EU Council backs AI Act simplification with delayed high-risk rules and tighter oversight

The European Union is moving to reshape its landmark AI law before the framework fully bites. On March 13, 2026, the Council agreed its position on a proposal to streamline parts of the AI Act, including a delay to the application of some high-risk rules and a clearer supervisory role for the EU’s AI Office.

March 13 agreement shifts the AI Act timetable

Under the Council’s mandate, the new application dates for standalone high-risk AI systems would be December 2, 2027, while high-risk systems embedded in products would follow on August 2, 2028. The Commission had proposed a delay of up to 16 months to give regulators time to finalize standards and tools needed for compliance.

The Council also added a prohibition on AI practices involving the generation of non-consensual sexual and intimate content or child sexual abuse material, turning a simplification package into a more pointed update of the bloc’s risk rules.

Central enforcement gets a clearer line

The position would also sharpen the AI Office’s authority over AI systems built on general-purpose AI models when the model and the downstream system are developed by the same provider. In several sectors, however, national authorities would remain competent, including law enforcement, border management, judicial authorities and financial institutions.

That split matters because it could determine whether companies answer primarily to Brussels or to a national regulator, depending on the use case and the system’s deployment context.

What the delay means for builders and deployers

For AI vendors and enterprise users, the immediate effect is not deregulation but more runway. Companies developing or integrating high-risk systems would get additional time before the stricter product and governance obligations apply, while still facing the AI Act’s other requirements on prohibited practices, AI literacy and general governance.

The Council also reinstated a requirement for providers to register AI systems in the EU database for high-risk systems when they consider their systems exempt from high-risk classification, a sign that oversight is moving toward more documentation rather than less.

Negotiations now turn to the final text

The Council’s position is not the last word. It sets up talks with the European Parliament and the Commission on the final shape of the “Digital Omnibus” changes, with the broader AI Act still due to become fully applicable on August 2, 2026 for most remaining provisions.

For companies building compliance programs now, the practical signal is clear: the EU is still committed to enforcement, but it appears willing to trade some timing pressure for more predictable implementation.