The clock is running. August 2, 2026 is the date EU AI Act Annex III obligations become enforceable against high-risk AI system operators, a date established by the Act’s official timeline (entry into force August 1, 2024, plus a 24-month transition period for high-risk systems). That date hasn’t moved. What has changed this week is the legal terrain around it.
Legal researchers published an April 2026 paper arguing that agentic AI systems exhibiting “untraceable behavioral drift” may be incompatible with the EU AI Act’s transparency obligations for high-risk systems. The Nannini et al. paper, details of which are pending publication venue confirmation, represents a legal interpretation, not a formal regulatory determination, but legal arguments that find their way into enforcement guidance or judicial review have a way of becoming operational constraints.
What Annex III Actually Requires
Annex III designates categories of high-risk AI systems subject to the Act’s most demanding obligations: conformity assessment, technical documentation, data governance standards, human oversight mechanisms, and transparency to deployers and users. The conformity assessment requirement means operators must demonstrate, before deployment, that their systems meet the Act’s safety and transparency standards. An agentic system that behaves differently in deployment than it did during assessment creates a direct tension with that requirement.
The Nannini et al. argument follows from this structure: if a system’s behavior drifts in ways that cannot be traced or documented, the operator cannot maintain accurate conformity documentation. A system that cannot be documented as conformant may not legally be placed on the EU market. That’s the legal logic, and it’s internally coherent, even if it hasn’t been tested against the Act’s text by an enforcement authority.
The Digital Omnibus Wild Card
EU trilogue negotiations over a “Digital Omnibus” legislative package could delay certain Annex III obligations to December 2027. That outcome remains unresolved. The August 2 date is operative until the trilogue produces a final text and that text is formally adopted. Compliance teams who are building scenarios around a potential delay need a parallel track: the delay may not materialize, may apply only to specific obligation categories, or may come with transition conditions that require action before the new deadline. Planning for the delay as a certainty is a compliance risk in itself.
Who This Affects Most
High-risk AI system operators using agentic pipelines, autonomous systems that take sequences of actions, call external tools, or operate over extended time horizons without human review of each step, are the most directly exposed to the agentic drift argument. This includes operators in sectors already listed in Annex III: employment screening, credit scoring, critical infrastructure management, biometric identification, and educational assessment.
The broader agentic AI compliance picture has appeared in multiple recent cycles. This isn’t an isolated legal theory, it’s a pattern.
What to Watch
Three things determine how this plays out: the trilogue outcome on Digital Omnibus (watch for formal text, not informal signals); the European AI Office’s first enforcement guidance on Annex III interpretation (which will clarify whether behavioral drift triggers conformity re-assessment); and the Nannini et al. paper’s reception in the legal community, which signals whether this argument is gaining traction toward regulatory adoption.
TJS Synthesis
105 days is enough time to close a compliance gap if you know where it is. It’s not enough time to build documentation infrastructure from scratch. Operators who have been counting on the Digital Omnibus delay to create breathing room should treat that assumption as a planning risk, not a planning premise. The agentic drift legal argument, regardless of its ultimate fate in enforcement proceedings, signals where the regulatory conversation is heading, and conformity documentation for agentic systems should be on your Q2 priority list regardless of the trilogue outcome.