Editor’s Note: Europe’s AI Act rewrite has cleared its final political hurdle, but it is not yet fully operative. On June 29, the Council of the EU gave final approval to the digital omnibus, confirming delayed high-risk AI deadlines of Dec. 2, 2027, for standalone Annex III systems and Aug. 2, 2028, for high-risk AI embedded in regulated products. The amendment still awaits publication in the Official Journal, where entry into force will be triggered three days later.

The timing is the story. The delay gives organizations more time for high-risk conformity work, but the AI Act’s broader Aug. 2, 2026, application date remains on track, including the AI Office’s full enforcement role. That leaves compliance pressure in place for obligations the omnibus did not substantially move, including the existing prohibited-practices regime, Article 50 transparency duties, and general-purpose AI oversight.

For cybersecurity, data privacy, regulatory compliance, and eDiscovery professionals, the practical task is now classification and sequencing. Organizations should map AI systems against Annex III and Annex I, review their exposure to the new prohibitions on nudification and AI-generated child sexual abuse material, and prepare documentation, logging, retention, human oversight, and vendor governance processes for the parts of the Act that arrive first. The key date to watch next is publication in the Official Journal, followed by the technical standards that will shape defensible high-risk compliance.


Content Assessment: Council clears the AI Act rewrite as the enforcement clock keeps ticking

Information - 93%
Insight - 93%
Relevance - 94%
Objectivity - 92%
Authority - 92%

93%

Excellent

A short percentage-based assessment of the qualitative benefit expressed as a percentage of positive reception of the recent article from ComplexDiscovery OÜ titled, "Council clears the AI Act rewrite as the enforcement clock keeps ticking."


Industry News – Artificial Intelligence Beat

Council clears the AI Act rewrite as the enforcement clock keeps ticking

ComplexDiscovery Staff

The Council of the EU gave final approval on June 29 to the rewrite of Europe’s Artificial Intelligence Act, confirming delayed high-risk deadlines that now await publication in the Official Journal to take effect.

That vote clears the last political hurdle for the digital omnibus. It also sets up a tight sequence: the amendment must still enter into force even as the AI Act’s broader Aug. 2, 2026, application date approaches, including the AI Office’s full enforcement role.

The package, the seventh simplification bundle the European Commission proposed on Nov. 19, 2025, cleared Parliament on June 16 by a vote of 423 to 57, with 174 abstentions. At that stage it still needed the Council’s sign-off to become law, as ComplexDiscovery reported. The Council supplied it on June 29. The amended regulation takes effect three days after publication in the EU’s Official Journal, expected within weeks.



What the package confirms

The delay that had been provisional is now confirmed, awaiting only publication in the Official Journal to enter into force. Standalone high-risk systems under Annex III, covering uses such as hiring, credit scoring, biometric identification, and education, face a compliance date of Dec. 2, 2027. High-risk AI embedded as a safety component in regulated products under Annex I, from medical devices to industrial machinery, has until Aug. 2, 2028. Machine-readable watermarking obligations for AI-generated content systems placed on the market before Aug. 2, 2026, shift to Dec. 2, 2026, after the Council cut the grace period from six months to three, though the broader Article 50 transparency duties still begin Aug. 2, 2026. The ban on nonconsensual nudification tools and AI-generated child sexual abuse material carries that same Dec. 2, 2026, compliance date.

Michael McNamara, a Renew lawmaker from Ireland and co-rapporteur on the file, said the nudification ban targets tools that “impact real people, overwhelmingly women, with the purpose of humiliating, degrading and objectifying them,” and would “enter into force before the end of this year.”

The August collision

Final political approval sharpens a wrinkle. Even with high-risk relief now confirmed, most of the AI Act still applies from Aug. 2, 2026. That date brings the AI Office, the Commission’s enforcement arm, into its full enforcement role, with authority to demand information, order changes, and levy fines. So the broader application date lands with the amendment still moving toward entry into force, bringing that enforcement role to bear on the obligations the omnibus left largely on track, including the existing prohibited-practices regime, Article 50 transparency duties, and general-purpose AI oversight. The omnibus routes enforcement of certain general-purpose systems through the AI Office to centralize that work.

General-purpose AI, already on the clock

For the general-purpose AI models behind chatbots and image generators, obligations have applied since Aug. 2, 2025, backed by a General-Purpose AI Code of Practice approved a day earlier and Commission guidance on which providers fall in scope. Models placed on the market before that date have until Aug. 2, 2027, to conform. None of that moved in the omnibus. Providers who expected the simplification package to loosen general-purpose rules did not get their wish.

What the rewrite still trims

Beyond deadlines, the adopted text narrows the Act in ways that survived to final approval. Machinery products with AI functions answer to sector-specific safety rules rather than duplicate AI Act requirements. A tightened definition of safety component means AI that only assists users or optimizes performance avoids automatic high-risk status when a malfunction poses no health or safety risk. Developers may process personal data where strictly necessary to detect and correct bias, with safeguards. Existing small-business exemptions extend to small mid-cap enterprises. The Council also postponed the deadline for national AI regulatory sandboxes to Dec. 2, 2027. Co-rapporteur Arba Kokalari of Sweden cast the simplification as a way to keep technology companies building and staying in Europe, a competitiveness argument that ran through the debate.

What practitioners should do next

For compliance, privacy, and information governance teams, final adoption converts planning assumptions into fixed dates. Map which AI uses fall under Annex III versus Annex I to know whether the 2027 or 2028 clock applies. Confirm whether any deployed or purchased tool touches the new nudification prohibition, which arrives first. And prepare for the AI Act’s broader Aug. 2, 2026, application date, including the AI Office’s full enforcement role, which reaches the obligations the omnibus left largely on track. The extended high-risk timeline gives organizations room to finish conformity, documentation, and human-oversight work, provided they treat the confirmed dates as deadlines and not distant suggestions.

With the rewrite now settled, the uncertainty shifts from what the rules say to how fast Europe will enforce the parts it kept. Is your AI compliance program built for the deadlines that moved, or the ones that did not?



News sources



Assisted by GAI and LLM Technologies

Additional reading

Source: ComplexDiscovery OÜ

ComplexDiscovery’s mission is to enable clarity for complex decisions by providing independent, data‑driven reporting, research, and commentary that make digital risk, legal technology, and regulatory change more legible for practitioners, policymakers, and business leaders.

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is an independent digital publication and research organization based in Tallinn, Estonia. ComplexDiscovery covers cybersecurity, data privacy, regulatory compliance, and eDiscovery, with reporting that connects legal and business technology developments—including high-growth startup trends—to international business, policy, and global security dynamics. Focusing on technology and risk issues shaped by cross-border regulation and geopolitical complexity, ComplexDiscovery delivers editorial coverage, original analysis, and curated briefings for a global audience of legal, compliance, security, and technology professionals. Learn more at ComplexDiscovery.com.

 

Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Gemini, Grammarly, Midjourney, and Perplexity, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.