EU could delay AI Act until 2027 — what founders need to know

The European Commission has proposed a delay in enforcing certain AI regulations, following backlash on its ‘AI Act’ from major tech firms and concerns about Europe’s competitiveness.

The ‘Digital Omnibus’, which still needs sign-off from EU member states, proposed to push back the date of stricter EU rules on the use of so-called “high-risk” AI from August 2026 to December 2027.

While in the short term, this may give UK entrepreneurs building or deploying AI tools a freer rein, it creates new uncertainty for AI-led businesses that need to plan for product compliance.

Why has the EU pushed back the AI Act?

Big tech companies have argued that stringent rules and the scope of what counts as “high-risk” AI would mean the EU falls behind China and the US, where Trump is easing AI regulations.

Enforcement of the rules has also proved more complex than initially thought, with concerns raised about resourcing, classification and oversight. The Commission has also faced pressure to loosen its grip on AI after diluting parts of its environmental and digital rules in response to backlash.

In addition to the delay, there’s also been a proposed shift from national authority classification to self-assessment for high-risk AI.

In practice, that means businesses will be responsible for determining whether their systems fall under regulated categories, and for making sure that they meet the legal requirements.

Nikolas Kairinos, an AI governance expert, says the delay risks sending the wrong message. In particular, that the business owner should be legally responsible for self-classification.

“More concerning than the timeline extension is the Commission’s shift from national authority classification to self-assessment for high-risk AI systems,” says Kairinos. “This transfers legal accountability to organisations without reducing compliance requirements, leaving them open to significant fines.”

So, despite the extra time, the shift could potentially increase pressure for founders. And some regulators warn that the delay could mimic the UK’s own GDPR rollout, where slow preparation led to a last-minute scramble.

What does the delay actually mean for founders?

When it is eventually actioned, many UK businesses will have to comply with the Act, especially if they operate in or sell to the EU market. Failure to comply could result in significant fines based on global annual turnover.

For most companies, the delay to the rules means slightly less regulatory pressure over the next 18 months, but no reduction in responsibility. Safety, transparency and robust data governance should remain priorities when deploying AI, especially in high-risk areas.

High-risk AI means those used in biometric identification, recruitment, exams, healthcare diagnostics, and law enforcement. These use cases will still need demonstrable safeguards.

Delaying the enforcement deadline doesn’t remove expectations around safe use; it simply changes when the penalties kick in.

This is especially true when it comes to pitching AI products to larger clients. Nikolas Kairinos adds that 78% of enterprise AI procurement already requires third-party certification, so AI founders who skip this work may lose contracts, insurance coverage, and investor confidence even before the law formally applies.

The shift to self-assessment also means legal exposure may increase during the gap years. If a company wrongly categorises or inadequately assesses its own system, it is fully accountable.

How should UK businesses react?

If it occurs, the delay should not be seen as a sign for UK companies to stall on setting up their own AI frameworks. As Kairinos notes, GDPR acts as a cautionary tale on what happens when firms wait until the last minute.

UK businesses that currently, or plan to, operate in the EU should certainly put basic governance in place now. That means keeping proper records of how their models work, carrying out risk assessments, and making sure there’s clear accountability for how AI systems are built and used.

Getting compliance sorted early on is also a competitive advantage. It makes it easier to win enterprise contracts and form partnerships even before 2027 rolls around, so it’s in businesses’ best interests to prioritise it.