The AI Act deadline moved. That is not a reason to relax.
The European Parliament and the Council have given final approval to the "Digital Omnibus": the main deadline for high-risk AI under Annex III moves from August 2026 to 2 December 2027. What this actually means for your company – and why GDPR is entirely unaffected by the shift.
What actually changes
Short version – see the full timeline with every date on our deadlines page.
What does not change: GDPR
The Digital Omnibus only changes deadlines inside the EU AI Act. Nothing changes about your GDPR obligations – records of processing, data subject rights, data protection impact assessments, breach notification. And according to Bitkom ("Datenschutz in der deutschen Wirtschaft", May 2026, 603 companies surveyed), 81% of companies feel burdened by existing data protection obligations. The AI Act deadline was never the only open item – it just stopped being the most urgent one.
The real blind spot: do you even know if you're affected?
According to Bitkom, a meaningful share of companies are still only just working out whether and to what extent the EU AI Act applies to them at all. That is the actual bottleneck – not the postponed deadline. If you don't know whether you're a provider or a deployer of a high-risk system, there's no deadline to relax about in the first place.
Am I affected by the EU AI Act?
Answer 5 short questions in under 1 minute and find out whether your company needs AI documentation.
What is your role in the company?
This lets us tailor the results to your situation.
What you’ll get
- Instant risk classificationAre you affected by the EU AI Act – and at which risk level?
- Steps tailored to your roleConcrete recommendations for Compliance, IT, Legal or Management.
- In under a minute, no sign-up5 quick questions – that’s it.
→ Create an AI inventory and document your high-risk systems.
Which systems count as high-risk (Annex III) →⚖️ This check is not legal advice. If in doubt we recommend legal review.
What to do with the extra time
More time does not mean less work – it means you can do the work in a structured way instead of under time pressure. The order of operations stays the same, only the buffer got bigger.
Frequently asked questions about the Digital Omnibus
Is the deadline shift already legally binding?
The European Parliament (16 June 2026) and the Council (29 June 2026) have both given final approval. It only becomes legally binding once published in the Official Journal of the EU, expected before 2 August 2026. Until then, the original deadline formally still applies.
Why start now if there is more time?
Because a complete AI inventory and a defensible risk classification typically take several months – and because your GDPR obligations are enforceable right now, independent of this deadline.
Does the postponement apply to all AI systems?
No. It applies to the main application deadline for high-risk AI under Annex III (now: December 2027) and product-integrated AI under Annex I (now: August 2028). Prohibited practices, GPAI obligations, and Art. 50 transparency obligations (August 2026) are not affected.
Use the extra time in a structured way
SimpleAct helps you build AI inventory, risk classification, and documentation properly now – instead of scrambling right before the new deadline.
Get started for free