Insights
Written by Helen Jeeves
Editor’s note (15 May 2026): Since the earlier version of this article was drafted, the European Parliament and Council have reached a provisional political agreement to delay certain high-risk AI Act deadlines. This updates the timetable for some obligations, but not the underlying need for regulated firms to strengthen AI governance, literacy, oversight and evidence.
| Date / point | Why it matters |
| 7 May 2026 | A provisional political agreement was reached to delay key high-risk AI deadlines. It is a real policy shift, but it still needs formal adoption. |
| 2 Feb 2025 | AI literacy obligations and prohibited AI practices already apply. This is why ‘wait and see’ is the wrong response. |
| 2 Aug 2025 | General-purpose AI (GPAI) obligations and governance already apply. |
| 2 Dec 2026 | If the political agreement is formally adopted, watermarking obligations and the new ban on ‘nudifier’ systems will apply from this date. |
| 2 Dec 2027 | If adopted, stand-alone high-risk AI systems in areas such as biometrics, employment, education and critical infrastructure will move to this date. |
| 2 Aug 2028 | If adopted, high-risk AI systems embedded in regulated products will move to this date. |
| Main takeaway | The dates have moved. The work has not. Regulated firms still need AI inventory, role-based literacy, governance and evidence of oversight. |
A lot of leaders will see the latest EU AI Act developments and think one thing: relief.
On 7 May 2026, Parliament and Council negotiators reached a provisional political agreement to delay certain high-risk AI Act obligations. If formally adopted, stand-alone high-risk AI systems would move from August 2026 to 2 December 2027, while high-risk AI systems embedded in regulated products would move to 2 August 2028. Watermarking obligations on AI-generated content would move to 2 December 2026.
That matters. But it would be a mistake to read this as permission to pause.
For regulated organisations, the real challenge was never just a technical compliance date. It was always whether the organisation was building the governance, literacy, oversight and evidence needed to deploy AI responsibly at scale. That challenge remains.
The most important shift is timing.
Under the political agreement, the main obligations for stand-alone high-risk AI systems would apply from 2 December 2027. For AI systems embedded in products such as lifts or toys, the date would be 2 August 2028. The application of watermarking obligations on AI-generated content would move to 2 December 2026.
The package also introduces a ban on AI systems that create child sexual abuse material or depict the intimate parts of an identifiable person, or them engaged in sexually explicit activities, without consent. Companies would have until 2 December 2026 to bring their systems in line.
The right language here is important. This is a political agreement, not the final legal text in force today. The European Parliament and Council still need to complete formal adoption. That means leaders should neither ignore the change nor present it as a settled, final position without qualification.
Several important obligations are already live.
AI literacy obligations and the bans on prohibited AI practices have applied since 2 February 2025. Obligations for providers of general-purpose AI models, together with governance requirements, have applied since 2 August 2025.
The European Commission’s implementation material now reflects the political agreement and shows the revised direction of travel for high-risk AI systems. That does not reduce the importance of getting ready. It simply changes the runway for some obligations.
In financial services, insurance, healthcare and other regulated sectors, AI governance does not sit neatly inside one function. It cuts across technology, compliance, operational resilience, model risk, conduct, procurement, HR and learning.
So even with more time on some high-risk obligations, the practical questions remain the same: Do you know where AI is being used? Can you separate low-risk experimentation from higher-risk use cases? Do leaders understand where accountability still sits? Can you evidence a proportionate approach to AI literacy and oversight?
That is why this topic still matters so strongly to three audiences in particular:
The wrong conclusion is: “We have another year, so we can wait.”
The better conclusion is: “We have more time to do this properly.”
The EU has not abandoned the AI Act. It has adjusted the implementation timetable for parts of it while keeping the broader risk-based framework and several existing obligations intact.
So yes, the dates have moved.
But for regulated organisations, the more important question is unchanged: are your people, processes and governance ready to support responsible AI use in practice?
Sources and further reading
Early Careers
This executive briefing explores the realities of scaling AI in regulated organisations, covering workforce capability, governance, productivity, adoption and emerging opportunities in financial services.
The technology may be moving fast, but the biggest AI challenges remain deeply human. Following a recent industry roundtable, this article reflects on workforce readiness, adaptability, trust and the pressure organisations face to keep pace with AI change.
Learn how to build AI capability at scale with a practical framework covering governance, workforce readiness and real-world adoption.