SIANNA GovernanceSIANNA Governance
EU AI Act Update

Latest EU AI Act Updates

A practical overview of the most important AI Act developments, upcoming deadlines, and what organisations should prepare for now.

Last updated: 6 May 2026
Article
Updated 6 May 2026

EU AI Act Update — Key Developments

1. Political agreement reached on the "Digital Omnibus" AI changes

EU lawmakers and Member States reached a provisional agreement on amendments to the AI Act aimed at simplifying compliance and delaying some obligations. The agreement still requires formal approval before it becomes final law.

Most important proposed changes

  • High-risk AI obligations would move from 2 August 2026 to 2 December 2027.
  • Some machinery and sector-regulated products may be excluded from overlapping AI Act requirements.
  • National AI sandbox deadlines may shift from 2026 to 2027.
  • New bans would target AI systems generating non-consensual explicit imagery ("nudifier apps").
  • Mandatory watermarking obligations for AI-generated content are expected to strengthen.

2. Important clarification: current deadlines still legally apply

Although political agreement has now been reached, organisations should not assume the delay is fully enacted yet.

Multiple legal and governance analyses stress that:

  • the original AI Act remains in force;
  • August 2026 obligations technically still apply until the amendments are formally adopted and published.

Current official timeline

According to the European Commission:

  • prohibited AI practices and AI literacy obligations already apply;
  • GPAI model obligations already apply;
  • high-risk AI system obligations are currently scheduled for 2 August 2026;
  • some embedded product AI systems transition until 2027.

3. Enforcement and governance trend

The broader EU direction remains clear:

  • stronger AI governance,
  • stronger platform accountability,
  • tighter interoperability and competition controls,
  • increasing oversight of foundation models and AI ecosystems.

The European Commission is also continuing work on:

  • AI Office oversight,
  • regulatory sandboxes,
  • GPAI supervision,
  • coordination between AI Act, GDPR, DMA, NIS2, CRA, and sector-specific rules.

4. What this means for organisations now

Recommended actions

Continue preparing as if August 2026 remains the operational target date.

Priority areas:

  • AI inventory and classification
  • supplier and model governance
  • human oversight procedures
  • AI literacy programmes
  • documentation and audit trails
  • transparency and labeling practices
  • vendor due diligence
  • data governance and cybersecurity controls

For web and digital teams

Particular attention should be paid to:

  • AI-generated website content,
  • AI search experiences,
  • chatbots and virtual assistants,
  • automated personalization,
  • accessibility tooling,
  • synthetic media and image generation,
  • AI-assisted customer service workflows.

5. Website-ready takeaway

The EU is moving toward a softer and more business-friendly implementation of the AI Act, but organisations should continue preparing for compliance now. While lawmakers have agreed in principle to delay some high-risk AI obligations until late 2027, the current legal deadlines remain in force until the amendments are formally adopted. Businesses should treat this period as a governance preparation window rather than a pause in compliance activity.

News Update
18 May 2026

EU AI Act: Delayed Deadlines, But No Pause in Preparation

The EU is moving toward a more phased and business-friendly implementation of the AI Act, with lawmakers provisionally agreeing to delay key high-risk AI obligations until late 2027 and 2028.

However, the current legal deadlines remain active until the amendments are formally adopted. At the same time, the European Commission is accelerating guidance on transparency, AI-generated content disclosures, and governance for general-purpose AI models.

Organisations should continue preparing their AI governance frameworks now rather than treating the proposed delays as a pause in compliance activity.

Active

AI literacy duties, definitions, and prohibited AI practices already apply.

2026

High-risk AI obligations are still expected from 2 August 2026 unless legal changes are adopted.

Uncertain

EU institutions are debating possible delays and simplifications through the Digital Omnibus.

Recent Changes

What Changed Recently?

EU lawmakers and Member States have been discussing amendments that could delay parts of the AI Act, especially rules for high-risk AI systems. However, no final legal delay should be treated as confirmed until the relevant amendments are formally adopted and published.

The main practical message for organisations is simple: continue preparing against the current AI Act timeline, while monitoring the Digital Omnibus negotiations closely.

Governance note

Do not pause AI Act readiness work based only on political discussions. Keep mapping AI systems, classifying risks, and documenting controls.

Implementation

Current AI Act Timeline

1 Aug 2024

AI Act entered into force

The regulation officially became law, starting the phased implementation period.

2 Feb 2025

AI literacy and prohibited practices

Organisations must ensure sufficient AI literacy for staff and avoid prohibited AI practices.

2 Aug 2025

General-purpose AI rules

Governance rules and obligations for providers of general-purpose AI models started applying.

2 Aug 2026

Main high-risk AI obligations

Rules for many high-risk AI systems are expected to apply, including risk management, documentation, logging, transparency, human oversight, accuracy, robustness, and cybersecurity requirements.

2 Aug 2027

Extended transition for some product-related AI

High-risk AI systems embedded in certain regulated products have a longer transition period.

Practical Steps

What Organisations Should Do Now

1. Build an AI inventory

List all AI tools used internally and externally, including generative AI, chatbots, automation tools, analytics, and decision-support systems.

2. Classify risk

Identify whether each system is prohibited, high-risk, limited-risk, general-purpose AI, or minimal-risk.

3. Document governance

Record ownership, purpose, data sources, user groups, safeguards, human oversight, and supplier responsibilities.

4. Prepare staff

Provide practical AI literacy guidance covering safe use, transparency, data protection, bias, and escalation routes.

Web Teams

Why This Matters for Web Governance

Web teams increasingly use AI for content generation, translation, search, accessibility support, analytics, user assistance, and workflow automation. These uses may create transparency, data protection, quality, bias, and accountability obligations.

  • Label AI-generated or AI-assisted content where needed.
  • Review chatbot and virtual assistant use cases carefully.
  • Avoid processing personal or sensitive data in unapproved AI tools.
  • Keep editorial, legal, accessibility, and data protection review steps in the workflow.
  • Maintain clear records of AI tools, prompts, outputs, approvals, and suppliers.

This page is for general information and governance planning. It is not legal advice. Organisations should confirm obligations with their legal, compliance, and data protection teams.