EU AI Act delayed by 16 months — regulations not coming before 2027

EU reverses course: AI Act regulations postponed to 2027

EU member states have decided to push the enforcement of AI Act regulations 16 months forward from the originally planned effective date. This means the regulations will come into force at the earliest in 2027 — not 2025/2026 as many companies had planned for.

The news came on Monday, March 16 and has been confirmed by the EU's rotating presidency.

What does the delay mean in concrete terms?

For AI providers: The deadline for meeting requirements for high-risk applications, transparency, and human oversight has been extended. This provides more time for technical adaptation and compliance documentation.

For companies adopting AI: Risk categorization, user rights, and technical documentation requirements don't need to be completed by August 2026 — but this doesn't mean the work can wait.

For CISOs and compliance teams: Gap analyses against the AI Act remain relevant, but time pressure on implementation is reduced. Use the time wisely.

What is not postponed

The prohibition against AI systems in the "unacceptable risk" category (facial recognition in public spaces, manipulative AI, etc.) applies as planned. The delay primarily concerns requirements for providers and deployers of high-risk AI.

Why the postponement?

Lack of national implementation capacity among many EU countries, combined with pressure from industry that the requirements are too complex and unclear in implementation. A clear sign that regulatory ambition and operational reality are still not aligned.

My take:

For Norwegian CIOs and compliance managers: this is good news — more time to prepare. But don't misunderstand the delay as a free pass. The AI Act is law, and it is coming. Companies that use the extra time to build robust AI governance structures now will be strongest when enforcement begins. Don't put the work on hold. Adjust your plans, but maintain the pressure.