By Dr. Baz Abouelenein (AAIA, CISA, CISM, CRISC, CISSP, PMP) · May 7, 2026 · 11 min read
The Council and Parliament reached a provisional agreement on May 7, 2026 on the Digital Omnibus. Annex III high-risk AI systems get pushed to December 2, 2027. AI embedded in regulated products under Annex I moves to August 2, 2028. Compliance teams will treat this as breathing room. They shouldn't — Articles 9 through 15 didn't change, and the work to satisfy them takes longer than the seventeen-month extension you just got.
What moved is the enforcement date — not the obligations. Articles 9 through 15 (risk management, data governance, technical documentation, logging, accuracy, robustness, cybersecurity) are unchanged. Article 26 deployer duties are unchanged. The risk classification under Article 6 and Annex III is unchanged. If your organization was already behind on the August 2026 deadline, the December 2027 date gives you more time to be behind.
Two things actually got harder. Article 5 now bans AI systems that generate non-consensual sexual or intimate content. The Article 50(2) transparency obligation for generative AI output now applies from December 2, 2026 — seven months out. If your organization deploys generative AI in customer-facing products, that deadline lands first.
The penalty structure is unchanged. Article 99 sets fines at up to €35 million or 7% of worldwide annual turnover for prohibited practices, up to €15 million or 3% for non-compliance with high-risk obligations, and up to €7.5 million or 1.5% for supplying misleading information to authorities.
Article 6 of the EU AI Act, paired with Annex III, defines high-risk AI for stand-alone systems. Annex I covers AI embedded in products under EU sectoral safety law. Annex III lists eight categories. Point 4 covers employment, workers management, and access to self-employment. Point 5 covers access to essential private and public services including credit scoring, insurance pricing, and eligibility for public benefits.
Article 6(3) creates a derogation. A system listed in Annex III is not considered high-risk if it does not pose a significant risk to health, safety, or fundamental rights. The Omnibus preserved the Article 49(2) registration obligation despite earlier proposals to soften it. Auditors should expect most derogation documentation to be poorly reasoned.
Articles 9 through 15 contain the substantive obligations on high-risk AI systems. Article 9 requires a continuous, iterative risk management process across the entire AI system lifecycle. Article 10 requires training, validation, and testing datasets to be relevant, sufficiently representative, and free of errors. The Omnibus broadened the lawful basis for processing sensitive personal data when strictly necessary to detect and correct bias. Articles 11 and 12 require technical documentation and automatic event logging. Article 13 requires transparency and instructions for deployers. Article 14 requires human oversight with competence, training, and authority to intervene. Article 15 requires accuracy, robustness, and cybersecurity including adversarial robustness testing.
The Omnibus added a prohibition to Article 5. AI systems capable of generating non-consensual sexual or intimate content are now banned. The safe harbor is narrow: it covers systems with effective preventive safeguards, not systems where someone added a content filter as an afterthought. If your organization hosts, distributes, integrates, or fine-tunes a foundation model with image-generation capability, the audit question is now whether controls prevent prohibited output and whether those controls are tested and documented.
Most US-headquartered enterprises will be the deployer, not the provider. Article 26 requires deployers to use the system in accordance with provider instructions, assign human oversight, ensure input data is representative, monitor operation, keep logs for at least six months, inform workers before deployment, and conduct a fundamental rights impact assessment if required. The Omnibus did not move these obligations.
Three reasons the deferral is harder on auditors, not easier. First, harmonized standards under EN ISO/IEC 42001 will be more complete by the new deadline. The bar moves up, not down. Second, national regulators will use the runway to staff up. Early enforcement will be more deliberate and better-resourced. Third, organizations that get this right will start now. The ones that read the news as relief will resurface in mid-2027 with eighteen months of catch-up.
NIST AI RMF 1.0 maps cleanly onto the Act. The MAP function aligns with Articles 6 and 9. The MEASURE function aligns with Articles 10 and 15. The MANAGE function aligns with Articles 9, 14, and 26. ISO/IEC 42001:2023 is the certifiable AI management system standard. ISO/IEC 23894:2023 on AI risk management provides the testing and treatment vocabulary that Article 9 expects.
ISACA's Advanced in AI Audit (AAIA) credential is built around this body of knowledge. Domain 1 (AI Governance and Risk, 33%) tests regulatory awareness with the EU AI Act as a primary reference. Domain 2 (AI Operations, 46%) tests Articles 10 through 15 in practice. Domain 3 (AI Auditing Tools and Techniques, 21%) tests the audit response.
Months 1-3: Build a defensible high-risk AI register using Article 6 and Annex III. Document derogations and prepare Article 49(2) registrations. Months 4-9: Gap analysis against Articles 9 through 15 and Article 26 using NIST AI RMF as the structuring framework. Build a remediation backlog with named owners and quarterly checkpoints. Months 10-19: Close documentation gaps first, then bias testing, robustness testing, and human oversight design. Run a dry-run audit twelve months in. One nearer deadline: Article 50(2) transparency for generative AI applies from December 2, 2026.
Written by Dr. Baz Abouelenein, AAIA, CISA, CISM, CRISC, CISSP, PMP. The AAIA Prep app has 1,155 original practice questions covering the EU AI Act, NIST AI RMF, and ISO 42001.