Seventy-seven days. That’s the distance between May 17, 2026 and August 2, the EU AI Act enforcement date that didn’t move. Most coverage has focused on what the EU AI Act Omnibus agreement delayed. Less attention has gone to what it didn’t delay, and to the structural reality the Omnibus created: three distinct compliance populations, operating on three separate timelines, with obligations that don’t overlap.
Compliance teams that built a plan around “the extension” may have planned for the wrong track.
The Three-Track Problem
The Omnibus agreement didn’t produce a single revised deadline. It produced a deadline structure with three distinct tiers. Each tier applies to a different category of AI provider or deployer. Treating any one tier as the AI Act’s “deadline” is analytically wrong and operationally dangerous.
Per legal analysis of the Omnibus agreement by Latham & Watkins, the three tracks break down as follows:
Track A covers GPAI model providers and deployers of Annex III high-risk AI systems that are integrated into broader products. August 2, 2026 is their enforcement date. That date was always their date. The Omnibus didn’t touch it.
Track B covers two different groups who share the same December 2, 2026 date for different reasons. All AI providers, regardless of size, jurisdiction, or system type, face the nudifier prohibition by December 2, 2026. Separately, GPAI providers whose models were already on the market before August 2, 2026 reportedly have until December 2, 2026 to implement watermarking requirements, according to legal analysis of the Omnibus. Same calendar date; different obligations; different populations.
Track C covers providers and deployers of stand-alone high-risk AI systems under Annex III, the systems not integrated into other products. Their compliance deadline was reportedly extended to December 2, 2027, per the Omnibus agreement, according to Latham & Watkins’ analysis. That’s the extension most coverage has focused on.
The catch is that Track C’s extended deadline doesn’t excuse all preparation. Several obligations reportedly attach earlier on the extended track. Organizations on Track C that treat “December 2027” as a start date rather than a completion date are reading the framework incorrectly.
Track A: August 2, 2026, What Must Be Ready
August 2 applies to two categories. GPAI model providers must have conformity documentation, transparency obligations, and copyright policy compliance in place. Deployers of Annex III high-risk systems integrated into products, medical devices, recruitment tools, credit scoring systems, biometric categorization, face the same date for their system-level obligations.
The practical implication: if you’re a GPAI provider and you’re still in gap analysis, the window is narrow. If you’re deploying an integrated high-risk system and haven’t completed your conformity assessment, August 2 isn’t a planning horizon. It’s a deadline.
EU AI Act Three-Track Compliance Decision Matrix
| Entity Type | Track | Key Date | Core Obligation |
|---|---|---|---|
| GPAI model provider | A | Aug 2, 2026 | Conformity documentation, transparency, copyright policy |
| Integrated Annex III deployer | A | Aug 2, 2026 | System-level conformity assessment |
| All AI providers (image generation) | B | Dec 2, 2026 | Nudifier prohibition compliance |
| GPAI provider, model pre-Aug 2, 2026 | B | Dec 2, 2026 | Synthetic content watermarking |
| Stand-alone Annex III deployer | C | Dec 2, 2027 | Full Annex III compliance (per legal analysis) |
What the EU AI Act Omnibus Changed
The real question is whether the EU AI Office’s enforcement posture will match the text on day one, or whether there’s a practical grace period for organizations demonstrating good-faith progress. Historical EU regulatory enforcement, including under GDPR, suggests initial enforcement tends to target the most visible non-compliance. That doesn’t mean non-compliance is safe. It means the organizations most exposed on August 2 are those with nothing documented, not those with incomplete documentation.
Track B: December 2, 2026, Two Groups, One Date
December 2, 2026 covers the nudifier prohibition and the GPAI watermarking grandfathering window. These are legally and operationally separate.
The nudifier prohibition applies to all AI providers. There’s no size threshold, no integrated-system distinction, and no GPAI-specific carve-out. The EU AI Act explicitly prohibits AI systems that generate non-consensual intimate imagery. This falls under the Act’s prohibited practices provisions. Every organization that deploys or makes available an AI system with image-generation capability needs a compliance position on this before December 2.
The GPAI watermarking provision applies differently. Models placed on the EU market before August 2, 2026 reportedly have until December 2, 2026 to implement synthetic content watermarking, according to legal analysis of the Omnibus. Models placed on the market after August 2 must have watermarking in place from market entry. The grandfathering window is specific to the pre-August 2 population. Don’t assume it applies if your model launched after that date.
Track C: December 2, 2027, The Extended Path
Stand-alone Annex III high-risk systems, those not bundled into a broader product, reportedly received a deadline extension to December 2, 2027 under the Omnibus, per legal analysis. This is the provision that generated the most industry relief.
The extension is real. It’s also narrower than it sounds. Several obligations under the Act, including some transparency and documentation requirements, reportedly apply on earlier timelines even for systems on the extended track. Organizations on Track C should not treat this as a two-year holiday from EU AI Act compliance work.
The more important point: Track C organizations that use the extended deadline to delay classification analysis, risk assessment development, and technical documentation frameworks will find December 2027 arriving faster than expected. The compliance work for a stand-alone high-risk system is substantial. Legal analysts’ interpretation of the three-track structure consistently emphasizes that Track C is a deadline extension, not a scope reduction.
The Decision Matrix
The first question every compliance team needs to answer is which track they’re on. Legal analysts interpret the classification as follows, but organizations should confirm their track classification with qualified EU law counsel before acting on this framework:
Track A Pre-August 2 Compliance Steps
- Confirm system classification (GPAI vs. integrated HRAIS vs. stand-alone)
- Complete conformity assessment for Annex III systems
- Finalize GPAI transparency documentation
- Implement copyright policy for GPAI model training
- Confirm watermarking approach for post-Aug 2 GPAI deployment
Unanswered Questions
- Does the 'integrated' vs. 'stand-alone' HRAIS distinction require formal EU AI Office classification, or is self-classification sufficient?
- What technical standard must GPAI watermarking meet, is C2PA compatibility explicitly required or implied?
- Which Track C obligations reportedly attach before December 2, 2027 on the extended timeline?
What to Watch
| Entity Type | Applicable Track | Key Date | Core Obligation |
|---|---|---|---|
| GPAI model provider | Track A | August 2, 2026 | Conformity documentation, transparency, copyright policy |
| Integrated Annex III deployer | Track A | August 2, 2026 | System-level conformity assessment |
| All AI providers (image generation) | Track B | December 2, 2026 | Nudifier prohibition compliance |
| GPAI provider, model pre-Aug 2 | Track B | December 2, 2026 | Synthetic content watermarking |
| Stand-alone Annex III deployer | Track C | December 2, 2027 | Full Annex III compliance |
An organization can sit on multiple tracks simultaneously. A company that provides a GPAI model and also deploys a stand-alone high-risk system faces Track A obligations by August 2 and Track C obligations by December 2027.
What to Watch
The EU AI Office’s enforcement guidance for August 2 is the most important near-term signal. Guidance clarifying which systems are in scope for Annex III, and how the “integrated” vs. “stand-alone” distinction is applied in practice, would reduce the ambiguity that makes multi-track compliance planning difficult. Watch for any guidance issued by the EU AI Office in June or July 2026.
Second: The “nudifier prohibition” is a new compliance category. Existing content safety frameworks weren’t built around this specific prohibition. Organizations with image-generation capabilities in deployed products need to assess whether their current safeguards would satisfy the prohibition’s requirements, not just whether they have general content filters.
Third: The watermarking requirement for GPAI models is technical. December 2, 2026 sounds like a long runway from August 2 standpoint, it’s not. C2PA-compatible watermarking implementation for a production model takes time. GPAI providers on the grandfathering track shouldn’t treat the four-month window as generous.
TJS Synthesis
The Omnibus agreement didn’t simplify EU AI Act compliance planning. It stratified it. Three tracks means three different project timelines, three different documentation packages, and potentially three different legal interpretations of which obligations apply before which dates.
The compliance teams best positioned for August 2 are the ones that answered “which track are we on?” in February 2026, not in May. For everyone else: the answer to that question still needs to be on the table before June. By July, it needs to be answered with counsel. Organizations that reach August 2 with the wrong track classification are facing a gap analysis under enforcement conditions, and the EU AI Office won’t accept “we thought we were on Track C” as a risk mitigation strategy for a system that’s actually on Track A.