Frameworks

The EU AI Act Was Postponed. Here Is What Actually Changed

The EU AI Act has not been cancelled. It has not disappeared. But part of its timeline has changed.

6 July 20263 min readKodex Compliance
The EU AI Act Was Postponed. Here Is What Actually Changed

The biggest update is around high-risk AI systems. These are the AI systems used in sensitive areas such as employment, education, biometrics, critical infrastructure, migration, asylum and border control. The original expectation was that many high-risk AI obligations would begin applying in August 2026. That has now shifted.

Under the updated timeline, rules for many stand-alone high-risk AI systems will apply from 2 December 2027. High-risk AI systems embedded in regulated products, such as certain machinery, robotics or safety components, will apply from 2 August 2028. The Council of the EU describes this as a fixed timeline for the delayed application of high-risk rules. Council of the EU

The European Parliament confirms the same split: 2 December 2027 for stand-alone high-risk AI systems and 2 August 2028 for AI systems embedded as safety components and covered by EU sectoral safety legislation. European Parliament

So yes, part of the AI Act timeline has been postponed.

But that does not mean companies should stop preparing.

Some obligations are already active. The AI Act’s prohibited AI practices and AI literacy requirements have applied since 2 February 2025. Governance rules and obligations for general-purpose AI models began applying from 2 August 2025. European Commission

This is the part many companies may misunderstand. A postponed high-risk deadline is not the same thing as a pause on AI governance.

The practical work still needs to happen.

Companies need to know where AI is being used, what each system does, what data it touches, who owns it, what risks it creates and what evidence exists. Without that basic inventory, it becomes difficult to classify systems, prepare documentation or answer customer and regulator questions.

The new timeline gives companies more room. That time should be used properly.

For teams using AI in hiring, credit, education, healthcare, infrastructure, border control or other sensitive areas, the next step is not panic. It is mapping. Start with an AI inventory. Then classify risk. Then identify evidence gaps. Then create a realistic compliance roadmap.

The European Commission’s high-risk AI guidance also reflects the new enforcement timeline and explains that high-risk AI systems are limited to use cases that can endanger health, safety or fundamental rights. European Commission

In simple terms: the deadline moved, but the work did not.

A delayed deadline can be useful if companies treat it as preparation time. It becomes risky if they treat it as waiting time.

For startups and growing companies, this is the right moment to get clear before customers, investors or regulators ask harder questions. The companies that build their AI compliance map early will be better placed to explain what they use, why they use it, who owns it and what evidence supports it.

At Kodex Compliance, we help teams turn scattered AI use into a clear compliance map, so they can move from uncertainty to a practical plan.

References

Council of the EU: AI Act timeline
European Parliament: AI Act simplification measures
European Commission: Navigating the AI Act
European Commission: High-risk AI systems guidance

Build the evidence trail

Kodex Compliance helps teams turn questionnaires, documents, implementation proof, and reviewer decisions into a clear compliance record.

Request demo