Brief № 022 · Regulation
AI Act delay: what EU SMEs should still do in 2026
The AI Omnibus shifts high-risk AI timing, but SMEs still need inventories, Article 50 checks and evidence before August 2026.
On this page
The AI Act calendar has changed shape, but it has not become optional. The political agreement on the AI Omnibus gives many high-risk systems more time, while leaving enough 2026 obligations in place to make a passive wait risky for small companies.
On 7 May 2026, the Commission said the revised sequence would put high-risk rules for areas such as biometrics, critical infrastructure, education, employment, migration and border control on a 2 December 2027 track, while systems embedded in regulated products move to 2 August 2028. The Service Desk timeline still lists 2 August 2026 as the date when the majority of AI Act rules and Article 50 transparency rules start to apply.
The cliff moved, not the paperwork
The old SME reading was simple and slightly wrong: everything serious happens on 2 August 2026. The new reading is less dramatic and more useful. Some high-risk obligations have more runway because standards and support tools are supposed to be in place first. That matters for vendors and for SMEs buying or deploying systems in regulated contexts.
It does not remove the need to know what the company is using. An SME cannot use the delay if it cannot name the system, the vendor, the business owner, the data source and the affected workflow. The calendar relief is only practical when there is an inventory to attach it to.
The minimum 2026 file is short:
| Question | Evidence to keep |
|---|---|
| What is the AI use case? | Tool name, vendor, workflow and business owner |
| Does it affect people, content or decisions? | Plain-language description of the output and audience |
| Is it potentially high-risk? | Initial classification against Annex III and product context |
| Is transparency triggered? | User notice, content label, human review or editorial control record |
| Who can stop it? | Named accountable person and escalation path |
Source: Regulation (EU) 2024/1689, European Commission AI Omnibus update and AI Act Service Desk timeline. Last verified 2026-06-21.
Article 50 still belongs in the 2026 folder
The part SMEs are most likely to underestimate is transparency. The Service Desk still points to 2 August 2026 for Article 50. The Commission’s AI Act page also keeps transparency support instruments on the implementation track, including marking and labelling guidance for AI-generated content.
That does not mean every AI-assisted paragraph or spreadsheet note needs a public label. The useful test is narrower: is a person interacting with an AI system without knowing it, or is AI-generated or manipulated content being presented in a context where authenticity matters? If yes, the SME needs a notice, a label, a review step or a written reason why the exception applies.
For many firms, this is not a legal memo. It is a publishing and customer-service workflow. Website copy, product images, support replies, recruitment screening, synthetic voice messages and automated document summaries all sit closer to the surface than a board paper on “AI strategy”. They are the places where a regulator, customer or employee can ask what happened.
High-risk delay still needs a first classification
The Omnibus timing is most helpful where the SME is not sure whether a system is high-risk. Employment tools, education selection, access to essential services and safety-related product functions are not ordinary software categories under the Act. They need a first classification before anyone decides the deadline is now distant.
A rough classification is enough for June 2026 if it is honest and dated. It should say whether the system touches an Annex III area, whether the SME is provider, deployer or only a buyer, and whether the system is embedded in a regulated product. The answer can be “unclear”. The missing piece then becomes a named follow-up, not a vague compliance anxiety.
This is where the delay helps. A company can stop pretending that every AI use case needs a full technical file this summer. It can also stop pretending that nothing is due. The correct middle position is an inventory, a first risk label and a small evidence trail.
The buying question changes
SMEs buying AI software should now ask vendors two different questions. The first is still functional: what does the tool do, with which data, under whose control? The second is temporal: which AI Act obligations does the vendor think apply now, in August 2026, in December 2027 and in August 2028?
Good answers will cite the product role and the legal trigger. Weak answers will say only that the tool is “AI Act ready”. The Omnibus makes that phrase less useful, not more. Readiness now depends on which article, which role and which date.
Procurement teams do not need a 40-page questionnaire. They need five written answers:
- whether the vendor treats the tool as an AI system under the Act;
- whether it is general-purpose, high-risk, transparency-relevant or none of those;
- what human oversight or notice is built in;
- what logs, documentation and exportable evidence the customer receives;
- what will change when the 2026 and later milestones arrive.
If the vendor cannot answer those points, the SME has learned something before deployment.
Use the delay as evidence time
The worst use of the Omnibus delay is to remove AI Act work from the calendar. The best use is to make the work smaller and more concrete. By the end of summer 2026, a sensible SME should be able to show a list of AI use cases, the first classification for each one, the transparency decisions, the owner and the next review date.
That file will not solve every legal question. It will, however, make the next question answerable. When standards, guidance and national enforcement practice harden, the company will be updating known records rather than discovering its own systems for the first time.
Frequently asked questions
Does the AI Act delay mean SMEs can stop preparing?
No. The political agreement changes the timing for many high-risk AI rules, but Article 50 transparency rules still start applying on 2 August 2026 and the general AI Act framework remains in force.
What should an SME document first?
Start with an inventory: the AI system or tool, who uses it, what decision or content it affects, whether people are informed, and where the evidence is stored.
Sources
- Official EU agrees to simplify AI rules to boost innovation and ban nudification apps to protect citizens European Commission accessed
- Official AI Act European Commission accessed
- Official Timeline for the Implementation of the EU AI Act AI Act Service Desk accessed
- Primary Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence EUR-Lex accessed
Image credit: Photo: filing cabinets and indexed books - Element5 Digital, Pexels
Eleanor Whitcombe covers EU AI regulation for Flint Brief.
Spotted an error or want a right of reply? hello@flintbrief.com (subject [Right of reply]).