EU AI Act Trilogue Closes In On Fixed Delay — What December 2027 Actually Means for Your Compliance Plan

The Week Everything Lines Up

The EU AI Act trilogue negotiations — the final negotiation phase between the European Parliament, the Council of the EU, and the European Commission — are entering their endgame. A political agreement on the consolidated text is expected by April 28, 2026. If that timeline holds, endorsement by Parliament and the Council could follow in May and June, with publication in the Official Journal by July 2026, before the current August 2 deadline.

The good news for businesses that have been scrambling to prepare: both the Council and the Parliament have converged on a position that is significantly more accommodating than the original timeline. The bad news: the law has not been formally adopted yet, and that distinction matters enormously for how you plan your compliance work right now.

The Fixed Dates Are Now the Dominant Position

Both institutions have rejected the European Commission's original conditional mechanism — the idea that compliance deadlines would be tied to the adoption of specific implementing acts. Instead, they have replaced it with hard, fixed dates:

• December 2, 2027 — for standalone high-risk AI systems classified under Annex III of the AI Act. This covers AI systems in areas like hiring, credit scoring, biometric categorisation, critical infrastructure management, and — as of August 2, 2026 — customer emotion recognition in contact centres.
• August 2, 2028 — for AI embedded in regulated products under Annex I. This covers AI systems inside machinery, medical devices, toys, radio equipment, and other products that already carry their own regulatory frameworks.

The A&O Shearman analysis is direct: these fixed timelines are "the dominant negotiating position and will likely survive trilogue."

There is a separate track for synthetic content obligations — the rules requiring providers to disclose when AI-generated content is materially deceptive. The Council proposes February 2, 2027; the Parliament proposes November 2, 2026. The six-month gap will be resolved in trilogues, but the obligation itself is not in question.

What the "Proportionality Benefits" for SMEs Actually Include

All three EU institutions agree on one thing: the compliance burden on small and medium-sized companies needs to be more manageable. The AI Omnibus proposes specific relief mechanisms that are likely to survive the final trilogue.

• Simplified documentation requirements — SMEs would not need to produce the same volume of technical documentation as large enterprises for equivalent AI systems. The exact scope of what "simplified" means in practice will be defined in the final text.
• Proportional quality management systems (QMS) — the full QMS requirement that applies to large providers would be scaled for smaller companies. The Helsinki Statement work under the EDPB is also producing DPIA templates and breach notification forms that will dovetail with this proportionality approach.
• Reduced penalties — national enforcement authorities already have discretion to factor in whether an organisation is an SME or startup when assessing fines, weighing the nature and gravity of the violation, intent, and degree of cooperation. The Omnibus is expected to make this proportionality more explicit in the fine structure.

These are meaningful relief mechanisms. The European Commission's own SME impact assessment estimated per-system compliance costs of between €6,000 and €7,000 for smaller companies. Proportionality relief could reduce that figure — but only once the final text specifies exactly what simplified documentation and QMS actually mean for your product category.

Why the Safest Course Right Now Is Unchanged

Here is the most important sentence in the A&O Shearman analysis, and it bears repeating: "For businesses, the safest course of action is unchanged: continue planning against the original deadline of August 2, 2026."

The reason is straightforward: the AI Omnibus has not been formally adopted yet. A political agreement on April 28 is the start of the final legislative process, not the end. The text still needs to be endorsed by Parliament and Council, translated into all official EU languages, reviewed by legal linguists, and published in the Official Journal before the new dates become law.

If you are an SME that has been putting off conformity assessment work, or deferring the decision to engage legal counsel, or waiting for the trilogue outcome before committing to a compliance budget — waiting makes sense only if you are also actively preparing. Companies that treat the likely delay as a reason to stop preparing are the ones that will find themselves with 90 days of work to do in 30 days when the final text lands differently than expected.

The Literacy Split Is Still Open

One area where genuine disagreement remains between the institutions is AI literacy. The Parliament favours a binding legal obligation on providers and deployers to support AI literacy among their staff — though it clarifies this does not guarantee any specific individual literacy outcome. The Council prefers a purely non-binding encouragement model, removing the legal obligation entirely.

For SMEs that employ AI systems in their operations, this matters because AI literacy obligations — if they survive as binding — will require some form of documented staff awareness programme. The final text will determine whether this is a legal requirement or an aspiration.

What to Do Right Now

Three concrete actions for the next 48 hours:

• Watch for the April 28 trilogue outcome. A political agreement on that date would be a strong signal that the December 2027 and August 2028 dates are locked in. Monitor the European Commission's and Parliament's official channels for the announcement.
• Do not stop your compliance work. If you have begun conformity assessments, documentation, or vendor assessments for high-risk AI systems, continue. The likely delay reduces urgency, not the obligation. And the proportionality benefits are more accessible to companies that have already done the groundwork to understand what they are claiming simplified relief from.
• Map your AI systems to Annex I and Annex III. The distinction between standalone Annex III systems (December 2027) and Annex I embedded systems (August 2028) determines which compliance timeline applies to your products. If your AI is inside a regulated product — medical device, machinery, consumer product — you may have an additional year beyond the Annex III deadline. Know which category your systems fall into.

The Bottom Line

The trilogue is converging, and the direction is clear: the August 2, 2026 deadline for high-risk AI systems is effectively being replaced with December 2, 2027 for most standalone systems and August 2, 2028 for embedded systems. That is a significant reprieve — approximately 16 months extra for Annex III systems, and 24 months for Annex I.

For SMEs: use the time. Proportionality benefits for smaller companies are a genuine part of the final package. But the compliance obligation does not disappear — it moves. And the companies that treat the extra months as a chance to do the work more carefully, rather than as a reason to do less of it, will be the ones that arrive at the new deadline in a stronger position.

We will have a full analysis of the final trilogue outcome as soon as the April 28 agreement — or its absence — is confirmed.

This article is for informational purposes only and does not constitute legal advice.