EU AI Act Amending Text Published: Which Organizations Must Revise Compliance Programs, and What It Costs

Provisional agreements get signed in rooms. Compliance obligations get created in Official Journals.
That gap is where programs built on best-available information face their first real test.

The EU AI Act Digital Omnibus provisional political agreement was reached in May 2026, as documented
across TJS coverage from May 27. It extended key deadlines, confirmed
Article 5 prohibitions, and introduced documentation relief for SMEs. Compliance teams absorbed
those parameters and started building. That was the right call, acting on best available information
is better than waiting for certainty that may never come cleanly.

But the provisional agreement was a negotiating outcome. The proposed amending regulation is a legal
text. They’re supposed to match. They usually do. The risk is in the places where they don’t, and
in this regulatory environment, the stakes of getting it wrong are measured in percentage points of
global annual turnover.

Why the Distinction Between Provisional Agreement and Formal Text Matters

Provisional agreements in EU legislative procedure reflect the political consensus between the
European Parliament and the Council. They’re binding on the negotiating parties in the sense that
both sides agreed to the outcome. They’re not binding on regulated entities in the sense of being
enforceable law.

The proposed amending regulation, once it’s formally adopted, published in the Official Journal,
and enters into force, is what compliance programs must track. According to legal analysis
reportedly issued following the amending text’s publication as of publication, compliance teams should
verify their assumptions against the official text. That guidance couldn’t be confirmed against
specific named-firm publications as of publication, and should be treated as qualified until EUR-Lex
publication is independently confirmed.

The practical consequence: any compliance program that used provisional-agreement parameters as
its deadline anchor without scheduling a formal-text review now has a gap in its audit trail.
That gap isn’t a crisis, it’s a task.

Comparison: Provisional Agreement vs. What to Verify in the Final Text

The following comparison reflects what was established in prior TJS coverage from the provisional
agreement period, and what compliance teams should verify against the published amending text.
It doesn’t assert that these items changed, it maps what needs checking.

| Compliance Area | Provisional Agreement Parameter | Verify in Final Text |
|—|—|—|
| High-risk system deadlines | Extended beyond original Article 6(1)(a) timeline | Confirm specific months, do deadlines match the extended schedule? |
| GPAI provider obligations | General provider obligations confirmed; delegated acts pending | Whether delegated acts timelines or scope changed |
| Article 5 prohibited practices | Confirmed as finalized per prior briefs | Whether prohibited practice definitions were modified in legal drafting |
| SME documentation relief | Proportionality provisions reportedly included | Whether relief applies to all high-risk categories or specific Annex III entries |
| Grandfathering provisions | Risk for systems placed on market before effective date, per May 27 analysis | Whether the amending text closes or preserves the grandfathering gap |

This table is a verification framework, not a delta report. It reflects what’s worth checking –
not confirmed changes. Compliance teams should treat each row as an open question until they’ve
reviewed the text.

Three Organization Types, Three Distinct Revision Exposures

Not every organization faces the same revision pressure. The amending text creates three distinct
compliance review obligations.

*GPAI providers.* The general-purpose AI provider obligations were among the most contested
elements of the Digital Omnibus process. Provisional agreement parameters established the
framework; delegated acts were expected to fill in specifics. The real question is whether the
amending text’s treatment of GPAI obligations resolves any of the delegated-acts ambiguities
that compliance teams were holding open. If it doesn’t, if delegated acts remain the governing
instrument for GPAI specifics, then GPAI providers’ programs don’t require fundamental revision,
but they need to confirm that conclusion from the text rather than assuming it.

*High-risk system deployers.* These organizations built conformity assessment timelines against
provisional deadlines. Each deadline in that schedule should be confirmed against the amending
text’s specific language. A 30-day shift in a registration deadline doesn’t sound significant
until it’s the difference between on-time submission and a late-filing inquiry. The
May 28 TJS deadline reference brief provides the prior
framework; the formal text is the verification target.

*SMEs.* Documentation relief provisions were among the most discussed elements of the Digital
Omnibus negotiations. SMEs that deprioritized documentation requirements based on reported
relief need to verify three things: whether the relief applies to their specific high-risk
category under Annex III, whether it’s unconditional or subject to thresholds, and whether any
sunset provision applies. A relief provision that expires before enforcement begins is not a
relief provision.

The Grandfathering Gap, Still Open

Prior TJS analysis flagged the grandfathering risk
for organizations that placed AI systems on the market between the EU AI Act’s original entry
into force and the Digital Omnibus amendments. The question was whether systems launched during
that window fell under the original timeline or the extended timeline. If the amending text
addresses this directly, it resolves a compliance planning ambiguity that legal analysts had
flagged as a significant risk. If it’s silent, the gap remains, and organizations in that
window need external legal counsel’s judgment, not a compliance team’s estimate.

This is one of the highest-stakes verification items in the amending text review. Don’t expect
it to be obvious on a first read; grandfathering provisions frequently appear in transitional
arrangements sections that are easy to miss.

The Compliance Revision Checklist

Organizations conducting the amending text review should work through the following, in order:

One: Confirm the amending text is available on EUR-Lex and that the version reviewed is the
formally published instrument, not a working document or leaked draft. Document the EUR-Lex
citation and publication date in the compliance program record.

Two: Compare Article 5 prohibited practice definitions in the amending text against the
definitions used in the organization’s prohibited-practice assessment. Any definitional change
– even minor drafting clarification, may affect scope determinations.

Three: Pull every deadline in the compliance program’s timeline and confirm it against the
amending text’s specific transitional provisions. Note the article and paragraph number for
each deadline, not just the date.

Four: For GPAI providers, identify which obligations in the program are anchored to the
amending text versus which are held open pending delegated acts. The amending text review
won’t resolve delegated-acts questions, but it should clarify which obligations are text-based
and which remain pending.

Five: For SMEs, verify documentation relief scope: which Annex III categories, which
thresholds, and what conditions. Update the documentation matrix accordingly.

Six: Review transitional arrangements for grandfathering provisions. If systems were placed on
market before the effective date of the amending regulation, determine explicitly whether the
amending text addresses their compliance track.

What to Watch

The amending text’s formal entry into force requires publication in the Official Journal and
a specified entry-into-force period. Before it’s formally in force, it’s the proposed amending
regulation, not yet binding. Organizations should track the Official Journal publication date
as the true compliance clock start.

After entry into force, the delegated acts process begins its own timeline. For GPAI providers
in particular, delegated acts under the amending regulation are the next major compliance
trigger. The amending text review tells you what the primary obligations are; delegated acts
will tell you how to satisfy them.

Don’t expect certainty. The EU AI Act has produced more interpretive guidance, provisional
assessments, and qualified analysis than most regulatory frameworks of this scope. That’s not
a criticism, it reflects genuine complexity. Compliance teams that have built programs
capable of absorbing updates without requiring complete rebuilds will have a structural advantage
over those that built to a single fixed interpretation.

TJS synthesis

Every major EU AI Act milestone has produced two types of compliance programs –
those that updated in real time and those that assumed the next milestone would confirm what
they’d already built. The organizations in the second category aren’t negligent; they made a
reasonable bet. But the bet has a verification cost, and the formal amending text publication
is the moment to pay it. The complete
deadline framework from May 22 remains the best prior reference, use it alongside the
amending text, not instead of it. The organizations that will face enforcement exposure aren’t
those that got deadlines slightly wrong. They’re the ones that didn’t build in a review step.