IA
6 min read

The AI Act shifts: what changes on 2 August and what's been postponed

Jorge García

Tecnea

The AI Act shifts: what changes on 2 August and what's been postponed

If you follow AI news, you've seen the date everywhere: 2 August 2026. It's been billed as the day «the European AI law comes into force», stirring up equal parts urgency and confusion. After Brussels' latest decision, the reality is more nuanced — and for most companies, more manageable than it seemed.

Let's sort it out: what the AI Act actually is, what changed this week, which dates are moving and — crucially — what all this means for a company that simply wants to use AI without getting into trouble.

In one sentence: 2 August 2026 does not bring the wave of «high-risk» obligations many feared — that has moved to December 2027 — but it does switch on the enforcement regime and the rules for generative AI. Less panic, same direction: get ready.

What the AI Act is, in 30 seconds

The EU Artificial Intelligence Act (Regulation EU 2024/1689) is the world's first comprehensive AI law. It has been in force since August 2024, but it applies in stages: obligations phase in through 2027-2028.

Its logic isn't to regulate «AI» in the abstract, but uses, classified by risk. The higher the risk of a given use, the more obligations it carries: from outright prohibited practices to «high-risk» systems with strict documentation and oversight requirements, plus transparency duties for the rest.

The news: the «Digital Omnibus»

On 29 June 2026, the Council of the EU gave final approval to the AI Act simplification package — the so-called «Digital Omnibus» — after the European Parliament's endorsement on 16 June. Why? Implementation was arriving before the technical standards and guidance companies need to comply were ready.

The result: some dates move, but the philosophy doesn't. It's not a reversal, but a selective postponement of the heaviest obligations.

The new timeline

  • 2 February 2025 — Already in force. Prohibited practices and AI literacy (Art. 4): every organisation must ensure its staff has a basic level of AI competence.
  • 2 August 2025 — Already in force. Transparency and documentation rules for general-purpose AI models (GPAI) — the ones behind ChatGPT, Gemini and the like.
  • 2 August 2026 — Starts now. The European Commission can investigate, audit and fine. Generative-AI rules become fully enforceable and governance kicks in (national authorities, market surveillance).
  • 2 December 2027 — Postponed (from August 2026). «High-risk» systems under Annex III: HR, credit scoring, education, biometrics… This is the Digital Omnibus's big change.
  • 2 August 2028 — Postponed. High-risk AI embedded in products already subject to certification (Annex I).

Leadership team of an SME reviewing its AI governance The delay buys room to document and adapt sensibly — not to ignore the law.

What does start — and what gains time

Yes, on 2 August:

  • The Commission can now impose fines. The penalty regime becomes operational: up to €15M or 3% of global annual turnover for breaching obligations (and up to €35M / 7% for prohibited practices).
  • Generative AI (GPAI) becomes fully enforceable, with its Code of Practice as the reference.
  • Governance begins: national authorities and market surveillance start operating.

Gains time (but doesn't disappear):

  • The bulk of «high-risk» (Annex III) obligations is pushed to December 2027.
  • High-risk AI embedded in regulated products (Annex I), to August 2028.
  • Translation: more room to document, assess and adapt. Not to ignore it.

So what does this mean for your SME?

Here's the good news and the nuance almost nobody mentions: your company probably doesn't «build» a high-risk system. Most SMEs don't develop scoring or biometric software. But almost all of them use AI every day — ChatGPT, copilots, assistants — and that's where your real exposure lies. Four things to keep on your radar:

  1. AI literacy (already mandatory). Since February 2025, your team must know what they can and can't do with AI. It doesn't depend on any extension.
  2. Transparency. If you generate content or serve customers with AI, in many cases you have to say so.
  3. The most immediate risk isn't the AI Act, it's the GDPR. Feeding client data or case files into public tools can mean handing them to third parties and losing traceability: the dreaded «Shadow AI», and it doesn't wait until August.
  4. Inventory and data governance. Knowing which AI tools are used, with what data and — crucially — where that data lives.

The takeaway isn't «don't use AI». It's «use it well».

The Digital Omnibus delay is an opportunity, not an excuse. It buys time to do things properly: adopt AI with the power of the best models, but on your own information, in European infrastructure and with traceability — so that complying with the law and gaining productivity stop being opposing goals.

That's exactly the approach we take at Tecnea to help companies make the leap: private, compliant AI, without giving away your data and without falling behind. If you'd like to see how it would fit your case, let's talk.

This article is informational and does not constitute legal advice. The dates reflect the AI Act simplification agreement («Digital Omnibus») of June 2026; the final text published in the Official Journal of the EU should be verified.

¿Te ha resultado útil este artículo?

Publicamos análisis sobre IA y tecnología empresarial. Sin spam — solo cuando escribamos algo que valga la pena leer.

Ready to transform your business?

Let's talk about how we can help you implement these solutions in your company.

Contact us

Related articles