Markets Closed
Global Markets
S&P 500 7,543.59 ▲ +0.4% DOW 52,508.27 ▲ +0.0% NASDAQ 26,107.01 ▲ +0.9% RUSSELL 2K 2,964.76 ▲ +0.4% VIX 16.5 ▼ -3.8% GOLD 4,038.2 ▼ -0.6% CRUDE OIL 80.24 ▲ +1.1% EUR/USD 1.14 ▲ +0.5% BTC 64,536 ▲ +3.5% ETH 1,866.69 ▲ +5.0%
Fintech

EU AI Act timetable shifts for high-risk systems, Altimetrik executive says

High-risk AI compliance dates move to 2027 and 2028, while chatbot, deepfake and banned-practice rules remain on earlier tracks.

Ingrid Halvorsen

By Ingrid Halvorsen · Staff Writer

· 3 min read

The European Union’s AI Act timetable has been adjusted, giving companies with some high-risk systems until 2 December 2027 or 2 August 2028 to meet key obligations, according to Vikas Krishan, chief digital business officer and head of UK and EMEA at Altimetrik. Krishan said the changes extend the implementation window for resource-intensive parts of the regime while leaving several 2026 requirements in place, a distinction that matters for banks, technology vendors and other regulated firms planning AI controls.

In a Finextra opinion piece, Krishan said the European Commission set out amendments on 19 November 2025, with the European Parliament approving the text in mid-June and the European Council giving final approval on 29 June 2026. He said the amended compliance dates are expected to be formally enforced from 2 August 2026.

The EU AI Act uses a risk-based structure. Certain AI applications are prohibited, some are treated as high risk because of their effect on individuals or critical services, and general-purpose AI systems face separate obligations. Krishan said that framework remains intact under the amendments.

High-risk deadlines move later

The main timing change affects high-risk AI systems, according to Krishan. Standalone high-risk tools covered by Annex III, including systems used in employment, education, biometrics, critical infrastructure and justice, now have a compliance deadline of 2 December 2027 rather than 2 August 2026.

High-risk AI functions built into regulated products face a later date, with compliance due by 2 August 2028, Krishan said. Embedded systems can involve more complex product approval and conformity assessment processes because the AI function forms part of a wider regulated item, rather than operating as a separate software tool.

Several other obligations remain closer on the calendar. Krishan said most transparency requirements under Article 50 are still due to apply from 2 August 2026, including disclosure duties for chatbots and deepfakes. Requirements for watermarking AI-generated content have been shifted to 2 December 2026, a three-month extension rather than the six months first proposed, he said.

Prohibited AI practices have applied since February 2025, according to Krishan. He also said the amended Act adds a prohibition on AI systems used to create non-consensual sexual or intimate material, including “nudifier” applications, as well as tools that generate child sexual abuse material. That new ban is due to apply from 2 December 2026, he said.

Standards and supervision cited

Krishan attributed the delay in high-risk obligations to both practical and political factors. He said technical standards needed to make compliance workable were not ready, and that some member states had not yet named the authorities responsible for supervision.

He also pointed to political concern in Europe over an innovation gap with the US and China, alongside pressure to reduce administrative burdens. Those explanations were presented as Krishan’s view.

For companies, the revised timetable does not alter obligations under the General Data Protection Regulation, Krishan said. Data transparency, security and enforcement under GDPR remain in force, regardless of the AI Act schedule.

Krishan said leadership teams should identify every AI system in use, classify which deadline applies and build governance arrangements capable of changing as the rulebook develops. He said any attempt to place systems on the market before later deadlines apply should be treated as a board-level decision rather than left by default to product or technology teams.

This story draws on original reporting from Finextra Research.

More from Fintech

All Fintech →