radar
SIXTYNINE Digital Logo

WHATACTUALLYCHANGESON2AUGUST2026

The EU moved its biggest AI Act deadline 16 months, weeks before it hit. Most guides online are now wrong. Here’s what still starts on 2 August 2026 — and what it means if you run a chatbot or publish AI-generated content.

By Atahan | DirectorJuly 10, 2026

If you searched “AI Act deadline” this week, most of what you found is wrong. On 29 June 2026, the Council of the EU gave final approval to the Digital Omnibus on AI — a rewrite of the AI Act’s timeline, agreed just weeks before its biggest deadline was due to hit.

Two things are now true at the same time. The heaviest obligations moved 16 months into the future. And the rules most Dutch companies will actually touch — chatbot disclosure, labeling AI-generated content — still start on 2 August 2026, with real fines behind them.

Compliance vendors are selling panic. Most blogs are citing dead deadlines. Here’s the corrected picture.

Key Takeaways

  • High-risk AI obligations moved from 2 August 2026 to 2 December 2027 (Council of the EU, June 2026).
  • Article 50 transparency rules still apply from 2 August 2026: chatbot disclosure, deepfake labeling, marking synthetic content.
  • Violations can cost up to €15 million or 3% of worldwide turnover — for SMEs, the lower of the two.
  • Most companies are deployers, not providers. Your duties are lighter, but they’re not zero.
What did the Digital Omnibus actually change?

In 2026, the EU pushed back its own flagship AI deadlines. The European Parliament endorsed the Digital Omnibus on AI on 16 June 2026 by 423 votes to 57, with 174 abstentions (European Parliament, Legislative Train: Digital Omnibus on AI), and the Council adopted it on 29 June. As of 10 July 2026 it has not yet appeared in the Official Journal. It enters into force on the third day after it does — publication is expected before 2 August. Until then, the old dates are formally the ones on the books, which is exactly why so much published advice is now out of step.

Why the retreat? Harmonized technical standards weren’t ready. Companies were being asked to certify high-risk systems against benchmarks that didn’t exist yet. Brussels blinked — sensibly, for once.

One detail matters more than the headlines suggest. The Commission’s original November 2025 proposal tied the new deadlines to a condition: obligations would start once standards and support tools became available. The final text scrapped that. The new dates are fixed (Gibson Dunn, EU AI Act Omnibus Agreement, May 2026). You can plan against them.

Our observation: we reviewed the top-ranking Dutch and English “AI Act for SMEs” guides in the first week of July 2026. The majority still present 2 August 2026 as the high-risk compliance deadline. If your compliance advisor is quoting that date for high-risk duties, they’re working from an outdated version of the law.

Which deadlines moved — and which didn’t?

The Omnibus deferred the two big high-risk categories and one institutional deadline. In 2026, per the final adopted text, the timeline looks like this (Latham & Watkins, AI Act Update, May 2026):

ObligationOld dateNew date
High-risk AI systems, Annex III (hiring/HR, credit scoring, education, essential services)2 Aug 20262 Dec 2027
High-risk AI in regulated products, Annex I (machinery, medical devices, toys)2 Aug 20272 Aug 2028
National AI regulatory sandboxes operational2 Aug 20262 Aug 2027
Article 50 transparency obligations2 Aug 20262 Aug 2026 — unchanged
New prohibitions added by the Omnibus (AI “nudifiers”, CSAM generation)2 Dec 2026

What was already in force stays in force. The bans on unacceptable-risk AI and the AI literacy duty have applied since 2 February 2025. Obligations for general-purpose AI models have applied since 2 August 2025 (artificialintelligenceact.eu, Implementation Timeline).

So no — the AI Act wasn’t “delayed”. One layer of it was. The layer aimed at everyday business use of AI arrives on schedule, in under four weeks.

What still starts on 2 August 2026?

Article 50 — the transparency rules — applies from 2 August 2026, largely untouched by the Omnibus (Covington, EU AI Act Update, June 2026). It’s a short article with four duties. In plain terms:

  1. Chatbot disclosure. If people interact with an AI system, they must be told — unless it’s obvious. That customer-service bot on your webshop counts.
  2. Marking synthetic content. Providers of generative AI must mark audio, image, video, and text output as artificially generated, in machine-readable form.
  3. Emotion recognition and biometric categorization. If you deploy these, exposed persons must be informed.
  4. Deepfakes and AI-written news. Deployers must disclose AI-generated or manipulated content; AI-generated text published to inform the public must be labeled, unless a human takes editorial responsibility.

The Omnibus made exactly one concession here. Generative systems already on the market before 2 August 2026 get until 2 December 2026 to implement the machine-readable marking. Anything launched after 2 August must comply from day one.

Disclosure has to be clear and delivered at first interaction — not buried in your privacy policy. We covered when a chatbot is even worth deploying in our honest read on customer-service chatbots; as of August, “deploying one honestly” is no longer just good practice. It’s law.

Does this apply to a company like yours?

Probably yes — and less painfully than you fear. One in six Dutch companies (17%) used AI in 2025, double the share of two years earlier (CBS, December 2025). Among the companies that do use it, 35% apply it to marketing or sales — the single most common use. Marketing output is public output. Which is precisely why the transparency layer, not the high-risk layer, is the part of this law most Dutch companies meet first.

AI use by Dutch companies, 2025 — by company sizeHorizontal bar chart. Share of Dutch companies using AI in 2025: 2–10 employees 14%, 10–50 employees 27%, 50–250 employees 45%, 250+ employees 66%. National average across all companies with 2 or more employees: 17%. Source: CBS, December 2025.AI use by Dutch companies, 2025By number of employees · national average 17%2–10 employees14%10–50 employees27%50–250 employees45%250+ employees66%Source: CBS, December 2025
Adoption climbs steeply with headcount — but Article 50 does not.

The law splits duties between providers (who build or sell AI systems) and deployers (who use them). Most SMEs are deployers. That’s the lighter end: you don’t certify models, but you do owe disclosure when you put a chatbot in front of customers or publish AI-generated content as information.

The pattern is not only Dutch. Across the EU, enterprise AI use rose to roughly 20% in 2025 from 13.5% a year earlier (Eurostat), climbing from 17% of small firms to 55% of large ones. Adoption scales with headcount. Article 50 does not — a ten-person webshop running a support bot owes the same disclosure as a bank. If you are still working out where AI earns its keep at all, our notes on what data-driven actually means at ten people and on efficiency gains getting competed away are the more useful starting point.

Do you know, today, every place your company puts AI in front of a customer? That inventory is where compliance starts.

The fines are real — but scaled for SMEs

Breaching Article 50 can cost up to €15 million or 3% of total worldwide annual turnover, whichever is higher (Article 99, AI Act). Prohibited practices go up to €35 million or 7%. Supplying misleading information to authorities: up to €7.5 million or 1%.

There’s a deliberate SME carve-out. For small and medium-sized enterprises, including start-ups, each fine is capped at whichever of the two amounts is lower (Article 99(6)). For a €2 million-turnover webshop, 3% means €60,000 — not €15 million. Painful, not fatal.

The penalties framework has been live since 2 August 2025, and the Omnibus did not defer enforcement of the transparency rules. From 2 August 2026, national authorities can investigate and sanction Article 50 violations. Nothing in the final text softens that.

From our practice: in the automation projects we build, disclosure is the cheapest compliance item on the list — a sentence in the chat window, a label in the CMS, metadata in the generation pipeline. What actually costs money is retrofitting it after launch, because nobody wrote down where AI touches the customer. The inventory is the work. The disclosure is trivial.

Who enforces the AI Act in the Netherlands?

For the rules that start in August, your regulator is the Autoriteit Persoonsgegevens. The draft Dutch implementation act (Uitvoeringswet AI-verordening, consultation closed 1 June 2026) assigns the AP supervision of prohibited practices, most high-risk systems, and Article 50 transparency, with the RDI as central coordination point (Loyens & Loeff, April 2026). Financial firms answer to the AFM and DNB.

One honest caveat: the Dutch implementing act isn’t expected to reach the Tweede Kamer before late 2026 (CMS, AI Regulation Scanner: The Netherlands). So national enforcement plumbing will still be settling when the obligations kick in. The obligations apply regardless — EU regulations don’t wait for national legislation — but early enforcement will likely focus on clear, visible violations. An undisclosed customer-facing chatbot is about as visible as it gets.

Five things to do before 2 August

Skip the €20,000 compliance-panic package. For a typical deployer-side SME, this is a focused week of work, not a transformation program:

  1. Inventory your AI touchpoints. Every place AI interacts with customers or produces published content — the same mapping exercise we describe for AI in enterprise processes: chatbots, voice assistants, generated product texts, marketing visuals, AI-written blog posts.
  2. Label your chatbot. A clear “you’re chatting with an AI assistant” at first interaction. Not in the privacy policy — in the conversation.
  3. Set a content-labeling rule. Decide how you mark AI-generated images, video, and informational text. If a human editor takes responsibility for a text, say so; that’s an explicit carve-out.
  4. Ask your vendors one question. For each generative tool you use: “How do you implement Article 50 machine-readable marking, and by when?” Providers with no answer before 2 December 2026 are a risk you’re absorbing.
  5. Cover the literacy duty you already have. Since February 2025, staff working with AI must have adequate AI literacy. A half-day internal session, documented, covers most SME situations.

If you’re earlier in the journey — deciding what to automate at all before worrying about labels — start with our practical guide to AI automation for Dutch companies.

Frequently asked questions

Is the EU AI Act postponed?

Partly. In June 2026, the Digital Omnibus moved high-risk obligations (Annex III) from 2 August 2026 to 2 December 2027, and Annex I product rules to August 2028. Transparency obligations under Article 50 were not postponed: they apply from 2 August 2026 (Council of the EU, June 2026).

Does my customer-service chatbot fall under the AI Act?

Yes. From 2 August 2026, Article 50 requires that people are informed when they interact with an AI system, unless it’s obvious. The disclosure must be clear and appear at first interaction. Fines for violations reach €15 million or 3% of turnover — for SMEs, the lower of the two.

Do I have to label AI-generated content?

Two layers. Providers of generative AI must mark outputs in machine-readable form — with a grace period to 2 December 2026 for systems already on the market. As a deployer, you must disclose deepfakes and label AI-generated text published to inform the public, unless a human takes editorial responsibility.

Who checks compliance in the Netherlands?

Under the draft Dutch implementation act (April 2026), the Autoriteit Persoonsgegevens supervises transparency rules and most high-risk systems, with the RDI coordinating. The Dutch act reaches parliament in late 2026, but the EU obligations apply from 2 August 2026 either way.

My AI project is “high-risk”. What’s my real deadline now?

2 December 2027 for stand-alone Annex III systems — a fixed date, not conditional on standards being ready. Use the extra 16 months to build classification, documentation, and human oversight in from the start rather than retrofitting them.

Sources
Where this leaves you

The Omnibus is neither a rescue nor a betrayal. It’s the EU admitting its standards machine ran slower than its legislation — and buying time where certification was impossible, while holding the line where compliance is easy.

That line lands on 2 August 2026 — the AI Act date that didn’t move. If AI talks to your customers or writes what they read, you owe them a label. The work is an inventory and a few sentences of disclosure. The risk of skipping it is a fine designed to hurt, scaled to your size.

Don’t buy panic. Don’t buy the “it’s all postponed” story either. Both are wrong, and both are being sold hard right now.

Building automation with compliance questions attached? That’s the work we do — talk to us, or start with how we think about AI that actually returns value.

FREQUENTLY ASKED QUESTIONS

Is the EU AI Act postponed?

Partly. In June 2026 the Digital Omnibus moved high-risk obligations (Annex III) from 2 August 2026 to 2 December 2027, and Annex I product rules to 2 August 2028. Transparency obligations under Article 50 were not postponed: they apply from 2 August 2026.

Does my customer-service chatbot fall under the AI Act?

Yes. From 2 August 2026, Article 50 requires that people are informed when they interact with an AI system, unless it is obvious. The disclosure must be clear and appear at first interaction. Fines reach €15 million or 3% of worldwide turnover — for SMEs, the lower of the two.

Do I have to label AI-generated content?

Two layers. Providers of generative AI must mark outputs in machine-readable form, with a grace period to 2 December 2026 for systems already on the market. As a deployer you must disclose deepfakes and label AI-generated text published to inform the public, unless a human takes editorial responsibility.

Who checks AI Act compliance in the Netherlands?

Under the draft Dutch implementation act (April 2026), the Autoriteit Persoonsgegevens supervises transparency rules and most high-risk systems, with the RDI coordinating. The Dutch act is not expected to reach parliament before late 2026, but the EU obligations apply from 2 August 2026 either way.

My AI project is high-risk. What is my real deadline now?

2 December 2027 for stand-alone Annex III systems — a fixed date, not conditional on standards being ready. Use the extra 16 months to build classification, documentation and human oversight in from the start rather than retrofitting them later.

RELATED ARTICLES

READY TO UNLOCK NEW OPPORTUNITIES FOR YOUR BUSINESS?

Just tell us if you are interested in our solutions. We are more than happy to prepare a personalized demo for you!