EU AI Act Digital Omnibus: Should You Wait for the December 2027 Extension?

In February 2026, the European Commission proposed a package of legislative amendments called the "Digital Omnibus." Among its provisions: a potential extension of the EU AI Act's Annex III high-risk compliance deadline from August 2, 2026 to December 2, 2027. For companies scrambling to get compliant, this sounds like a lifeline. It isn't — and here's why.

What the Digital Omnibus actually proposes

The Digital Omnibus is an umbrella legislative package touching several EU digital regulations simultaneously — the AI Act, GDPR, the Data Act, and the Cyber Resilience Act. For the EU AI Act specifically, the key proposed change is extending the application date for Annex III high-risk AI system obligations by 16 months, from August 2, 2026 to December 2, 2027.

Annex III covers the majority of commercial AI systems with meaningful real-world impact: AI used in employment decisions, credit scoring, education, critical infrastructure, law enforcement, and migration. If the extension passes, companies with these systems would have until late 2027 to meet the full technical documentation, risk management, and conformity assessment requirements.

What the Digital Omnibus does NOT change

Even if the extension passes in its current form, the following obligations remain in force regardless:

• Article 5 — Prohibited practices: Already in force since February 2025. Social scoring, real-time biometric surveillance, subliminal manipulation, and emotion recognition in workplaces and schools are banned now. No extension affects this.
• Chapter V — GPAI obligations: In force since August 2025. Companies deploying general-purpose AI models (Claude, GPT-4, Gemini, etc.) already have active obligations around transparency, copyright compliance, and incident reporting.
• Article 50 — Transparency for chatbots: Already in force. If your product has a chatbot or virtual assistant, you must already be disclosing that users are interacting with AI.
• Article 53 — GPAI provider obligations: In force. Model providers have active technical documentation and transparency requirements.

The Digital Omnibus, even in its most generous interpretation, only delays the most burdensome high-risk AI documentation requirements. A significant portion of the EU AI Act already applies to you today.

Current legislative status

As of April 2026, the Digital Omnibus proposal is in the early stages of the EU legislative process. It has been introduced by the Commission but has not passed the European Parliament or the Council. The EU Parliament's AI Committee has raised concerns about the extension, and several member states have pushed back on weakening the timeline.

EU legislative timelines are notoriously unpredictable. The proposal could pass largely unchanged, be amended significantly, or stall entirely. Given that the current August 2026 deadline is 96 days away, any company betting its compliance strategy on the Digital Omnibus passing in time is taking a significant and unnecessary risk.

Three reasons not to wait

1. Commercial pressure is already here

Enterprise procurement teams — particularly at larger EU companies who are themselves subject to deployer obligations under the AI Act — are already asking vendors for evidence of compliance. RFPs are including EU AI Act compliance questionnaires. Security assessments reference Annex IV documentation. This commercial pressure is not waiting for the Digital Omnibus to resolve itself. A company that cannot demonstrate a credible compliance posture after August 2026 will face sales friction regardless of whether the regulatory deadline has moved.

2. Compliance work takes time even with an extension

If the extension passes and you have until December 2027, that sounds comfortable. But high-risk AI compliance still requires 3 to 6 months of focused work: technical documentation, risk management system, data governance review, human oversight implementation, conformity assessment, and EU database registration. If you wait until mid-2027 to begin, you will be in the same position you would be in today without the extension — rushing to complete months of work in weeks.

3. The extension may not cover your system

The Digital Omnibus targets Annex III high-risk obligations. If your system falls under Annex I (AI used in regulated products — medical devices, machinery, vehicles), the existing August 2026 timeline may still apply under sector-specific legislation even if the AI Act timeline shifts. The interaction between the AI Act and sector regulations is one of the most complex areas of compliance, and the Digital Omnibus does not resolve it.

The prudent approach

Compliance teams and legal advisors are in agreement on this: plan for August 2026, treat the Digital Omnibus as a potential bonus rather than a plan. The companies that will be in the strongest position in 2027 — regardless of how the legislative process resolves — are the ones that used 2026 to build a genuine compliance foundation rather than hoping for a delay.

Start by classifying your AI systems to understand which obligations apply. The free classifier at getactready.com/classify takes 60 seconds and tells you exactly what tier you're in and what requirements are already in force versus what the Digital Omnibus might affect. Knowledge of your actual exposure is the first step to making an informed decision about timeline.