Seventy-two percent of enterprises now run AI agents in production. Sixty percent have no formal governance for them.
On May 7, EU lawmakers reached a provisional agreement to push that deadline back sixteen months, to December 2027. The agreement is not yet law. It has not been published in the Official Journal. Under existing statute, August 2 remains the legally binding date — and every compliance attorney advising U.S. and European enterprises is saying the same thing: treat it as live.
This is the exact scenario that creates governance failures. Not the deadline everyone sees coming. The deadline with a rumored reprieve, where half the organization relaxes and the other half keeps building, and the documented record shows that leadership knew and paused anyway.
High-risk AI under the Act covers employment systems, credit decisions, education tools, biometric applications, and critical infrastructure. More than half of organizations do not yet have a systematic register of what AI systems they are running in those categories. That is not a legal department problem. That is a CEO problem.
The sixteen-month delay, if it is formalized, gives organizations more time to get it right. It does not give them permission to start later. The organizations that will be ready in December 2027 are the ones building the inventory, the risk classifications, and the conformity assessments right now.
The question for today: does your leadership team know which of your AI systems qualify as high-risk under the EU AI Act, and do you have documentation to prove what you did about it?