EU agrees to delay high-risk AI Act obligations to late 2027
← News Posts
NewsNews Post

EU agrees to delay high-risk AI Act obligations to late 2027

EU Council and Parliament negotiators have reached a [provisional Digital Omnibus agreement](https://www.consilium.europa.eu/en/press/press-releases/2026/05/07/artificial-intelligence-council-and-parliament-agree-to-simplify-and-streamline-rules/) that resets the AI Act's compliance clocks. Obligations for standalone high-risk systems under Annex III, the category covering recruitment and credit scoring, move from 2 August 2026 to 2 December 2027. Product-embedded high-risk systems shift to 2 August 2028. Not everything loosens. The deal adds a new prohibition on AI generation of non-consensual intimate content and child sexual abuse material, with compliance due by 2 December 2026, and cuts the grace period for AI-generated content transparency and watermarking from six months to three. National regulatory sandboxes get until 2 August 2027. Formal adoption is expected before the original August 2026 deadline, [per Bird and Bird's analysis](https://www.twobirds.com/en/insights/2026/digital-omnibus-on-ai-provisional-agreement-reached-at-the-may-trilogue). For Australian organisations selling into the EU, or HR teams benchmarking AI recruitment tools against EU categories, the timeline moved but the direction did not: delayed, not diluted.

Tags

NewsRegulation
Discuss this on X (@TheAICommand)

TheAICommand. Intelligence, At Your Command.

← Back to News Posts

Read next

Zurich Bahnhofstrasse Banking Dusk

Build 2026 makes agents first-class citizens of the Microsoft stack

Microsoft used [Build 2026](https://blogs.microsoft.com/blog/2026/06/02/microsoft-build-2026-be-yourself-at-work/) to make agents first-class citizens of its stack, and the governance tooling arrived alongside the capability for once. Microsoft IQ, a context layer spanning Work IQ, Fabric IQ, Foundry IQ and Web IQ, is generally available across GitHub Copilot, Foundry and Copilot Studio, grounding agents in Microsoft 365 data through APIs that go live on 16 June. Microsoft Execution Containers enter preview as OS-enforced sandboxes that contain what an agent can touch, and ASSERT plus the Agent Control Specification are open-sourced for standardised agent safety evaluation. The headline for compliance teams is Agent 365: Entra, Defender and Purview extended into a unified control plane where agents get identities, security posture and compliance treatment the way employees do. The framing to take into your next architecture discussion: Microsoft is now assuming organisations will run fleets of agents, and is selling the management layer. If your AI governance still models one user prompting one chatbot, the vendor roadmap has already moved past your risk register.

Read more
Lighthouse Cape Byron NSW

OAIC survey finds trust in AI companies has collapsed to 4 per cent

The Office of the Australian Information Commissioner has released its triennial [Australian Community Attitudes to Privacy Survey](https://www.oaic.gov.au/news/media-centre/australians-more-concerned-about-privacy-as-trust-in-ai-languishes,-survey-finds), and the AI numbers are stark. Just 4 per cent of Australians trust AI companies. Only social media platforms rank lower, at 3 per cent. The broader trend is sharpening: 87 per cent of respondents are more concerned about privacy than five years ago, and privacy complaints to the OAIC are up 73 per cent this financial year to date. The survey was run by the Social Research Centre in March 2026 with 1,511 nationally representative adults. Privacy Commissioner Carly Kind noted that "wariness of emerging technologies is increasing, particularly in terms of fairness, accountability and the practical ability to exercise rights." The number worth building strategy on: 68 per cent would be more likely to use digital services if they knew data was handled fairly and responsibly. For any team deploying AI on customer or employee data, the complaint pathway is not a side process. It is part of the control environment, and now a measurable trust asset.

Read more
Lisbon 25 De Abril Bridge Dusk

Mistral puts frontier-class weights on four GPUs with Medium 3.5

Mistral has released [Medium 3.5](https://mistral.ai/news/vibe-remote-agents-mistral-medium-3-5/), a 128 billion parameter dense model with a 256k context window that folds instruction-following, reasoning and coding into a single set of weights. It posts 77.6 per cent on SWE-Bench Verified and 91.4 on the agentic telecom benchmark. Two release details matter more than the benchmarks. The weights are open, [published on Hugging Face](https://huggingface.co/mistralai/Mistral-Medium-3.5-128B) under a modified MIT licence that permits commercial use with carve-outs for high-revenue companies. And the model self-hosts on as few as four GPUs, with API pricing at $1.50 per million input tokens and $7.50 output for those who would rather not. The release also ships Vibe remote agents, asynchronous sandboxed cloud coding sessions that integrate with GitHub, Jira and Slack. For regulated Australian entities weighing data residency, APRA-style vendor concentration questions and exit strategies, a frontier-class model that runs inside your own perimeter is no longer hypothetical. The procurement conversation has a new comparison point.

Read more