Digital Omnibus on AI: the 7 May 2026 deal

On 7 May 2026 the EU Council and Parliament reached provisional agreement to delay high-risk AI deadlines. Annex III now applies from 2 December 2027; Annex I from 2 August 2028. Article 4 + Article 5 are unchanged.

The Omnibus deal is the single most important regulatory change to the EU AI Act since adoption. It moved Annex III standalone high-risk obligations from 2 August 2026 to 2 December 2027, a 16-month shift that materially changes 2026 compliance scoping for every deployer. Annex I embedded high-risk (medical devices, machinery) moved to 2 August 2028. Critically, Article 4 AI literacy and Article 5 prohibited practices were NOT changed, both remain enforceable from 2 February 2025. SME relief was also extended to small mid-caps (SMCs) for the first time.

1. 1
   12 minFeatured

   EU AI Act Omnibus Deal Explained: New High-Risk Deadlines for 2027 and 2028

   On 7 May 2026 the EU Council and Parliament reached a provisional agreement to delay the high-risk AI deadlines. Annex III standalone systems now apply from 2 December 2027, Annex I embedded systems from 2 August 2028. Article 4 literacy and Article 5 prohibited practices are unchanged and still live.

   Read article
2. 2
   14 min

   EU AI Act Compliance Checklist: 10 Steps Before the High-Risk Deadline

   A practical 10-step compliance checklist for the EU AI Act. From AI inventory to ongoing monitoring: everything your business needs before enforcement begins.

   Read article
3. 3
   14 minFeatured

   EU AI Act for HR Teams: What Recruitment, Performance Review, and Worker Management AI Needs

   Recruitment AI, CV screening, performance scoring, promotion and termination AI, gig allocation, and worker monitoring all sit in Annex III(4) high-risk territory under the EU AI Act. This guide covers what HR teams need to do under Article 26, when an Article 27 FRIA is required, and how to scope a 90-day HR AI compliance ramp.

   Read article
4. 4
   15 minFeatured

   EU AI Act for Healthcare AI: Medical Devices, Diagnostics, and Clinical Decision Support

   Healthcare AI sits at the intersection of two regimes: the EU AI Act + sectoral product law (MDR / IVDR). This guide covers Annex I embedded high-risk classification, the dual conformity assessment route, Article 73 incident reporting on top of MDR vigilance, and the 2 August 2028 deadline post-Omnibus.

   Read article
5. 5
   14 minFeatured

   EU AI Act for Credit Scoring AI: Annex III(5)(b), Article 27 FRIA, and Consumer Credit Law

   Credit-scoring AI is one of the few use cases that REQUIRES an Article 27 FRIA under the EU AI Act. This guide covers Annex III(5)(b) classification, the FRIA process, GDPR Article 22 automated-decision rights, the Consumer Credit Directive interaction, and the 2 December 2027 deadline.

   Read article
6. 6
   14 minFeatured

   EU AI Act Article 27 FRIA: How to Run a Fundamental Rights Impact Assessment

   Article 27 requires certain deployers of high-risk AI systems to run a fundamental rights impact assessment (FRIA) before deployment. Who's actually in scope is narrower than most read it. This guide covers the 6 things a FRIA must cover, how it differs from a GDPR DPIA, the notification step, and how to scope your first FRIA without over-engineering it.

   Read article