The European Commission has published a new draft regulation amending the EU AI Act, signalling a significant shift in the timeline and scope of landmark AI rules. These changes aim to keep Europe competitive with global tech leaders like the US and China while balancing innovation and compliance. For businesses operating in or with the EU, understanding these updates is crucial.

Why this matters

The EU AI Act is the world’s first comprehensive AI regulation, setting strict obligations for providers and deployers of high-risk AI systems. The proposed amendments introduce flexibility, delay enforcement and reduce burdens for smaller companies - giving businesses more time to adapt.

Top five proposed changes to the EU AI Act

1. Extended timelines for high-risk AI compliance (article 113)

The most impactful change is the postponement of compliance deadlines. Currently, obligations for high-risk AI systems are due from 2 August 2026. Under the draft:

  • Compliance will kick in 6–12 months after technical standards are approved, or
  • by 2 December 2027 for Annex III systems and 2 August 2028 for Annex I systems.

Implication: Businesses gain breathing space to align with evolving standards, reducing the risk of rushed implementation.

2. AI literacy obligations downgraded (article 4)

Instead of mandatory AI literacy programmes for providers and deployers, the responsibility shifts to the Commission and Member States to foster awareness. Companies are now “encouraged” rather than legally required to ensure AI literacy.

Implication: While this eases compliance pressure, organisations should still invest in training to mitigate operational and reputational risks.

3. Expanded role for the EU AI Office (Article 75)

The AI Office will now supervise and enforce rules for certain general-purpose AI systems, especially where the model and system are developed by the same provider.

Implication: Businesses building or deploying general-purpose AI should expect closer scrutiny and prepare for additional reporting obligations.

4. Reduced public registration requirements (Article 6)

Providers no longer need to register AI systems in the EU’s public database if they determine and document that the system is not high-risk. However, evidence of this assessment must be provided upon request.

Implication: This reduces administrative overhead but places greater emphasis on robust internal risk assessments.

5. Proportional penalties for Small Mid-Caps (Article 99)

Companies with up to 750 employees and turnover under €150 million will benefit from lighter compliance penalties, complementing existing SME and startup provisions.

Implication: Mid-sized businesses gain cost relief, encouraging innovation without disproportionate regulatory burden.

What should businesses do now?

  • Monitor the legislative process: These proposals are still in draft form and subject to change.
  • Review AI risk frameworks: Ensure internal assessments align with Annex I and III definitions.
  • Plan for phased compliance: Use the extended timeline to implement scalable governance and training.
  • Engage with industry bodies: Stay informed on technical standards development.

Ready to navigate AI compliance?

Don’t wait until deadlines loom - get ahead of the curve now. Our AI team specialises in helping businesses interpret regulatory changes, assess risk and implement practical compliance strategies.

Get in touch with the team to discuss how these EU AI Act updates could impact your organisation and how we can help you stay compliant while driving innovation.