A year of the AI Act applying has, above all, changed what boards ask about — less so what genuinely runs in production. And now, after the political agreement on the Digital Omnibus of 7 May 2026, you hear the same thought in many organizations: if Brussels is moving the deadlines, we can ease off. In our view, that's a misreading. The delay to obligations for high-risk systems is real, but on 2 August 2026 the regulation's general applicability and the transparency obligations of Article 50 still take effect — that is, the rules for the AI most companies have actually switched on: chatbots and model-generated content. A delay isn't an exemption.
This text isn't a legal analysis or an article-by-article list of obligations. It's an operator's note for the people who'll have to answer the board's question "so do we actually have to do something by August, or not" — and who'd rather not rewrite the AI roadmap every time a date changes in Brussels.
What actually happened
- 2 August 2026 — general applicability and transparency obligations. From that day most of the regulation applies, including Article 50: a user must be informed that they're talking to AI, and content generated or manipulated by a model (text, image, audio, video) must be labelled. This applies to an ordinary chatbot on a website and a content generator in marketing — not exotic high-risk systems.
- Earlier milestones are already in force. The bans on unacceptable practices and the "AI literacy" obligation have applied since 2 February 2025; the obligations for general-purpose AI models (GPAI) — since 2 August 2025. This isn't news around the corner — it's something the organization should already have signed off on.
- The Digital Omnibus pushes back high risk — and that's the news. The political agreement of the Council and Parliament of 7 May 2026 pushes back the obligations for high-risk systems: standalone Annex III systems to 2 December 2027, and systems embedded in products — to 2 August 2028. Note: this is a political agreement, not yet a final, published text — we treat it as a direction, not a certainty as to wording.
Our thesis — don't confuse a delay with a free pass
A year ago, a conversation with the board about the AI Act came down to the question "does this apply to us." Today it more often comes down to "what specifically and when" — and that's progress, but mainly in the layer of questions, not deployments. In too many companies AI governance still lives in a security-policy PDF rather than in a working system. The Omnibus reinforces that temptation: since the hardest piece (high risk) was pushed back by over a year, it's easy to conclude the topic can wait.
Except that 2 August 2026 concerns AI companies already have switched on. A chatbot that doesn't say it's a chatbot. Content from a model that goes to the client without a label. These aren't edge cases — they're the daily reality of the customer-service and marketing departments. Organizations that a year ago did the minimum version, namely an AI systems register with an owner and a risk class (we wrote about it in the note on governed agents), aren't renegotiating their own roadmap today. They know which system concerns what, and they add the transparency obligation to a list they already keep. The rest start from the question "and what did we even switch on" — in June, eight weeks before the deadline.
Why it matters
Private Equity
For a fund and a portfolio operator, the change of dates is a change in the companies' risk map, not a reason to shelve it. In a company selling SaaS with an AI module, the question is: does the product classify as high-risk and you've just bought a year of buffer — or is it an ordinary chatbot that has to comply with Article 50 already in August. Those are different theses on the cost of compliance and different risks in the earn-out. The Omnibus is worth reading as information for the value map, not as "ticked off."
Enterprise
For a large organization, the worst scenario is halting work on AI governance "because they moved the deadlines," and then discovering in July that labelling generated content and disclosing that the client is talking to a bot aren't done in any of the dozen-plus places where the model already runs. Article 50 transparency is conceptually simple and operationally tedious — because it concerns every touchpoint, not one system. That's work at the architecture layer (where we inject the disclosure and the label), not at the document layer.
SMB / mid-market
For a mid-sized company, the news is good: the heaviest obligation probably doesn't apply to you and it got more time. But if you have a chatbot on your website or you generate content with a model, Article 50 applies to you from August — and that's an afternoon's work, not a program. Add the sentence "you're talking to an AI assistant" wherever a client meets the bot, and label the content that comes out of the model. That's enough not to start from a backlog.
One step you can take this week
List in a single table every place where your company puts a client in touch with AI: chatbots, email assistants, content generators, recommendations. Next to each, note whether the client knows it's AI, and whether the content from the model is labelled. That table is at once the seed of an AI systems register and your checklist for 2 August — and its absence is a more common gap today than any obligation for high risk.
Bring your register
If you're putting AI governance in order against the AI Act deadlines, or you don't know which of your systems fall under Article 50 and which under high risk, bring the list of systems already running. We work from something concrete — from the register, not from the policy. There's more on how a reference architecture holds up before a regulator on the Enterprise page. Describe your case: mailto:[email protected]?subject=Rozmowa%20z%20Aurora%20AI.