On May 7, 2026, the EU Council and Parliament agreed to push back several EU AI Act deadlines as part of the Digital Omnibus deal. Article 50(1) chatbot disclosure still applies from August 2, 2026. Article 50(2) watermarking for AI-generated content applies from August 2026, but systems already on the market get a transition period until December 2, 2026. High-risk system requirements under Annex III are pushed to December 2, 2027. AI embedded in regulated products (Annex I) is pushed to August 2, 2028. Prohibited practices under Article 5 remain in force.
The Deadline Moved. Here Is What Changed.
On May 7, 2026, the Council of the European Union and the European Parliament reached a provisional agreement to amend the EU AI Act as part of the European Commission's Digital Omnibus initiative. Several key compliance deadlines moved.
If you have heard "the EU AI Act deadline moved" and assumed everything got delayed, the reality is more layered. Some obligations still go live in August 2026. Others got pushed to 2027 or 2028. This piece is the field guide for AI product teams: what changed, what still applies, and what to do now.
What the May 7 Omnibus Changed
Three changes matter for AI product teams.
1. High-risk AI systems under Annex III: pushed to December 2, 2027. The systems most product teams worry about (AI used in employment, education, credit scoring, critical infrastructure, law enforcement, migration, justice, biometrics, border management) now have until December 2, 2027 to comply with the high-risk requirements (conformity assessment, risk management, data governance, technical documentation, human oversight, post-market monitoring).
2. High-risk AI embedded in regulated products: pushed to August 2, 2028. AI inside products already covered by EU safety legislation (medical devices, machinery, automotive components) gets the longest extension. Full high-risk obligations now apply from August 2, 2028.
3. Article 50(2) watermarking: transition period through December 2, 2026. The requirement to mark AI-generated images, audio, video, and text as synthetic still applies from August 2, 2026 for new systems placed on the market after that date. Systems already on the market by August 2 get a four-month transition period until December 2, 2026 to comply.
What Still Applies in August 2026
Several obligations stayed on the original timeline.
- Article 5 prohibited practices. Already in force since February 2, 2025. Social scoring, real-time biometric surveillance in public spaces, manipulative dark-pattern AI, and other unacceptable practices remain banned.
- Article 50(1) chatbot and AI assistant disclosure. If users could mistake your AI for a human, you have to tell them it is AI. Goes live August 2, 2026.
- Article 50 deployer transparency obligations. Emotion recognition and biometric categorisation systems must inform exposed users. Goes live August 2, 2026.
- General-purpose AI model rules. Already applied since August 2, 2025 for new models. Existing models have a transition period.
For most AI product teams the August 2026 deadline is still real, just narrower than the original framing. The transparency and disclosure obligations apply. The full high-risk regime does not, for another sixteen months.
The official implementation timeline is the up-to-date reference.
The Four Risk Tiers
1. Unacceptable risk. Banned outright since February 2025. Social scoring, real-time biometric surveillance in public spaces (with narrow exceptions), AI that exploits vulnerabilities of specific groups, manipulative dark-pattern AI.
2. High risk. Heavily regulated. Requires conformity assessment, risk management, data governance, technical documentation, transparency, human oversight, and post-market monitoring. Applies from December 2, 2027 for standalone systems under Annex III (biometrics, critical infrastructure, education, employment, essential services, law enforcement, migration, border management, justice) and from August 2, 2028 for AI embedded in Annex I regulated products (medical devices, machinery, automotive).
3. Limited risk. Transparency obligations under Article 50. Examples: chatbots, AI assistants, deepfakes, synthetic content generation, emotion recognition systems. Article 50(1) applies August 2, 2026. Article 50(2) watermarking applies August 2026, with a transition until December 2, 2026 for existing systems.
4. Minimal risk. Most AI systems land here. Spam filters, AI-enhanced video games, basic recommendation systems. Voluntary codes of conduct, no mandatory obligations.
If you are unsure which tier your product falls into, the answer is usually limited or minimal risk for typical product features. High risk is reserved for AI used in regulated domains.
What Article 50 Actually Requires
Four obligations, in plain language.
1. AI assistants must disclose they are AI. If your product interacts with users in natural language and they could reasonably mistake it for a human, you have to tell them. Clear, visible, not buried. The form is up to you (a label, an onboarding moment, an avatar that reads as a bot). The presence is not optional. Goes live August 2, 2026.
2. AI-generated content must be machine-readable as AI-generated. Text, image, audio, or video produced by your AI has to carry a marker that downstream systems can detect. Watermarking standards are still being finalised. The obligation applies from August 2, 2026 for new systems, and from December 2, 2026 for systems already on the market.
3. Deepfakes must be visibly labelled. If your AI creates or manipulates content that appears authentic (a fabricated photo of a real person, an AI-generated voice clone, synthetic video), the output has to be clearly labelled as artificially generated.
4. Emotion recognition and biometric categorisation systems must inform exposed users. If your product uses AI to infer emotions, mood, or biometric category, the people being analysed need to be told.
In design and engineering terms: every user-facing AI feature in your product needs a transparency review before August 2. The disclosure might be a label, a tooltip, an onboarding moment, or a content tag in the API. The form is up to you. The presence is not.
GDPR Meets AI: Where the Two Overlap
GDPR has applied to AI products since 2018. The AI Act adds layers on top.
- Automated decisions affecting users. GDPR Article 22 plus AI Act high-risk rules. If AI decides on a user's behalf (hiring, credit, insurance), both regimes apply.
- Data Processing Agreements. AI providers process user data. A DPA is required under GDPR. The AI Act adds obligations around training data quality and provenance.
- User information. GDPR's right to be informed overlaps with Article 50's transparency obligations. The AI Act is specific about disclosure of AI use.
If your team already has a GDPR programme, you are not starting from zero.
You are extending it.
Industry-Specific Overlays
Some industries face additional rules on top of the AI Act:
- Healthcare. Medical Device Regulation (MDR) plus AI Act high-risk classification under Annex I (pushed to August 2028).
- Finance. EBA guidelines on machine learning models, plus AI Act Annex III for credit scoring and other high-risk uses (pushed to December 2027).
- Legal services. Annex III high-risk classification for AI used in administration of justice (pushed to December 2027).
If you are in a regulated industry, your compliance work is the union of both sets.
What to Do Now
The Omnibus changed the urgency on parts of this.
- Map your AI features and classify each by risk tier
- Ship Article 50 chatbot and AI assistant disclosures before August 2, 2026
- Meet the watermarking requirement for existing AI-generated content systems by December 2, 2026
- If you have high-risk Annex III systems, start the conformity documentation now
Fines
The Act takes enforcement seriously. Maximum fines under Article 99:
- Up to EUR 35 million or 7 percent of global annual turnover (whichever is higher) for prohibited practices
- Up to EUR 15 million or 3 percent for non-compliance with other obligations
- Up to EUR 7.5 million or 1 percent for providing incorrect or incomplete information to authorities
For SMEs and start-ups, the fine is the lower of the percentage or the absolute amount, not the higher. That is the one piece of relief built into the penalty regime for smaller teams.
Frequently Asked Questions
Wait, did the EU AI Act deadline get pushed?
Partially. On May 7, 2026, the EU Council and Parliament agreed to push high-risk AI compliance to December 2, 2027 (Annex III) and August 2, 2028 (Annex I). Article 50 transparency obligations still apply from August 2, 2026, with a four-month transition for watermarking on systems already on the market.
Does the EU AI Act apply to my US-based startup?
Yes, if your product reaches EU users. The Act applies based on where the AI system is placed on the market or used, not where the company is based.
What counts as a high-risk AI system?
AI used in regulated domains: critical infrastructure, education, employment, credit scoring, healthcare, law enforcement, migration, justice, biometrics, border management. The full list is in Annex III. High-risk AI embedded in regulated products (medical devices, machinery) falls under Annex I.
Are LLM features like a customer support chatbot affected?
Yes, by Article 50(1). The chatbot must disclose it is AI from August 2, 2026. Most customer support chatbots are limited risk, not high risk.
What is the difference between Article 50(1) and Article 50(2)?
Article 50(1) covers the obligation to disclose when users are interacting with an AI system (chatbots, AI assistants). Article 50(2) covers the obligation to mark AI-generated synthetic content (images, audio, video, text) in machine-readable format.
Do we need to do anything different for the European market versus globally?
Most teams ship one product worldwide. The practical approach is to build Article 50 disclosures into the global product, since transparency obligations are reasonable UX defaults. EU-specific configuration may be needed for high-risk systems if applicable.
We Do AI at Creative Glue Lab!
We are a Berlin-based product studio.
Our services cover both AI Product Design and AI Development, with strategy, UX, and engineering under one roof, run by senior practitioners on every project.
If you have AI product questions, we'd love to have a chat.
Happy to talk whenever you're ready. Book a clarity call