The conversation you’ve probably already had
If you run a manufacturer, an automotive supplier, a fintech or a healthcare company in the EU, some version of this has likely come up in the last few weeks.
Someone forwarded an article saying the EU AI Act has been delayed. Someone else said the August deadline still stands. Meanwhile your product roadmap has an AI feature on it (predictive maintenance, a smart configurator, an automated claims step, a diagnostic assist) and your enterprise customers have started asking, in procurement questionnaires and security reviews, what your AI governance actually looks like.
And you genuinely cannot tell whether you need to do something by August or whether you can set this aside until 2027.
Here is the honest answer: parts of it moved, parts of it did not and the parts that did not move are the parts most likely to apply to a company like yours.
What actually changed on 7 May 2026
On 7 May 2026, the EU reached a provisional political agreement (the “Digital Omnibus on AI”) that amends the AI Act. The reason it exists is practical: the technical standards and classification guidance companies need to comply with the heaviest parts of the Act were not ready in time, so the EU pushed those deadlines back.
One important caveat before the dates: as of late June 2026 this agreement is still provisional. It becomes law only once formally adopted and published in the EU’s Official Journal, expected before the August deadline, but not yet done.
What moved:
The high-risk regime (the expensive part, with conformity assessments and heavy documentation) was deferred. Standalone high-risk systems (Annex III) moved from 2 August 2026 to 2 December 2027. High-risk AI embedded in regulated products (Annex I) moved from 2 August 2027 to 2 August 2028
What did not move – and this is the part that matters for most product companies:
The transparency obligations under Article 50 still apply from 2 August 2026. If your product uses AI to interact with people or to generate content, you must disclose that the interaction or content is AI-driven. The only relief is a narrow grace period: AI systems that generate synthetic content and were placed on the market before 2 August 2026 have until 2 December 2026 to meet the machine-readable watermarking requirement.
Two further points worth knowing: the obligations for general-purpose AI models (the ChatGPTs and Claudes of the world) were unchanged and have applied since August 2025 — but those fall on the model makers, not on you as a company that uses such a model in a feature. And new prohibitions on AI-generated intimate imagery and CSAM take effect 2 December 2026 (Covington, May 2026).
The dates that matter for a product company
| What | When | Applies to you if… |
| Transparency / disclosure (Art. 50) | 2 August 2026 | Your product uses AI to talk to people or generate content |
| Watermarking for pre-existing generative systems | 2 December 2026 | You already ship a content-generating AI feature |
| High-risk standalone systems (Annex III) | 2 December 2027 | Your AI makes consequential decisions (e.g. creditworthiness, hiring, medical triage) |
| High-risk embedded in products (Annex I) | 2 August 2028 | Your AI is a safety component in a regulated product |
All Omnibus-dependent dates are provisional until the amendments are formally adopted and published.
What this looks like in your sector
Automotive. Connected vehicle features, driver-assist functions and AI in diagnostic or telematics systems sit close to the Annex I product-safety regime – the part with the longest runway (2028) but the heaviest requirements when it arrives. The interplay between the AI Act and existing automotive safety rules is still being worked out through implementing acts, which makes documentation discipline now the cheapest insurance against a moving target.
Manufacturing. Predictive maintenance, quality-control vision systems and process-optimisation AI are mostly lower-risk, but the moment one of those systems informs a safety decision, classification changes. The transparency obligations also apply wherever your software surfaces AI-driven output to an operator.
Fintech. This is where high-risk classification is most likely to apply directly. AI used for creditworthiness, fraud scoring or anything touching access to essential financial services can fall into Annex III. The deferral to December 2027 is real headroom but the documentation and traceability that regime demands takes time to build properly.
Healthcare. Connected medical devices and diagnostic-assist tools live in the Annex I product-regulated category, overlapping with the Medical Device Regulation. Patient-facing AI also triggers transparency duties. This is the sector where “build it documentable from the start” is least optional.
Why this is on our radar and probably should be on yours
Most of the companies we work with are in exactly this position. They are manufacturers, automotive suppliers, fintech and healthcare companies, not builders of AI models, who are adding AI features to their products because their market expects it. And increasingly, when they sell those products to larger enterprises, they are being asked to explain how the AI used in them works: what it does, what data it touches, where a human stays in control, and how all of that is documented.
That question lands on engineering long before it lands on the legal department.
This is the part we help with. When we build software for a client, we build the traceability in from the start – clear records of how the system was constructed, what its AI components do and where human oversight sits. It is the same discipline our work on AI governance is built around: keeping AI-driven behaviour inside reviewable, auditable, documented boundaries rather than leaving it as a black box someone has to explain after the fact.
The practical value is simple. The transparency and documentation a regulator or an enterprise customer asks for is far cheaper to design into a product from the first commit than to reconstruct under deadline pressure. A client who built their AI feature with that in mind can answer a procurement security review in an afternoon. A client who didn’t can lose a deal while they scramble.
To be clear about the boundary: we are not your legal advisor. Whether a given system is “high-risk,” who counts as the “provider,” which annex applies, those are questions for your counsel. Building the system so the answers are documented, defensible and ready when someone asks, that is the part we own. We’ve held ISO 27001, ISO 9001 and TISAX certifications for years, which means documented, auditable engineering isn’t a new requirement we’re adapting to. It’s how we already work.
If your roadmap has an AI feature on it and you’d rather build it right the first time than retrofit governance later, that is a conversation we’re glad to have. Contact us at info@ascendro.de.
This article is published for informational purposes and does not constitute legal advice. AI Act classification and compliance obligations depend on your specific circumstances -consult qualified EU legal counsel.
As a dedicated software development team with expertise in nearshore software development, software development outsourcing, IT staff augmentation and many more, we specialize in providing innovative solutions across industries, from custom manufacturing software development to business process optimization, ensuring that our clients remain competitive and efficient in their operations. Check out our software development projects here.
Dedicated to client satisfaction
Related Posts
March 3, 2026
The right way to scale AI in software development: A 4-week framework
We watched two teams adopt AI: one failed, one soared. Learn the difference and…
February 24, 2026
The architecture-first approach: A standard for AI-assisted coding
We fixed our AI coding disasters with the "Architecture Lock File" concept. Get…
February 17, 2026
The 2,000-line stress test: How we tried to break AI software development (and succeeded)
AI creates chaos at scale without constraints. Read our R&D experiment findings…




