Brussels has delayed key obligations under the EU AI Act, giving companies and national authorities more time to prepare high-risk systems for compliance while seeking to preserve Europe’s ambition to regulate artificial intelligence without weakening innovation.
The European Union’s effort to lead global artificial intelligence regulation has entered a more cautious phase, after lawmakers agreed to delay key obligations under the bloc’s landmark AI Act.
The AI Act, adopted in 2024, was presented as the world’s first comprehensive legal framework for artificial intelligence. It was designed to regulate AI systems according to the level of risk they pose to citizens, public services and the wider economy. Yet Brussels has now accepted that parts of the framework are not ready to be applied in full.
Under a provisional agreement reached between the European Parliament and the Council, obligations for stand-alone high-risk AI systems will apply from 2 December 2027. High-risk systems embedded in products covered by EU safety legislation will have until 2 August 2028. The delay forms part of the wider Digital Omnibus on AI, intended to simplify digital regulation and reduce uncertainty for companies and national authorities.
The delay does not amount to a repeal of the AI Act. Nor does it remove the central structure of the law. The regulation remains based on a risk pyramid.
At the bottom are minimal-risk systems, such as spam filters or AI used in video games. These carry no special obligations under the AI Act beyond existing EU law. Limited-risk systems, including basic chatbots and AI-generated images or videos, must meet transparency requirements, particularly where users need to know that they are interacting with or viewing AI-generated content.
High-risk systems are the most contested category. They include AI used in critical infrastructure, education, employment, healthcare, law enforcement, border management and other areas where an error could affect people’s rights, safety or access to essential services. The Commission’s guidance sets out obligations covering risk management, data governance, technical documentation, record-keeping, human oversight, accuracy and cybersecurity.
At the top of the pyramid are prohibited systems. These include certain forms of manipulative AI, social scoring, exploitation of vulnerable groups, and some biometric surveillance practices. These prohibitions have applied since 2 February 2025, with narrow exceptions for law enforcement in serious cases, such as the search for victims of abduction, prevention of terrorist attacks, or the pursuit of suspects in grave criminal cases.
General-purpose AI models, including large language models such as ChatGPT, Gemini and DeepSeek, are treated separately. Their providers face transparency and copyright-related obligations, including requirements to maintain technical documentation and provide information on training data. Those provisions have applied since 2 August 2025, under the AI Act’s staged implementation timetable.
The political question is why Brussels has paused the next stage.
One reason is practical. Businesses and public authorities have argued that the classification of high-risk systems remains difficult to interpret in many cases. The Commission has issued explanatory material on the law, but companies still face uncertainty over whether specific products fall within the highest compliance categories. Without clearer standards, providers risk preparing for conformity assessments under rules whose detailed application is still being developed.
Member states have also moved at uneven speed. National supervisory bodies are needed to enforce the AI Act, but not all EU capitals have shown the same level of readiness. A regulation of this scale requires not only legal text, but regulators, technical standards and conformity assessment procedures capable of operating across 27 member states.
The second reason is economic. Europe has become increasingly concerned that its regulatory model may be slowing the development of its own AI sector while American and Chinese companies continue to dominate the market. The EU has produced notable AI firms, including France’s Mistral, but it still lacks the depth of capital available in the United States. European start-ups often struggle to secure later-stage financing, and successful firms can become dependent on non-European investors.
This sits uneasily with the EU’s wider objective of digital sovereignty. Brussels wants Europe to reduce its reliance on external technology, data infrastructure and cloud capacity. Yet several member states and private companies still rely heavily on American or Chinese open-weight models because they are cheaper, more powerful, or easier to adapt than building a model from scratch.
The EU has tried to respond with AI factories, supercomputing access, regulatory sandboxes and support for open-source projects. It has also promoted investment in cloud capacity and digital infrastructure as part of its wider digital decade agenda. These initiatives may help, but they do not solve the underlying shortage of private capital or the fragmentation of Europe’s technology markets.
The Digital Omnibus therefore reflects a shift in emphasis. Brussels is not abandoning AI regulation, but it is seeking to make the rules more workable before the most burdensome obligations take effect. The package also introduces new restrictions, including a ban on AI systems used to generate non-consensual sexual or intimate content.
For European AI companies, the delay creates breathing space but not certainty. Developers of high-risk systems now have more time to prepare, but the obligations remain on the horizon. Firms that ignore compliance may face problems later; those that focus only on compliance may lose ground in a fast-moving global market.
The EU’s challenge is to avoid a false choice between regulation and innovation. The AI Act was designed to provide legal certainty and protect fundamental rights. The Digital Omnibus acknowledges that legal certainty also requires rules that can be applied clearly, consistently and on time.
Europe still wants to shape the global governance of artificial intelligence. The question now is whether it can do so without weakening its own technological base.
