The EU AI Act on 2 August 2026: what actually applies, what moved, and what I'd do this month
"The EU delayed the AI Act" is the most dangerous sentence in tech compliance right now. It is half true, and the half that isn't true lands in three weeks.
On 29 June 2026, the Council gave its final approval to the Digital Omnibus on AI. Parliament signed off on 16 June. The text enters into force this month. If your compliance calendar was built around the original AI Act timeline, parts of it are now wrong. If your board heard "delay" and quietly deprioritised the whole programme, parts of it are dangerously wrong.
I've spent the past month re-baselining AI Act roadmaps for clients ranging from a Claude-powered HR platform to SaaS providers selling into regulated sectors. Here is the picture as it stands, and what I would do with the rest of July.
What still applies on 2 August 2026?
The Article 50 transparency obligations. These were not deferred, and they are broader than most people realise.
From 2 August 2026, if you operate an AI system that interacts with people in the EU, users must be told they are dealing with AI. If your product generates content, that content must be identifiable as AI-generated. If you deploy emotion recognition or biometric categorisation, affected individuals must be informed.
For most of my clients, the chatbot disclosure point is the live one. If your product has a conversational AI layer, and in 2026 most do, you need the "you are talking to an AI" disclosure designed, worded and shipped before August. This is a product change, not a policy document. Your engineers need to know about it now.
One carve-out worth knowing. The watermarking obligation in Article 50(2), which requires AI-generated content to carry machine-readable markers, got a short reprieve for systems already on the market at 2 August 2026. Those legacy systems have until 2 December 2026. New systems placed on the market after August must comply from day one.
What moved, and to when?
The high-risk rules. This is the genuine delay, and it is substantial.
Obligations for standalone high-risk AI systems under Annex III, which covers recruitment and employment tools, credit scoring, education, critical infrastructure and law enforcement, move from 2 August 2026 to 2 December 2027. For AI embedded in regulated products under Annex I, think medical devices and machinery, the date moves to 2 August 2028.
The obligations themselves did not change. The risk-based architecture, the conformity assessments, the technical documentation, the human oversight requirements. All of it survives intact. You have been given runway, not a reprieve.
What's new that nobody planned for?
Two things.
First, a new prohibited practice. From 2 December 2026, AI systems used to generate non-consensual intimate imagery or child sexual abuse material are banned outright, and the prohibition catches providers who place image-generation systems on the EU market without reasonable safeguards against that misuse. If your product can generate or manipulate images of people, you need documented technical safeguards before December, or a clear position on why you are out of scope. The penalty tier for prohibited practices is the maximum under the Act.
Second, the AI Office in Brussels gained significantly expanded supervisory powers, including centralised oversight of AI embedded in very large online platforms. Enforcement is consolidating, not fragmenting. That matters when you're deciding how seriously to take a "soft" deadline.
Does the delay mean I can pause my AI Act programme?
No, and I'll give you three practical reasons rather than a compliance lecture.
The hard part of AI Act compliance was never the documentation. It is finding every AI system in your organisation, classifying each one against Annex III, and keeping that inventory alive as product ships new features. None of that work depends on harmonised standards being final. Teams that start the inventory now get eighteen months to refine it. Teams that start in autumn 2027 get weeks.
The grandfathering rule rewards early movers. High-risk systems placed on the market before the new deadlines avoid the full obligations until they are substantially modified. Getting compliant deployments out the door early is now a commercial advantage, not just a legal one.
And the underlying exposure never moved. An AI system that discriminates in hiring during 2026 is still fully actionable under the Equality Act, GDPR and ordinary negligence principles. The AI Act deadline shifted. Your liability did not.
What I'd do with the rest of July
If I were your general counsel, this is the four-line plan. Confirm your Article 50 disclosures are designed and in the release schedule before 2 August. Put the December 2026 watermarking and prohibited-practices dates into your product roadmap with engineering owners attached. Re-baseline the high-risk workstream to December 2027 and reallocate the freed budget to inventory and classification rather than banking it. And check your customer contracts, because AI Act representations drafted against the old timeline are now making promises on the wrong dates.
That last point catches almost everyone. If you signed a DPA or master services agreement in 2025 that warrants AI Act compliance "by the applicable dates", you and your counterparty may now disagree about what those dates are. A one-page variation letter this summer is cheaper than an argument next year.
I work with startups, scale-ups and PE-backed businesses on exactly this, on fixed fees, with no juniors learning on your file. If your AI Act plan was written before May 2026, it needs an hour of attention. That is usually all it takes to put it right.
FAQ
-
Partially. The Digital Omnibus on AI, finally approved in June 2026, delayed high-risk AI obligations from 2 August 2026 to 2 December 2027 for Annex III systems and 2 August 2028 for AI embedded in regulated products. Transparency obligations under Article 50 still apply from 2 August 2026.
-
Article 50 transparency obligations. Users must be informed when interacting with AI systems, AI-generated content must be identifiable, and people must be told when subject to emotion recognition or biometric categorisation. Watermarking for legacy systems has a grace period to 2 December 2026.
-
2 December 2027 for standalone high-risk systems listed in Annex III, including recruitment, credit scoring and education tools. 2 August 2028 for high-risk AI embedded in products regulated under Annex I, such as medical devices and machinery.
-
From 2 December 2026, AI systems used to generate non-consensual intimate imagery or child sexual abuse material are prohibited, including placing image-generation systems on the EU market without reasonable safeguards against that misuse.
-
Yes, if they place AI systems on the EU market or their outputs are used in the EU. The AI Act applies extraterritorially, so UK providers selling into the EU need to track the revised timeline.

