The announcement that the EU AI Act’s high-risk AI compliance deadlines would be extended came as welcome news for many organizations running behind on Annex III preparation. Some adjusted their internal timelines immediately. Some paused compliance programs to wait and see. A significant number communicated to stakeholders that the August 2026 deadline was no longer operative.
None of those organizations are legally wrong to be optimistic. But several may be legally wrong about the current deadline.
How EU law becomes law
The European Union’s legislative process involves multiple stages before an agreed position becomes binding on member states and regulated entities. A preliminary political agreement – even one that reflects the genuine consensus of both the European Parliament and the Council – is not the final step. It is, structurally, one of the earlier steps in the formal adoption process.
Once a preliminary agreement is reached, the text must be finalized through legal-linguistic review, formally adopted by both institutions, and then published in the Official Journal of the European Union. For regulations, the operative date of legal effect is the date of Official Journal publication (or a specified number of days after it). Until that publication occurs, the previously enacted regulation remains in full force.
This is not a technicality. It is the mechanism by which EU law operates. An agreement to change a deadline is not itself a change to the deadline.
What the legislative record shows
The European Parliament’s Legislative Train Schedule, the Parliament’s own tool for tracking the progress of legislative files – records the agreed proposed extension dates. For stand-alone high-risk AI systems listed in Annex III (covering areas including critical infrastructure management, education and vocational training, employment and worker management, access to essential services, law enforcement, and border control), the Legislative Train records December 2, 2027 as the proposed compliance deadline. For high-risk AI systems embedded in regulated products under Annex II, medical devices, machinery, aviation components, vehicles, marine equipment, the proposed deadline extends further, to August 2, 2028.
These are the positions confirmed at the legislative level. They reflect genuine institutional agreement. They are not enacted law.
The current, legally operative deadline for Annex III stand-alone high-risk AI systems remains August 2, 2026. Independent analyses from A&O Shearman and Plesner both reach this conclusion explicitly, advising organizations to continue planning against the original deadline. No formal statement from the European Commission has been identified that alters this legal position.
The gap period: what it is and why it matters
The period between a preliminary political agreement and Official Journal publication, what this analysis calls the gap period, is a legally ambiguous zone for compliance planning. The extension is likely to be enacted; both the Parliament and the Council have agreed to it. But “likely” is not the same as “effective,” and organizations that treat a probable outcome as an existing legal reality take on risk that may not be visible until it becomes consequential.
During the gap period, three specific obligations remain fully operative under the August 2, 2026 deadline:
Conformity assessments. Providers of Annex III high-risk AI systems that trigger the mandatory third-party conformity assessment requirement (Article 43) must have completed that assessment by the compliance date. Preliminary agreements don’t pause assessment timelines.
Technical documentation. The documentation requirements under Article 11, technical specifications, training data, accuracy metrics, human oversight provisions, must be complete and current by the deadline.
Registration. High-risk AI systems must be registered in the EU database before being placed on the market or put into service. The registration requirement is tied to the compliance deadline, not to any projected extension date.
Annex II and Annex III: different systems, different proposed timelines
The preliminary agreement distinguishes between two categories of high-risk AI. Understanding which category applies to a given system is not a trivial determination.
Annex III lists categories of high-risk AI by use case: critical infrastructure, biometric identification, education, employment, access to essential services, law enforcement, migration and border management, and administration of justice. The categorization turns on how the system is used and in what context, not solely on the system’s technical characteristics. A system that assists in employment screening, for example, falls under Annex III regardless of whether the underlying model is general-purpose.
Annex II covers AI components embedded in products that are already subject to EU harmonization legislation: the Machinery Regulation, the Medical Device Regulation, the In Vitro Diagnostic Medical Devices Regulation, civil aviation safety rules, marine equipment, rail interoperability requirements, and motor vehicle type-approval rules. The proposed August 2, 2028 deadline for Annex II systems reflects the additional complexity of embedded AI, these systems often require coordination with sector-specific conformity procedures that the AI Act compliance process must align with.
Organizations with AI systems that could plausibly fall under either annex should not assume they know the answer without a documented classification analysis. The extension timeline difference, sixteen months for Annex III, twenty-four months for Annex II beyond the current deadline, is large enough that a misclassification in either direction carries meaningful compliance risk.
Three compliance postures and their risk profiles
Organizations currently in planning mode face a genuine strategic choice during the gap period. Three postures describe the realistic range:
Full sprint against August 2, 2026. This posture treats the current deadline as operative and accelerates toward August 2026 completion regardless of extension likelihood. Risk profile: highest near-term cost and resource pressure; lowest legal exposure. Appropriate for organizations with Annex III systems in high-stakes use cases (law enforcement, critical infrastructure) where non-compliance consequences are severe, or for organizations whose compliance programs are well-advanced and can complete on time.
Phased approach with priority sequencing. This posture continues compliance work but sequences effort by risk priority, highest-stakes systems and applications first, lower-stakes systems in a second phase that could benefit from an enacted extension. Risk profile: hedges cost while maintaining partial coverage; requires careful documentation of the prioritization rationale. Appropriate for organizations with large, diverse AI portfolios where full Annex III sprint across all systems is not feasible.
Wait for Official Journal publication. This posture pauses or significantly slows compliance work pending OJ publication and the formal enactment of new deadlines. Risk profile: lowest near-term resource commitment; highest legal exposure during the gap period. This posture is defensible only for organizations with Annex III systems that have already substantially completed their compliance preparation, or where systems fall clearly in a lower-risk sub-category.
None of these postures is universally correct. The right answer depends on where a given organization’s systems fall within Annex III, how far along its compliance program is, and what its risk tolerance is for legal exposure during the gap period.
What to watch: the OJ publication trigger
The transition from gap period to extended timeline is a discrete event: Official Journal publication. Organizations should monitor the Official Journal directly and through EU legislative tracking tools, including the EP Legislative Train. When the formal adoption by both Parliament and Council is complete and publication is scheduled, the legislative status will advance. At that point, and not before, the new deadlines become operative.
The absence of a formal Commission clarifying statement during the gap period is consistent with how this process normally works. The Commission does not typically issue interim guidance acknowledging a preliminary agreement as effectively changing legal obligations. Waiting for such a statement before deciding on a compliance posture is likely to mean waiting until OJ publication itself.
TJS synthesis
The compliance gap created by a preliminary agreement that isn’t yet law is a predictable feature of the EU legislative process, but it becomes acute when the agreement concerns a deadline that is actively running. Organizations that assumed the preliminary deal resolved their compliance timeline question are operating on a legal assumption rather than a legal fact.
The practical recommendation is straightforward: determine which annex applies to each of your high-risk AI systems, assess your current compliance readiness against the August 2026 deadline, and make a documented, deliberate posture choice, full sprint, phased approach, or gap-period hold, with legal counsel input. Documenting the posture choice matters as much as making it: regulators and auditors in a post-deadline review will want to understand what decisions were made and on what basis, not just what was completed.
The extension, if and when enacted, will change the timeline. It won’t change whether your compliance planning was sound.