The European Parliament has voted to defer EU AI Act high-risk obligations to December 2027. The deadline hasn't disappeared — it has moved. Here is what that means for Irish organisations and why preparation should not stop.
On 26 March 2026, the European Parliament confirmed its position on the Digital Omnibus proposal, voting 101 to 9 to defer the EU AI Act's high-risk AI system obligations. The Council had already agreed its negotiating position on 13 March. The institutions are aiming for trilogue agreement by 28 April 2026.
If adopted, the practical effect is significant: obligations for standalone high-risk AI systems would be deferred from August 2026 to 2 December 2027. High-risk AI systems embedded in products would be deferred to 2 August 2028.
This is the biggest change to the EU AI Act's implementation timeline since the legislation was adopted. Here is what it means and what it does not.
Why the delay happened
The delay is not political hesitation. It is a practical problem with harmonised standards.
The EU AI Act's high-risk obligations require organisations to demonstrate compliance against detailed technical standards. These standards — being developed by CEN-CENELEC Joint Technical Committee 21 — were supposed to be ready by August 2025. They were not. The standardisation work is still ongoing, and the standards are unlikely to be available before late 2026.
Without harmonised standards, organisations face a compliance paradox: they have obligations to meet, but the technical specifications that define what meeting them looks like do not yet exist. The Digital Omnibus resolves this by linking the application of high-risk obligations to the availability of the standards — with a backstop date to prevent indefinite deferral.
What has actually changed
Deferred:
- High-risk AI system obligations under Annex III (standalone systems): to December 2027
- High-risk AI system obligations under Annex I (product-embedded systems): to August 2028
- Watermarking requirements for AI-generated content: to November 2026
Not deferred:
- Prohibited AI practices — these have been in force since February 2025
- GPAI model obligations — these apply from August 2025
- Ireland's AI Office — still becoming operational in August 2026
- The fundamental obligation to know what AI you deploy and how it is classified
Relief for smaller enterprises:
- "Small Mid-Caps" (up to 750 employees / €150 million turnover) will benefit from streamlined technical documentation requirements
- Reduced registration burden for certain AI systems
Why this is not a reason to stop preparing
It would be tempting to read this as a reprieve — an extra 18 months before compliance matters. That reading is wrong, for several reasons.
Ireland's enforcement infrastructure is not deferred. The AI Office of Ireland becomes operational in August 2026 regardless of the Digital Omnibus. The enforcement powers — documentation access, inspections, sanctions — apply from that date. The 15 competent authorities will be active. The deferral applies to specific high-risk technical compliance requirements, not to the broader governance and transparency obligations.
The governance foundation takes time to build. The work that most Irish organisations need to do — AI inventories, risk classification, accountability structures, board oversight — is the same whether high-risk obligations apply in August 2026 or December 2027. That work takes months, not days. Starting in late 2027 would leave no margin.
Good governance is a competitive advantage. Organisations that have governance structures in place before enforcement begins are better positioned with regulators, clients, and partners. In regulated sectors — financial services, healthcare, legal — clients are already asking about AI governance. Being able to demonstrate a structured framework is a market differentiator.
The fundamental question is unchanged. The EU AI Act compliance question for Irish boards remains: do you know what AI systems you deploy? Can you classify them by risk? Do you have governance structures that meet the Act's requirements? If the answer to any of these is no, the deferral does not help — because the work required is the same.
What Irish organisations should do now
1. Do not pause AI governance work. The deferral applies to specific high-risk technical compliance requirements. It does not apply to the governance structures, transparency obligations, and organisational readiness that the Act requires.
2. Use the additional time wisely. If anything, the deferral is an opportunity. Organisations that were scrambling to meet an August 2026 deadline now have a realistic window to build proper governance foundations — rather than rushing to produce documentation that looks like compliance but is not operationally meaningful.
3. Focus on the governance fundamentals. AI inventory, risk classification, acceptable use policies, accountability structures, and board reporting. These are valuable regardless of when high-risk obligations formally apply.
4. Track the trilogue. The Digital Omnibus is not yet law. The Council and Parliament positions are aligned on the December 2027 backstop, but the final text may change. The institutions are aiming for agreement by 28 April — expect the final position to become clear in the coming weeks.
If you need to understand how the Digital Omnibus affects your EU AI Act compliance timeline, or if you want to use the additional window to build governance foundations properly, contact Acuity AI Advisory for an honest assessment of where your organisation stands.