EU AI Act Omnibus: December 2027 High-Risk Deadline Confirmed, The SME Relief Provisions Most Teams Haven't Mapped

December 2, 2027. That’s the date.

Following the EU AI Act Omnibus political agreement reached in early May 2026, the compliance deadline for high-risk AI systems, covering biometrics, critical infrastructure, education, and employment, has been confirmed at December 2, 2027. Risk management documentation, transparency obligations, and conformity assessment requirements under Annex III all apply from that date. If your organization operates in any of those sectors and deploys AI systems that meet the high-risk classification threshold, December 2, 2027 is the binding compliance horizon.

Most compliance teams already have that date. What many haven’t fully mapped is what the Omnibus did for developers and deployers operating at smaller scale. The Commission framed the Omnibus package as incorporating a “Competitiveness Compass” approach to prevent overburdening SMEs, according to Commission communications. The specific provisions that flow from that framing, proportionality adjustments, simplified documentation pathways, or cost-sharing mechanisms, are subject to confirmation in the final legislative text, which hasn’t been formally adopted. Plan around the direction; don’t build procedures on the specifics until the text is final.

The Omnibus also includes a post-market exemption worth tracking. Under reported Omnibus terms, AI models placed on the market before August 2025 are expected to be exempt from General Purpose AI (GPAI) obligations until August 2027, absent significant changes to the model. That’s an 18-month window that’s already running for organizations that shipped models in early 2025. “Absent significant changes” isn’t defined with precision in available sources; how regulators interpret fine-tuning, capability updates, and deployment expansions against that threshold will determine whether the exemption holds. That’s the definitional risk your legal team should be scoping now, not in Q4 2026.

The real question is what “significant changes” means for organizations that continuously update deployed models. An August 2025 foundation model that’s been fine-tuned quarterly may or may not retain exemption status, and the answer will come from the final legislative text and subsequent EU AI Office guidance, not from the political agreement itself.

Don’t expect the final text to arrive quickly. The political agreement is the end of the political negotiation phase, not the end of the legislative process. Legal-linguistic review, formal adoption procedures, and publication in the Official Journal of the EU follow. The compliance calendar for December 2, 2027 has roughly 18 months of runway from now, enough time to build a conformity assessment program if work starts in the next quarter, not enough time to start from scratch in 2027.

Teams that have already mapped their Annex III exposure against the three-pathway deadline structure should now layer in two variables the Omnibus introduced: the GPAI post-market exemption window and the SME proportionality provisions. Neither changes the December 2, 2027 high-risk deadline. Both change the compliance workload calculation for organizations that thought they had the full scope mapped.

The compliance teams that come out ahead on this aren’t the ones with the most detailed December 2027 plans, they’re the ones who have already identified which of their deployed models might qualify for the post-market exemption and what change events would void it. That’s the narrower, more defensible question. Start there.