EU AI Act Has Three Deadlines, Not Two, The August 2028 Date Missing From Most Compliance Calendars

Three deadlines. Most calendars show two.

The EU AI Act Omnibus political agreement, reached on May 7, 2026, restructured the Act’s compliance timeline in ways that have been widely reported, but not completely. Coverage across the past week has consistently described the Omnibus as creating two key dates: December 2, 2026 for generative AI transparency obligations, and December 2, 2027 for high-risk systems under Annex III. That framing misses an entire category of affected systems.

The third deadline: August 2, 2028. Per Travers Smith’s analysis of the Omnibus agreement, AI systems embedded in regulated products subject to Annex I harmonized standards, think medical devices, machinery, and safety components, face a separate compliance pathway with a later effective date. This deadline didn’t appear in the Wire’s original structured data and is absent from most of the 12 briefs this hub published on the Omnibus between May 7 and May 14. If your compliance calendar was built from that coverage, it may be missing an applicable deadline, or misapplying the December 2027 date to systems that actually have until August 2028.

The three-deadline structure, per the political agreement:

• December 2, 2026, Article 50 transparency and watermarking obligations for generative AI providers (date contested, see below)
• December 2, 2027, Full compliance obligations for standalone high-risk AI systems under Annex III (employment screening, credit scoring, biometric identification, educational access decisions)
• August 2, 2028, Full compliance for AI systems embedded in regulated products under Annex I harmonized standards (medical devices, machinery, certain safety components)

The December 2026 watermarking date carries an important caveat your calendar should reflect. Multiple legal commentary sources, including analysis from William Fry and Latham & Watkins, report December 2, 2026 as the Article 50 transparency deadline under the Omnibus. However, the European Commission’s Code of Practice page states the transparency rules become applicable on August 2, 2026. The source appears to reflect pre-Omnibus text, and the Omnibus commentary supports December 2, 2026 as the revised date. But the formal Omnibus legislative text hasn’t been published yet. Compliance teams should treat the Article 50 date as provisional pending formal adoption, and should document which source their planning assumption is based on.

The nudifier and CSAM-generating tool ban also carries this pending-text caveat. According to legal commentary on the Omnibus political agreement, the new Article 5 prohibition targeting AI systems that generate non-consensual intimate imagery and child sexual abuse material is targeted at December 2, 2026. This date has T3-source corroboration but no T1 confirmation, and the formal text isn’t yet published.

The catch is that “pending formal text” isn’t a safe harbor for inaction. Organizations building compliance programs around the Omnibus need to make working assumptions now, the planning lead time for Annex III conformity assessments runs 12 to 18 months, and embedded product systems under Annex I face procurement cycles that make August 2028 a closer horizon than it looks. The real question is whether your system classification is accurate. A system misclassified as Annex III standalone when it’s actually embedded in a regulated product gains an extra eight months, but only if the classification is intentional, documented, and defensible.

The August 2028 deadline is currently supported by a single source (Travers Smith). This hub recommends treating it as a planning assumption requiring confirmation when the formal Omnibus text is published. Build it into your calendar. Document the source. Revisit when the official text is available.