 million or 3% of worldwide annual turnover for breaching most other obligations, including provider obligations, deployer obligations, and the transparency requirements.
  • Up to EUR 7.5 million or 1% of worldwide annual turnover for supplying incorrect, incomplete, or misleading information to authorities.

For SMEs and startups, the figure applied is the lower of the fixed amount or the percentage, a deliberate proportionality concession. For everyone else, the percentage is calculated on group-wide global revenue, which is what pushes the prohibited-practice tier above the GDPR ceiling of 4%. The reputational exposure of being named in an early enforcement action β€” regulators will want visible cases β€” is arguably larger than the fine itself.

What to do now

The deferral changes your timeline, not your work. Use the next sixty days to do the following.

  1. Build the AI inventory. You cannot classify, secure, or document what you have not catalogued. Capture every AI and GPAI system in use or development, including embedded vendor features and shadow AI adopted by business units. This is the single most common gap and the prerequisite for everything else.

  2. Classify against Annex III and Annex I. For each system, determine prohibited / high-risk / limited / minimal. Document the reasoning, especially for any β€œnot high-risk” determination β€” that record is your defense if a regulator disagrees.

  3. Confirm the prohibitions are not being breached today. Article 5 is already enforceable at the 7% tier. Review any use of biometric categorization, emotion recognition in the workplace or education, social scoring, or untargeted face scraping. Stop or remediate immediately.

  4. Close the GPAI gap. For every foundation model you build on, obtain the provider’s technical documentation and training-data summary, and confirm your downstream use does not create new obligations. These duties are in force now, not deferred.

  5. Stand up AI literacy training. Article 4 already requires it. Provide role-appropriate training to staff who develop, procure, or operate AI, and keep attendance records.

  6. Name the owner and the committee. Designate one accountable AI governance lead, define the CISO and DPO interfaces explicitly, and charter a cross-functional committee with a board reporting line.

  7. Start the quality management system and documentation now. For high-risk systems, the Article 11 technical file, Article 9 risk management process, and the quality management system take many months. The deferral to December 2027 or August 2028 is the runway to build these properly, not a reason to defer starting.

  8. Track the harmonized standards and the Omnibus adoption. Conformity assessment depends on standards that are still landing. Assign someone to monitor publication of both the standards and the final Omnibus text, because your concrete deadline depends on the latter clearing the Official Journal.

Conclusion

The 7 May 2026 deferral is a genuine and welcome change, but it is widely being misread as a reprieve. The prohibited-practice fines, the GPAI duties, and the AI-literacy obligation are all live today, independent of August 2026. The high-risk obligations have moved to December 2027 and August 2028, and they require a quality management system, conformity assessment, and a technical file that no organization assembles in a quarter. The leaders who come out of this well are the ones who treat the extra time as build time and who answer the ownership question now β€” one accountable AI governance lead, a CISO who owns the controls, a DPO who advises on the data, and a board that sees the program. Decide who owns it this quarter, because the date moving does not move the work.

This article is provided for informational purposes only and does not constitute legal advice. EU AI Act obligations and enforcement dates vary by system classification and member state; consult qualified counsel.