The deadline moved. Your obligations didn't all move with it.
For two years, every business using AI in Europe was working toward a single date: 2 August 2026, when the EU AI Act's most demanding obligations were due to take effect. Then, on 7 May 2026, EU lawmakers reached a political agreement on the so-called Digital Omnibus on AI, pushing the high-risk deadlines back by more than a year.
That sounds like relief. For most small and mid-sized businesses (SMBs), it is — but it is not a reprieve. Several obligations are already in force today, and the most common mistake we see at Buinsoft is owners reading the headline "deadline delayed" and quietly switching off. This guide breaks down exactly what changed, what is still live, and the practical steps an SMB should take now.
Quick note: The 7 May agreement is provisional. It still requires formal adoption by the European Parliament and Council — expected by July 2026, before the original August deadline. The direction of travel is clear, but final text and dates only bind once published in the Official Journal.
What actually changed in May 2026
The Digital Omnibus is part of the EU's broader push to simplify digital regulation. Its headline move is a staggered deferral of the deadlines for high-risk AI systems:
| Obligation | New status under the 2026 agreement |
|---|---|
| Prohibitions on unacceptable-risk AI + AI literacy (Article 4) | Already in force since 2 February 2025 |
| General-purpose AI (GPAI) model provider obligations | Already in force since 2 August 2025 |
| Transparency obligations (Article 50) | Unchanged — still apply from 2 August 2026 |
| High-risk Annex III systems (employment, biometrics, credit scoring, education, critical infrastructure) | Delayed from 2 Aug 2026 → 2 December 2027 |
| High-risk Annex I systems (AI as a product safety component) | Delayed → 2 August 2028 |
In short: the heavy, paperwork-intensive high-risk rules got roughly 16 extra months. Almost everything else stayed where it was.
The trap: three things that already apply to you
This is where most SMBs have a live compliance gap without realizing it.
1. The AI literacy obligation (Article 4) — in force since February 2025
If your staff use AI tools at work — chatbots, copilots, automated drafting, anything — your organization must ensure they have a "sufficient level of AI literacy." If you have done no structured training, you already have a gap. This one is widely overlooked precisely because it sounds soft. It isn't optional.
2. The prohibitions on unacceptable-risk AI — in force since February 2025
A defined set of AI practices is simply banned in the EU. Most SMBs won't touch these, but you need to confirm that, not assume it.
3. Transparency obligations (Article 50) — landing 2 August 2026
These were not delayed. If you deploy a chatbot, generate AI content, or use AI that interacts with people, you likely need to disclose it. For an SMB with a customer-facing AI assistant, this is the date that matters this year — not 2027.
What the changes mean specifically for SMBs
The Omnibus wasn't only about dates. A central goal was reducing administrative burden — by at least 25% overall, and 35% for SMEs specifically. For smaller companies, the agreed package points toward:
- Simplified guidance and standardized documentation templates, so you're not reverse-engineering compliance from a 100-page regulation.
- Regulatory sandbox access, letting you test AI systems under supervision before full rollout.
- Reduced fines calibrated to company size.
The practical takeaway: the EU is trying to make compliance proportionate for small companies. But "proportionate" still means something — and the firms that prepare early will move faster and look more credible to enterprise clients and partners who are doing their own due diligence.
A practical 5-step roadmap for SMBs
You don't need a legal department. You need a clear, sized-to-you plan.
- Inventory your AI. List every AI tool and system you build or use, and what data it touches. You can't classify risk you haven't mapped.
- Close the AI literacy gap now. This obligation is already live. A structured internal training session and a short usage policy go a long way.
- Check your transparency obligations before August 2026. If you run a chatbot or publish AI-generated content, plan your disclosures now — this deadline did not move.
- Use the breathing room to build, not to defer. The 2027/2028 dates give real headroom for high-risk systems. A proper compliance framework — documentation, risk assessments, oversight — takes months to build well. Start the foundations.
- Leverage the SME flexibilities. Sandboxes, simplified templates, and size-based relief exist to help you. Make sure you actually qualify and use them.
Frequently asked questions
Does the EU AI Act apply to my small business?
If you provide or deploy AI systems that reach users in the EU, it can apply — regardless of where your company is registered. The risk level of your specific use case determines how much applies.
Were the deadlines really pushed back?
The high-risk system deadlines were delayed to December 2027 and August 2028. But the prohibitions, the AI literacy obligation, GPAI rules, and the August 2026 transparency obligations are all still active or on their original schedule.
What is the AI literacy obligation?
Since February 2025, organizations providing or deploying AI must ensure their people have a sufficient level of AI literacy — meaning structured awareness and training on the tools they use, not just informal experience.
Is my customer-facing chatbot affected?
Most likely yes, under the Article 50 transparency rules, which still apply from 2 August 2026. Users generally need to know when they are interacting with AI.
Where Buinsoft fits in
Most SMBs don't need a compliance overhaul — they need clarity: what applies to us, what's urgent, and what can wait. That's exactly the gap we close.
Buinsoft runs a practical AI Act readiness assessment built for small and mid-sized businesses in Prague and across the EU: we map your AI usage, flag your live obligations (starting with the ones already in force), and give you a sized, prioritized action plan — not a legal lecture.
Book a free 30-minute AI Act readiness call →
This article is for general information and reflects the state of the EU AI Act and the provisional Digital Omnibus agreement as of June 2026. It is not legal advice. The May 2026 agreement awaits formal adoption; confirm current obligations for your specific situation before acting.