The EU’s AI Act is getting its first significant overhaul — and if you’ve been dreading compliance deadlines, there might be some relief on the horizon.

Council and Parliament have reached a provisional agreement on amendments to Regulation (EU) 2024/1689, announced May 7th, 2026. The changes are partly a response to the European Commission’s Digital Omnibus, a broader package aimed at simplifying compliance while strengthening protections. But this isn’t just a bureaucratic tweak — there are real substantive shifts here that businesses need to understand.

The Deadline Extensions That Companies Wanted

The biggest win for industry is time. High-risk AI systems under Annex III now have until December 2, 2027 to comply — a 17-month extension from the original timeline. AI systems integrated into products subject to product safety legislation (Annex I) get even more breathing room: until August 2, 2028, a full year extra.

Given how fast the AI landscape is moving, and how complex compliance is proving to be in practice, these extensions are likely welcome across the board. The original timeline was always ambitious. Now it’s merely aggressive.

But Don’t Get Too Comfortable

While high-risk systems got more time, transparency obligations just got tighter. Providers now have until December 2, 2026 — roughly three months — to implement watermarking and content labelling requirements. That’s a reduction from the original six-month grace period, and it’s a reminder that Brussels isn’t easing off on AI accountability, just reprioritising where pressure gets applied.

There’s also a new prohibition worth noting: AI systems that generate harmful content without appropriate safeguards — including non-consensual intimate imagery and child sexual abuse material — are now explicitly banned under Article 5. If you’re building generation tools of any kind, this is a red line you do not cross.

SME Relief — Finally

One consistent complaint about the original AI Act was that its compliance burden was designed for large enterprises. Startups and smaller players either couldn’t afford the overhead or were spending disproportionate resources on paperwork rather than product development.

The provisional agreement addresses this by extending compliance privileges to a new category: “small mid-cap” organisations — companies with fewer than 750 employees and under €150 million in annual turnover (or a €129 million balance sheet). These include simplified technical documentation requirements and more proportionate penalties for non-compliance.

There’s also a new EU-level regulatory sandbox operated by the AI Office, with priority access for SMEs, startups, and small mid-caps. The national sandbox deadline has been pushed back a year to August 2, 2027, but this new EU sandbox is specifically designed to make it easier for smaller players to test and iterate.

What Happens Next

The provisional agreement still needs formal endorsement, legal-linguistic review, and adoption before it becomes law. There’s a hard deadline: August 2, 2026. If that passes without formalisation, the original provisions apply instead.

For most organisations, though, the message is clear: use this time wisely. The AI Act isn’t going away. The obligations are real, the enforcement mechanisms are being built, and the clock — even with these extensions — is still running.

The big question is whether these amendments represent a genuine effort to make the regulation work better, or just a pressure valve to manage industry complaints. My guess is somewhere in between. Which, in regulatory terms, counts as progress.