Experts Warn: EU Parliament's AI Act Delay Is Not a Reprieve

The Vote and the Expert Reaction

On Thursday 26 March 2026, the European Parliament voted to adopt its negotiating position on the AI Omnibus — formally pushing the high-risk AI compliance deadline from August 2026 to December 2, 2027, with AI embedded in regulated products like medical devices pushed further to August 2, 2028.^[2]

It sounded like a win. But within 24 hours, analysts across three major advisory firms were saying the same thing: don't stop your compliance work.

Nader Henein, a VP analyst at Gartner, put it directly: "The final decision will happen so close to the old deadline that organisations have no choice but to proceed as originally planned. Our guidance has been to treat any potential extension as an opportunity to better test out and improve the process for cataloguing and managing AI systems."^[1]

Brian Levine, executive director of FormerGov, was blunter: "Whether Brussels enforces the rules next year or two years from now, the operational, legal, and reputational exposure from poorly governed AI is already here. The organisations that wait for perfect regulatory clarity are the ones most likely to discover their models have been quietly generating compliance, privacy, or safety liabilities long before any enforcement clock started ticking."

The consensus is clear: the delay is about regulatory infrastructure, not about reduced risk.

This article is for informational purposes only and does not constitute legal advice.

Why the Delay Happened — and Why That Matters

The extension wasn't granted because the rules are too tough or the demand unreasonable. It was granted because the technical standards that companies need to actually demonstrate compliance — published by EU standardisation bodies CEN and CENELEC — aren't ready yet. Those standards define what good compliance looks like in practice. Without them, businesses would be complying against an undefined benchmark.

Henein confirmed this: "The major gating factor for the current timeline was that regulators would not have been ready to enforce. Spain is one of a handful of countries who stood up a regulator, and even the EU AI board is behind on the kind of guidance needed."

In other words: the system wasn't ready, not the companies. When the standards land and the guidance is published, enforcement will follow — and it will arrive faster than you expect.

What the New Dates Actually Are

To be precise about what Parliament voted for:^[3]

High-risk AI systems (Annex III) — biometrics, employment, education, essential services, law enforcement, border management: new deadline December 2, 2027.
AI embedded in regulated products — medical devices, machinery, toys: new deadline August 2, 2028.
AI content watermarking — providers get until November 2, 2026 to comply with technical labelling standards (a shorter extension than the Commission proposed).

Critical caveat: none of this is law yet. Parliament has its position; the Council agreed its own mandate on March 13. Now they enter trilogue — negotiations with the Commission to agree a final text. Until the amended regulation is published in the Official Journal, the original August 2, 2026 deadline remains legally valid.

What Is Still August 2026 (Unchanged)

The high-risk delay is real but narrow. The following obligations are completely unaffected:

Transparency obligations (Article 50) — chatbot disclosures, AI content labelling, emotion recognition notifications. Still August 2, 2026.
Prohibited AI practices (Article 5) — social scoring, mass biometric surveillance, subliminal manipulation. Already in force since February 2025.
AI literacy (Article 4) — staff training on AI tools used at work. Already in force since February 2025.

For most SMEs, these are the obligations that matter day-to-day. The chatbot disclosure fix takes minutes. AI content labelling takes an afternoon. Neither was ever part of the high-risk delay — and neither is moving.

The Practical Advice: Use the Time Well

Jason Hookey, executive counselor at Info-Tech Research Group, said it simply: "The delay only changes the timeline, not the ultimate requirements. Use the additional time to properly prepare."

For SMEs, that means three things right now:

Do the August 2026 work now. Chatbot disclosures, AI content labelling, staff briefings — these are quick and mandatory. Do them before summer.
Start your AI inventory. List every AI tool your company uses, classify each by risk level, and document what you're doing with them. This is the foundation of all future compliance work, regardless of which deadline applies.
Don't use the delay as a reason to pause on high-risk AI. If you're using AI in hiring, credit scoring, or education access, the requirements aren't going away — they're just arriving later. Early compliance is a competitive advantage. Last-minute compliance in 2027 will be chaotic.

The Bottom Line

The EU Parliament's vote this week is genuinely good news for businesses struggling with high-risk AI conformity assessments. The 18-month extension is real — assuming trilogue confirms it.

But the experts are right: this is not a pause button. The underlying risk from ungoverned AI exists independent of enforcement dates. The businesses that treat the delay as extra preparation time will be in a far better position in 2027 than those treating it as a reason to postpone all compliance thinking. And for transparency obligations — the ones most SMEs actually need to deal with — August 2026 hasn't moved at all.

Use our free 10-minute AI audit to understand exactly where your business stands across all EU AI Act obligations — high-risk and otherwise.