Acuity AI Advisory
← Insights
·5 min read

The Extension Didn't Cancel August: What Still Lands on 2 August 2026

G

Ger Perdisatt

Founder, Acuity AI Advisory

The Digital Omnibus moved the high-risk AI deadline to December 2027, and many Irish organisations have read that as 'August is off'. It isn't. Four obligations still take effect on or around 2 August 2026 — prohibited practices, AI literacy, GPAI enforcement, and Ireland's own AI Office — and none of them were extended.

The headline from May was the extension. The Digital Omnibus on AI, provisionally agreed on 7 May 2026, moves the high-risk compliance deadline for stand-alone (Annex III) systems from 2 August 2026 to 2 December 2027, and for AI embedded in regulated products to 2 August 2028. Formal adoption and Official Journal publication are expected over the coming weeks, with the text anticipated in July.

That is real relief for organisations with high-risk AI in scope. But in the weeks since, a quieter and more costly misreading has taken hold: that 2 August 2026 is now a non-event. It is not. Four separate obligations still take effect on or around that date, and the Omnibus touched none of them.

1. Prohibited practices are already law — and stay

Article 5 of the AI Act has been in force since 2 February 2025. Social scoring, untargeted scraping of facial images, emotion recognition in workplaces and schools, and manipulation of vulnerable groups are prohibited now. The Omnibus does not alter this, and from 2 August 2026 these prohibitions sit inside a fully operational enforcement framework rather than a transitional one.

If your organisation has deployed anything that brushes against Article 5 — and emotion-inference tooling in recruitment or workforce monitoring is the most common Irish example we see — the extension gives you no cover whatsoever. This was never on the high-risk timeline.

2. The AI literacy obligation still bites — even with softer wording

Article 4 requires providers and deployers to ensure a sufficient level of AI literacy among staff. The Omnibus softened the verb from "ensure" to "take measures to support the development of" — a meaningful drafting change, but not an exemption. The obligation stands, it applies regardless of how risky your AI systems are, and per the European Commission's own AI Literacy guidance its supervision and enforcement begin on 2 August 2026.

For most Irish SMEs and professional services firms, this is the obligation that actually applies to them. It does not depend on deploying a high-risk system. It applies to any organisation using AI in the course of its work, which by mid-2026 is very nearly all of them. We cover what "sufficient" means in practice on our AI literacy obligation page.

3. GPAI enforcement powers switch on

Obligations for general-purpose AI model providers — transparency, copyright compliance, documentation — have applied since August 2025. What changes on 2 August 2026 is enforcement: from that date the European Commission can act on those obligations, including issuing fines. The watermarking and transparency rules under Article 50 move into effect on the same horizon, modified only by a narrow grace period the Omnibus granted.

Most Irish organisations are deployers rather than model providers, so this lands on them indirectly — through the contractual assurances and documentation they should be demanding from the AI vendors they rely on. If you cannot say which of your tools are built on a GPAI model and what that provider has committed to, that is the gap to close before August.

4. Ireland's AI Office opens regardless

Ireland's domestic enforcement architecture runs on its own clock. Under the Regulation of Artificial Intelligence Bill 2026, the AI Office of Ireland must be statutorily established on or before 1 August 2026. That date is set by Irish implementing legislation, not by the EU's high-risk calendar, so the Omnibus extension does not move it. The Office opens, and it coordinates a distributed model in which your existing sector regulator supervises your AI use. We set out what that first phase looks like in AI Office of Ireland: What Happens From 1 August 2026, and the wider domestic picture on our Regulation of Artificial Intelligence Bill 2026 page.

What this means in practice

The extension changed the sequence of the high-risk work. It did not change what was always the right place to start, and it did not pause the obligations that were never high-risk to begin with. By 2 August 2026 an Irish organisation should be able to answer four questions without hesitation:

  • Are we doing anything prohibited under Article 5? Most are not, but the ones who are usually do not realise it.
  • Can we evidence that our people have adequate AI literacy? A policy, a record of training, and a named owner — not a single all-staff email.
  • Do we know which of our tools rely on GPAI models, and what those providers have committed to?
  • Do we know which Irish regulator supervises our use of AI?

None of that is high-risk conformity work. All of it is due in weeks, not in December 2027.

The foundation is the same either way

The argument for building AI governance now was never only about an August enforcement date. Ungoverned AI adoption creates exposure — hallucination in client-facing output, data-handling failures, liability for opaque automated decisions — before any regulator issues a fine. Those risks exist today. The Omnibus extends a compliance window; it does not reduce them.


If you want an independent read on what actually applies to your organisation on 2 August 2026 — separating the genuinely extended high-risk obligations from the ones that still land this summer — Acuity AI Advisory offers a fixed-fee, vendor-neutral EU AI Act readiness review. For organisations working through the implications over time, we also provide ongoing independent EU AI Act consulting.

eu ai actregulationcomplianceirelandgovernance