The Correction
For weeks, this hub and the broader regulatory press reported the EU AI Act Omnibus as collapsing, deadlocked, and failed. That coverage was accurate at the time. The deal did stall. The April 28, 2026, trilogue ended without agreement. What changed between then and May 7 was that the political negotiation concluded.
Modulos.ai’s compliance tracking confirms the deal closed on May 7, with two new compliance deadlines: Annex III high-risk AI systems from August 2, 2026, to December 2, 2027, and Annex I systems embedded in regulated products from August 2, 2026, to August 2, 2028. Prior briefs reporting the Omnibus as failed are not wrong in retrospect, they were accurate to the moment they were published. This brief is the update.
The Three-Track Timeline
The single most important thing compliance teams can do with this brief is draw three separate timelines and stop conflating them.
Track 1, Annex III High-Risk AI Systems
New deadline: December 2, 2027. These are AI systems in categories like biometric identification, critical infrastructure management, employment decisions, access to essential services, and law enforcement. Organizations deploying systems in these categories have 16 additional months from the original August 2, 2026, deadline. That is substantial time, but only if the political agreement is published in the EU Official Journal before August 2. Until OJ publication, the original date is binding law. As prior hub coverage documented in detail, this is not a formality, it is a legal distinction with compliance planning consequences.
Track 2, Annex I Embedded AI
New deadline: August 2, 2028. These are AI systems embedded in products already regulated under EU sectoral law, medical devices, machinery, vehicles, radio equipment, and others. The extension to 2028 reflects the complexity of conformity assessment for AI embedded in hardware-regulated product categories. Two full years of additional runway from the original deadline is the most significant relief in the entire Omnibus package for the industrial and medical device sectors.
Track 3, AI Office Enforcement and GPAI Obligations
Deadline: August 2, 2026. Unchanged. Full stop. GPAI model providers, organizations that develop and offer general- purpose AI models, face transparency obligations, technical documentation requirements, and, for models above the systemic risk threshold, enhanced compliance requirements. None of that has moved. The Omnibus extension does not apply to Track 3. Tech Policy Press notes the extension allows high-risk systems to “dodge oversight” past the original date, a framing that, whatever its political valence, accurately identifies that the extension is not universal.
Political Agreement Is Not Law
This cannot be stated clearly enough. A political agreement between EU institutions is a commitment to legislate. It is not legislation. The Omnibus extension of high-risk deadlines does not take legal effect until the amended text is published in the EU Official Journal. The artificialintelligenceact.eu tracker, one of the field’s most-used reference sites, was still showing pre-Omnibus dates at the time of this brief’s source verification run. That is not an error on the tracker’s part, it reflects the standard lag between political agreement and OJ publication.
What this means in practice: if your compliance planning for August 2, 2026, is currently based on the assumption that the Omnibus extension is in effect, you’re running a calculated risk. The more defensible planning posture is to maintain parallel tracks – one operating as if the extension is confirmed, one operating as if August 2 is the binding date, until OJ publication is confirmed by your legal team.
The Scope Expansion Problem
The Omnibus deal buys time. It does not resolve a structural problem that today’s Epoch AI data makes visible: the number of AI systems crossing compliance thresholds is growing faster than the regulatory frameworks governing them were built to anticipate.
As covered in today’s companion brief, Epoch AI’s May 7, 2026, compute tracking update reportedly shows the count of models above the EU AI Act’s 10^25 FLOP systemic risk threshold has grown substantially – reportedly exceeding 30. The 44x annual compute growth rate driving that expansion is confirmed across multiple prior data cycles. Systems that were below threshold six months ago may be above it now.
The Omnibus extension for Annex III systems does not affect GPAI threshold obligations. An organization whose model has crossed the 10^25 FLOP threshold this year is in Track 3, not Track 1, and the extension does not apply. That is a specific technical determination that organizations at or near frontier compute levels need to make with current data, not with data from when they last assessed scope.
What Compliance Teams Must Do Differently
The answer is not one thing. It depends on where your organization sits.
If you built an August 2, 2026, Annex III roadmap:
Don’t discard it. The OJ publication question is live. Continue progress on documentation, conformity assessment preparation, and technical file development. The extension buys time; using that time to accelerate compliance rather than defer it is lower-risk than assuming the extension is confirmed when it isn’t yet law.
If you deprioritized Annex III because the deadline seemed uncertain:
The deal is now confirmed at the political level. December 2, 2027, is the target. Begin formal compliance scoping now. Conformity assessment preparation for Annex III systems is a 12 to 18 month process at minimum for complex deployments. Starting today means arriving on time. Starting in 2027 likely means arriving late.
If you’re a GPAI provider:
Nothing has changed. August 2, 2026, is your date. Technical documentation, transparency disclosures, and systemic risk compliance (if applicable) are all on the original schedule. The industry celebrations over the Omnibus extension are not about you.
If you’re not sure which track you’re on:
That is itself a compliance posture problem. The first step is a scoping assessment, what systems do you deploy or operate in the EU, under which Annex do they fall, and what is their current compute profile relative to the systemic risk threshold. That assessment should have a completion date before July 1, 2026.
What to Watch
OJ publication is the next operative milestone. The EU Official Journal publishes on business days; political agreements typically move through the formal legal-linguistic revision process over weeks to months. Your legal team should be tracking this actively.
Beyond OJ publication, the AI Office’s enforcement guidance, particularly for GPAI obligations and the newly enacted nudifier prohibition, will clarify significant interpretive gaps. Both guidance documents are expected before August 2. Both will affect compliance documentation requirements.
TJS Synthesis
The Omnibus deal is a genuine policy development after months of stalling. The extensions it provides are real. But the story compliance teams need to be reading is not “EU extends AI Act deadline.” It is “EU creates three separate compliance clocks, only one of which has moved.” Organizations that read the headline and stop there will deprioritize the wrong obligations and miss the enforcement track that never moved. The AI Office’s August 2 powers are coming. The count of systems in scope is growing. The extension is the beginning of the compliance planning question, not the answer to it.