Brussels enters one of the most consequential days for AI policy this year. EU institutions are meeting on April 28 for a political trilogue on the Digital Omnibus on AI, with negotiators aiming to lock in a consolidated text that would reshape the AI Act's deadlines for high-risk systems and set firm rules for synthetic content disclosure.
The stakes are high. The AI Act's signature obligations for high-risk systems are currently set to apply from August 2, 2026. Without an Omnibus deal, providers of credit-scoring tools, recruitment software, biometric systems and other Annex III applications would have to be in full compliance in just over three months. Industry has been lobbying hard to push that back, and member states and Parliament have largely agreed.
What is on the table
According to analysis from law firm A&O Shearman of the institutions' adopted positions, both the Council and the European Parliament rejected the Commission's original conditional mechanism for delaying the high-risk regime. Instead, they have converged on fixed dates: December 2, 2027 for standalone high-risk AI systems classified under Annex III, and August 2, 2028 for AI embedded in regulated products under Annex I.
Watermarking of AI-generated content is the other big-ticket item. The Council wants enforcement to start on February 2, 2027. Parliament is pushing for November 2, 2026. The gap, A&O Shearman notes, is the difference between three months and six months of preparation time for providers of generative audio, image, video and text systems.
Governance and carve-outs
Governance of the AI Office is a flashpoint. The Council version, summarized by A&O Shearman, includes carve-outs for sectoral legislation, critical infrastructure, law enforcement and judicial processes, with judicial authorization requirements layered on top. Parliament's version is narrower, limiting carve-outs mainly to sectoral products and critical infrastructure, extending oversight to provider groups, and requiring coordination with national data protection authorities on personal data issues.
Both co-legislators support registration requirements for high-risk systems that benefit from exemptions, and both want proportionality benefits for small and medium-sized companies. They still diverge on whether AI literacy obligations should be binding or soft, and on how deeply to integrate AI rules into existing product safety frameworks.
Why today matters
A political agreement on April 28 would set up a tight ratification sprint. Parliament and Council endorsement could follow in May and June, with Official Journal publication potentially in July 2026, just ahead of the August 2 deadline that the Omnibus is designed to soften.
For AI providers, the practical message is to stop assuming that August 2 obligations are fluid. If the trilogue lands, the new firm dates—late 2027 for standalone systems and 2028 for embedded ones—become the planning baseline. If it does not, the original deadline still applies, and compliance teams have less than 100 days to be ready.
