News
EU Pushes Back AI Act Deadlines for High-Risk Systems to 2027 and 2028

The European Parliament approved the Omnibus VII package on June 16, 2026, giving companies more time to comply with the AI Act's toughest high-risk requirements while accelerating rules on labeling AI-generated content.
EU institutions agreed on May 7, 2026 on a new timeline for implementing the bloc's AI regulation, and the European Parliament approved the change on June 16, 2026. The package, known as Omnibus VII, differentiates deadlines based on the risk level of an AI system, giving companies more time where the regulatory burden is heaviest, while speeding up requirements where the goal is protection against abuse.
The change concerns one of the most contentious elements of the AI Act: the requirements for high-risk AI systems, which cover areas including recruitment, credit scoring, educational systems and critical infrastructure. Companies and public institutions had been signaling for months that the original timeline was too ambitious given real-world implementation capacity.
What's Changing
Under the new timeline, standalone high-risk AI systems, meaning those that are not part of a larger product, will have to meet the full AI Act requirements starting December 2, 2027. High-risk systems embedded in products, such as industrial machinery or medical devices, were given even more time, until August 2, 2028. In practice, that amounts to a deferral of one to one and a half years compared with the previously planned deadlines.
At the same time, negotiators accelerated some obligations deemed urgent. The requirement to label content generated by artificial intelligence will take effect as early as December 2, 2026, sooner than some of the requirements for high-risk systems. The list of prohibited practices was also explicitly expanded to include the generation of material depicting the sexual abuse of children and intimate images of people without their consent.
Oversight and Regulatory Sandboxes
The Omnibus VII package also reorganizes the division of oversight authority. When the same provider develops both a general-purpose model and a system built on that model, oversight will fall to the central AI Office at the European Commission. Exceptions remain where authority already belonged to national regulators, for example in the financial sector, to prevent duplicate oversight of banks and financial institutions.
The establishment of national regulatory sandboxes, testing environments that let companies check AI systems under regulator supervision before full deployment, was pushed back to August 2, 2027. A pan-European sandbox is meant to be developed in parallel.
What It Means for Poland
For Polish companies and public institutions, which had been signaling uncertainty for months over the scope of their own obligations under the AI Act, the new timeline means extra time to inventory the systems they use and adjust compliance processes. The extended deadlines do not, however, exempt them from obligations that take effect sooner, such as labeling AI-generated content starting in December 2026.
The May 7 agreement and the European Parliament's June 16 vote are not yet the end of the legislative process. The text still has to pass formal approval by the Council of the European Union, undergo a legal-linguistic review, and be published in the EU Official Journal before the new deadlines become binding.
Sources: AI Act po Omnibus VII. Nowy harmonogram stosowania wymogów dla systemów AI wysokiego ryzyka (gazetaprawna.pl), Pakiet Omnibus VII - nowy harmonogram dla wdrożenia AI Act (kancelariamacura.pl), AI Act z nowym harmonogramem - nie wszystko może poczekać (rp.pl)


