The EU AI Act Just Changed Again — Here Is What Is Different

Three weeks ago, we reported on the EU AI Omnibus deal that delayed high-risk AI compliance to December 2027. Since then, Brussels has been anything but quiet. Three significant developments have landed — and together they paint a picture of an EU AI Act that is evolving faster than most compliance teams realise.

What the EU AI Act Now Looks Like — The Updated Timeline

The AI Act entered into force on 1 August 2024. The AI Omnibus was adopted on 19 November 2025 and a political agreement was reached on 7 May 2026. As a result of that agreement, the rules for high-risk AI systems embedded into regulated products have an extended transition period until 2 August 2028. High-risk AI systems under Annex III — covering employment, education and health insurance — now face a compliance deadline of 2 December 2027.

Transparency obligations for AI systems generating or manipulating synthetic content placed on the EU market before 2 August 2026 are postponed from 2 August 2026 to 2 December 2026 — deferred by four months. Systems placed on the market after 2 August 2026 must comply from the date they are placed on the market.

The watermarking requirement — that every piece of AI-generated content must be identifiable as such — is still coming. It has simply been given a four-month grace period for systems already deployed. New AI systems launching after August 2 must comply immediately.

Development 1 — Brussels Opens Consultation on AI Transparency

On 8 May 2026, the Commission opened consultation on draft guidelines for AI transparency obligations.

These guidelines will define exactly what "transparency" means in practice for AI systems deployed in Europe. For GAFAM companies, the stakes are concrete: how must Google label AI Overviews in Search? How must Meta disclose AI-generated content in feeds? How must Microsoft identify Copilot-generated text in documents? The answers to these questions are being written right now — in a consultation process that most GAFAM compliance teams are not participating in.

Development 2 — Brussels Seeks Feedback on High-Risk AI Classification

On 19 May 2026, the Commission sought feedback on draft guidelines for the classification of high-risk artificial intelligence systems.

This is the most consequential regulatory document of 2026 for every GAFAM company. The classification guidelines determine which AI systems require the full weight of EU AI Act compliance — impact assessments, human oversight requirements, technical documentation, registration in the EU database. The draft guidelines are being written now. The consultation window is open now. Companies that engage with this process shape the rules they will operate under. Companies that ignore it accept whatever Brussels decides.

Development 3 — Member States Are Not Waiting for Brussels

While the EU-level timeline has been extended, individual member states are moving independently.
Italy's AI Law — Law No. 132/2025 — entered into force on 10 October 2025, making it the first comprehensive national AI framework in the EU. Italy's law amends its Copyright Law to clarify that copyright applies to AI-assisted works only if there is a substantial human intellectual contribution — a direct challenge to every GAFAM company training models on Italian content.

Ireland has established a national AI Office and positioned itself at the forefront of responsible AI regulation in Europe — significant given that Ireland is the EU regulatory home of Google, Meta, Apple and Microsoft under GDPR.

Ireland's national AI Office operating in the same jurisdiction as GAFAM's European headquarters is not a coincidence. It is a regulatory proximity that every GAFAM company's European legal team is watching very carefully.

The Risk-Based Framework — Still Intact Despite Simplification

The AI Act remains, even after these changes, the world's most comprehensive AI law. Its risk-based framework is intact.

One MEP said: "I am concerned that our legislative processes are much slower than the fast pace of innovation." He called on the EU AI Office and the Commission to act as regulators-in-between, filling gaps through guidance, codes of conduct and enforcement action faster than full legislative cycles allow. "The Commission is sometimes very timid or slow or late on acting, and that's why it's even more important that the Commission and AI Office take their responsibilities even more seriously."

That statement from inside the European Parliament captures the central tension of European AI governance in 2026: the law has been simplified and delayed, but the political will to regulate aggressively has not disappeared. It has been redirected — from legislation to guidelines, from statutes to enforcement actions, from Brussels to Dublin, Rome and Berlin.

What GAFAM Must Do Today — Not in December 2027

The December 2027 deadline for high-risk AI compliance creates a dangerous illusion: that companies have 18 months before they need to act. They do not.
The obligation for member states to establish at least one AI regulatory sandbox at the national level is postponed from 2 August 2026 to 2 August 2027. But the GPAI model obligations — covering every general-purpose AI model deployed in Europe — have been in force since 2 August 2025. Google's Gemini, Meta's Llama and Muse Spark, Microsoft's Copilot and Amazon's Titan are all already subject to EU AI Act obligations. Today. Not in 2027.

The European Perspective