Europe didn't repeal its AI law. It moved the date that mattered — and quietly redrew who it covers.

The reported version of this month's news is that Europe blinked. After years of telling the world it would be the first place to put binding rules on artificial intelligence, the story goes, Brussels caught a case of competitiveness nerves and started watering the rules down. That is the headline, and it is not wrong so much as it is imprecise. The European Parliament did not repeal the AI Act on 16 June. It voted to adopt a package called the Digital Omnibus, which leaves the Act standing and changes two things underneath it: when the most important obligations bite, and — more quietly — which systems are caught by them in the first place. The first change is the one everyone is reporting. The second is the one that will still matter in 2030.

It helps to be precise about what was already true, because the summaries blur it. The AI Act has been in force since August 2024. Its bans on the most unacceptable uses, and its AI-literacy duties, applied from February 2025. Its rules for general-purpose models applied from August 2025. None of that is undone here. What the Omnibus reaches is the next tier — the “high-risk” category, the heart of the Act — whose obligations were scheduled to land on 2 August 2026. That date was the load-bearing one, the deadline compliance teams across Europe and well beyond it had been building toward. It is the date that just moved.

What the text actually does to the calendar

Read the operative dates rather than the press release and the structure becomes clear. Obligations for stand-alone high-risk systems — the Annex III list, which covers AI used in biometrics, critical infrastructure, education, employment, migration and border control — move from August 2026 to 2 December 2027. That is a delay of sixteen months for exactly the applications where the stakes for an individual are highest: whether you are hired, admitted, surveilled, or allowed across a border. High-risk systems embedded in already-regulated products — the Annex I world of medical devices, lifts, toys — get longer still, with compliance stretched to 2 August 2028.

Then there is the quietest clause of all, the one that rewards reading to the end. The transparency duty to watermark AI-generated audio, images, video and text — the provision meant to let people know when they are looking at synthetic content — is delayed to 2 December 2026 for any system already placed on the market before August 2026. Think about who that exempts. The general-purpose models that already saturate the market, the ones whose output you are most likely to encounter, are precisely the systems deployed before the cut-off. The grandfather clause hands the longest runway to the incumbents with the largest footprint. In regulation, the exception is usually where the lobbying went, and this exception is doing a great deal of work.

A delay is temporary. A reclassification is permanent. The dates are the headline; the scope is the law.

The edit that outlasts the delay

If the dates were the whole story, this would be a postponement, and postponements get reversed. They are politically cheap to grant and politically cheap to claw back when the mood shifts. But buried in the same package is a change to Article 6(1), the provision that decides what counts as high-risk in the first place — and that is a different kind of edit. The Omnibus narrows the classification so that an AI system performing a function that merely “assists users or optimises performance,” without itself creating a risk to health or safety, falls outside automatic high-risk status. Systems claiming the related exemption have to register, so there is a paper trail. But the principle has shifted from “if you are used in this domain, you are presumed high-risk” toward “if you can characterise yourself as merely assistive, you may not be.”

This matters more than any deadline, for a simple reason a lawyer learns early: a delay changes when an obligation applies, but scope changes whether it ever applies at all. The whole architecture of the Act runs through that classification gate. Get re-sorted from “high-risk” to “not,” and the conformity assessments, the documentation, the human-oversight requirements, the logging — the entire compliance apparatus — simply never attaches. A sixteen-month delay is a runway. A redrawn definition is a different runway map. One is temporary by nature; the other is the kind of change that, once made, is rarely unmade, because the firms that benefit will defend it and the harm it permits is diffuse and hard to photograph.

The sweetener you are meant to read first

A package like this is sold on its most defensible clause, and the Omnibus has one ready. It adds a new prohibition on AI used to generate child sexual abuse material and non-consensual intimate imagery, effective 2 December 2026. That is a real, binding, enforceable ban, and it is the line the institutions will lead with: see, we are protecting citizens. It belongs in the law. But notice the rhetorical function it performs. It lets a package whose net effect is to defer the high-risk regime by sixteen months and narrow its scope be presented as a strengthening of protections. Both clauses are in the same document. A reader who stops at the press release will absorb the ban and miss the deferral. The discipline is to read both.

There is a second provision worth flagging, because it cuts the other way from “the rules got softer.” Civil-society groups have raised an alarm about language expanding the permitted use of sensitive personal data for the purpose of detecting bias in AI systems. That is the kind of clause that sounds protective — you process more sensitive data so you can check the model is not discriminating — and carries a rights cost that runs in the opposite direction, because the safeguard itself requires hoovering up the most protected category of data. “Simplification” is rarely neutral. It moves obligations around, and the question is always who ends up holding fewer of them and who ends up exposed to more.

Who pushed, and who is worried

You can read the politics of a regulation by who lobbied for it and who is alarmed by the result, and here the two camps are unusually legible. On one side, a roster of European industrial champions — ASML, Airbus, Ericsson, Nokia, SAP, Siemens, and the AI firm Mistral among them — warned publicly that Europe risked regulating itself out of the global AI race. The Commission, which published the Omnibus in November 2025 under the banner of “simplification” and cutting compliance costs, was responsive to exactly that argument. The competitiveness frame, the one that has dominated Brussels since the Draghi report on European productivity, won this round over the fundamental-rights frame that wrote the original Act.

On the other side, more than forty civil-society organisations cautioned that routing AI governance through sectoral legislation and exemptions risks being “deregulatory rather than simplifying.” Bram Vranken of the Corporate Europe Observatory put it more bluntly, warning that “the Commission’s misguided obsession with competitiveness and deregulation is putting fundamental rights on the line in favour of Big Tech’s corporate interests.” You do not have to adopt either side’s framing to take the useful point: when industry asks for a delay and gets a delay plus a narrowed definition, the delay was never the only thing being negotiated.

In force, enforced, or merely scheduled

One distinction matters before anyone treats this as settled law: the Parliament’s vote is not the end of the process. The Omnibus is a provisional agreement that still needs formal Council approval, and it takes legal effect only three days after it is published in the Official Journal. Until that publication, it is a proposal with momentum, not a binding text — and proposals with momentum have stalled in Brussels before. Anyone redrawing a compliance plan around December 2027 should build it on the published instrument, not on this week’s headline. The reported version and the binding version are, as ever, two different documents, and only one of them holds up in court.

Assume it is finalised, as it most likely will be before the original August deadline can lapse. The second-order effect is the one that reaches past Europe. For years the Brussels Effect ran one way: a rule written here became the global default, because no company builds a separate product for a single market, so the strictest applicable standard quietly governs everyone. This is the first time in the AI era that the mechanism has been thrown into reverse. A deadline relaxed in Brussels does not just give European firms sixteen more months; it resets the de facto global compliance clock for every company that had been building to August 2026, from San Francisco to Lagos. The Brussels Effect was always indifferent to direction. It exports a tightening and a loosening with equal efficiency. This month, for the first time, it is exporting the loosening — and the rest of the world will inherit the laxer default whether or not anyone outside Strasbourg voted for it.