Which EU AI Act Deadline Is Actually Yours? The Three-Pathway Framework and the Watermarking Date Nobody Agrees On

May 15, 2026 6 min read Travers Smith; William Fry; Latham & Watkins; European Commission (T1, contested) Partial Moderate

Tech Jacks Solutions AI News Coverage

The EU AI Act Omnibus restructured the compliance timeline into three distinct pathways - but most coverage compressed it into two. If your compliance team built its calendar from the May 7–14 reporting cycle, you may have the wrong deadline for your system type, and possibly the wrong date for your watermarking obligations. This deep-dive maps all three pathways, surfaces the T1 vs. source conflict on the December 2026 date, and provides a decision framework for determining which deadline governs your specific deployment.

eu-ai-act ai-regulation omnibus compliance-deadline annex-iii annex-i watermarking article-50 gpai eu-ai-act-news eu-ai-act-compliance-deadline

Third Omnibus deadline, August 2, 2028

Key Takeaways

The EU AI Act Omnibus creates three distinct deadlines, most compliance calendars only show two; the August 2, 2028 Annex I embedded-product deadline was missing from prior coverage
The Article 50 watermarking date (December 2, 2026) is contested: T3 Omnibus commentary supports it, but a T1 European Commission source states August 2, 2026; treat as provisional and plan conservatively
The December 2, 2027 Annex III deadline for standalone high-risk systems is cross-confirmed by three independent T3 sources and is the most reliably established date in the framework
System classification, standalone Annex III vs. Annex I embedded vs. Article 50 GPAI - determines which deadline applies; misclassification means the wrong planning horizon
No deadline in this brief derives from formal Omnibus legislative text; all dates are from political agreement commentary and require confirmation when the official text is published

EU AI Act Omnibus, Three-Deadline Decision Matrix (Political Agreement, May 7 2026)

System Type	Pathway	Deadline	Confidence
GenAI / Article 50 transparency & watermarking	GPAI, Article 50	Dec 2, 2026 (CONTESTED)	T3 sources vs. T1 EC source, provisional
Standalone high-risk AI, Annex III categories	Annex III standalone	Dec 2, 2027	3 independent T3 sources, most confirmed date
AI embedded in regulated products (Annex I)	Annex I embedded	Aug 2, 2028	Single T3 source, treat as planning assumption
Nudifier / CSAM-generating systems, Article 5	Article 5 prohibition	Dec 2, 2026 (provisional)	T3 sources only, absolute prohibition, no pathway

Timeline

2026-05-07 EU AI Act Omnibus, political agreement reached

2026-12-02 Article 50 transparency/watermarking (CONTESTED, possibly Aug 2, 2026)

2026-12-02 Article 5 nudifier / CSAM prohibition (T3 sources, provisional)

2027-12-02 Annex III standalone high-risk AI compliance

2028-08-02 Annex I embedded-product AI compliance

The Coverage Gap

Twelve briefs. That’s how many pieces this hub published on the EU AI Act Omnibus between May 7 and May 14, 2026, starting with the political agreement itself and working through watermarking requirements, compliance team planning, and deadline analysis. The coverage was accurate. It was also incomplete.

Every brief in that series described the Omnibus as creating two key dates: December 2, 2026 for generative AI transparency and watermarking obligations, and December 2, 2027 for high-risk AI systems under Annex III. That two-deadline frame came directly from the political agreement commentary that dominated the first week of coverage. It reflects what most legal analysts emphasized, and it leaves out a third pathway.

The third deadline: August 2, 2028, for AI systems embedded in regulated products under Annex I harmonized standards. Per Travers Smith’s analysis of the Omnibus, this is a distinct compliance pathway, not a subset of the Annex III December 2027 obligation. It applies to a different category of systems, governed by different conformity assessment logic. Organizations that sell AI embedded in medical devices, industrial machinery, or safety-critical components need to know which pathway applies before they build a remediation roadmap.

There’s a second gap. The December 2026 watermarking date isn’t settled. It looks settled in the coverage, but it isn’t.

The Three-Pathway Framework

The Omnibus didn’t create one compliance timeline. It created three, each with different applicability rules, different obligation sets, and different planning horizons. Here’s how they map:

Pathway 1: Article 50 Transparency and Watermarking, December 2, 2026 (Contested)

This pathway covers generative AI providers subject to Article 50’s machine-readable labeling and watermarking requirements. AI-generated content must be identifiable as such. The Omnibus commentary from William Fry and Latham & Watkins reports December 2, 2026 as the applicable date under the revised Omnibus framework.

The problem: the European Commission’s own digital strategy page states that “the rules covering the transparency of AI-generated content will become applicable on 2 August 2026.” That’s four months earlier, and it’s a source, meaning it carries the highest evidentiary weight in the Filter’s source hierarchy. The best available interpretation is that the source reflects pre-Omnibus text, and the Omnibus has extended this to December 2, 2026. But the formal Omnibus legislative text hasn’t been published yet. That interpretation cannot be confirmed.

This creates a practical planning problem. If the Omnibus does extend the Article 50 date to December 2, 2026, providers have roughly seven months from the May 7 agreement to deploy compliant watermarking infrastructure. If it doesn’t, if the formal text lands closer to the August 2 framing of the source, that window collapses to under three months. The May 12 brief on watermarking described the compressed timeline problem in detail. That brief used the December 2 framing. Given the source conflict, compliance teams should understand that framing was based on Omnibus commentary, not confirmed legislative text.

Recommended planning posture: target August 2, 2026 as the conservative planning assumption. If the formal Omnibus text confirms December 2, you’ll have built ahead of schedule. If it confirms August 2, you won’t be scrambling. Document which date you’re planning against and why.

Who This Affects

GenAI Providers

Article 50 date is unconfirmed. Build watermarking infrastructure targeting August 2, 2026. Confirm the date when formal text is published.

Annex III Deployers

December 2, 2027 is confirmed by three independent sources. 18-month conformity assessment timelines mean your preparation window started at the May 7 agreement.

Regulated Product Manufacturers

If your AI system is embedded in a medical device, machinery, or Annex I product, August 2028 may be your applicable date. Classification determines everything, conduct it now.

Compliance Officers (all categories)

Document your planning assumptions and their sources before the formal text is published. Regulators can ask when and why you made specific decisions.

Disputed Claim

Article 50 transparency and watermarking obligations take effect December 2, 2026

T1 European Commission source (digital-strategy.ec.europa.eu) states August 2, 2026. T3 Omnibus commentary sources support December 2, 2026. Formal Omnibus text not yet published.

Plan for August 2, 2026 as a conservative assumption. The T3 interpretation may be correct, but the T1 source carries more evidentiary weight until the formal text resolves it.

Pathway 2: Annex III Standalone Systems, December 2, 2027

This is the most widely reported deadline, and it’s the one with the strongest corroboration. Three independent T3 sources, Checkr, IDTechWire, and Travers Smith, all confirm December 2, 2027 for high-risk systems under Annex III. The prior series of hub briefs, starting with the May 12 Annex III delay brief, covers this deadline accurately.

Annex III covers what most practitioners think of as “high-risk AI”: systems used in employment screening (Article 6(1)(a)), educational access decisions, consumer credit scoring, biometric identification, and several other categories specified in the Annex. For these standalone systems, the December 2027 deadline triggers risk management documentation, conformity assessment, and ongoing monitoring obligations.

The 18-month planning window. Conformity assessments for Annex III systems aren’t a forms exercise. They require technical documentation, human oversight mechanism design, data governance evidence, and, for some system categories, third-party certification. Organizations that haven’t started that process are already behind the reasonable planning horizon. The deadline is December 2027. The preparation window starts now.

Pathway 3: Annex I Embedded Systems, August 2, 2028

This deadline doesn’t appear in most Omnibus coverage. It applies to AI systems that are components of regulated products subject to Annex I harmonized standards, think the AI subsystem in a Class II medical device, the machine-learning module in industrial safety machinery, or an AI-driven diagnostic component subject to the EU’s medical devices framework.

Per Travers Smith’s analysis, these embedded systems face a later deadline than standalone Annex III systems, August 2, 2028 rather than December 2, 2027. The distinction matters because the compliance pathway is also different. Annex I systems run through the harmonized standards applicable to the regulated product category, not through the standalone AI conformity assessment route. The AI obligations layer onto existing sectoral regulatory frameworks rather than operating independently.

This deadline is currently supported by a single source. Treat it as a planning assumption. Build it into your calendar. When the formal Omnibus text is published, confirm it against the official language.

The Article 5 Prohibition: Nudifiers and CSAM-Generating Tools

The Omnibus political agreement also expands Article 5’s list of prohibited AI practices to include AI systems that generate non-consensual intimate imagery (“nudifiers”) and tools capable of producing child sexual abuse material. According to legal commentary on the agreement from Complex Discovery and Baker Botts, these prohibitions are targeted at December 2, 2026. No T1 confirmation is available, and the formal text is pending.

Outright prohibited. No conformity assessment pathway, no exemption framework, the Article 5 prohibitions are absolute. For organizations building or distributing general-purpose generative AI tools with image generation capabilities, this means the compliance question isn’t “how do we document this system” but “does our system create any exposure under these categories.” That’s a product scoping question, not a documentation question.

Omnibus Planning Actions, Before Formal Text Publication

Classify all AI systems: Annex I embedded, Annex III standalone, or Article 50 GPAI
Assign applicable deadline to each classified system
Document Article 50 date assumption and source (Aug 2 vs. Dec 2, 2026)
Assign responsibility for calendar update when formal Omnibus text publishes
Begin Annex III conformity assessment preparation if December 2027 applies

Verification

Partial T3 legal commentary (Travers Smith, William Fry, Latham & Watkins) on political agreement; T1 EC source contradicts watermarking date No formal Omnibus legislative text was accessible to any source in this package. All dates derive from political agreement commentary. Confirm against official text when published.

Decision Matrix: Which Deadline Is Yours?

The threshold question isn’t “when is the deadline.” It’s “which pathway applies to my system.” Here’s how to map it:

System Type	Applicable Pathway	Deadline	Key Obligation
GenAI provider generating content for EU users	Article 50 (GPAI transparency)	December 2, 2026 (CONTESTED, plan for August 2, 2026)	Machine-readable AI content labeling / watermarking
Standalone high-risk AI, employment, education, credit, biometric ID (Annex III list)	Annex III	December 2, 2027	Risk management, technical docs, conformity assessment, ongoing monitoring
AI embedded in regulated product, medical device, machinery, safety component (Annex I product)	Annex I embedded pathway	August 2, 2028	Full compliance via applicable harmonized standards + AI Act layering
AI system generating CSAM or non-consensual intimate images	Article 5 prohibition	December 2, 2026 (CONTESTED, treat as provisional)	Absolute prohibition, no compliant deployment pathway

What Remains Unresolvable Until Formal Adoption

No source in , including any of the cross-references used in verification – had access to the formal Omnibus legislative text. Every deadline date in this brief, and in the prior 12-brief series, derives from commentary on the May 7 political agreement. Political agreements become law through formal adoption processes that can introduce textual changes.

Two specific items require confirmation against the formal text:

The Article 50 date: December 2, 2026 (per Omnibus commentary) vs. August 2, 2026 (per the T1 EC digital strategy source). This is the highest-priority open question for GenAI compliance teams.
The August 2028 Annex I embedded deadline: currently single-sourced. Confirm before finalizing compliance roadmaps that rely on it.

The right move for compliance teams isn’t to wait for formal text before acting, it’s to build working assumptions, document them explicitly, and assign someone to update the calendar when the official text lands. A compliance program that notes “Article 50 date assumed to be December 2, 2026 per Omnibus commentary, confirmed against [Omnibus OJ reference] on [date]” is far more defensible than one that simply has a date with no source annotation.

Don’t expect the formal text to resolve everything cleanly. Implementing regulations and delegated acts will follow, and some obligations will require further specification before they’re fully actionable. The real question is whether your organization has the right framework in place to update quickly when that clarity arrives. The teams that are already running Annex III classification exercises and building watermarking infrastructure won’t need to scramble. The teams waiting for certainty are already behind.