The EU AI Act’s 2027 Extension Doesn’t Cover What You Think It Covers

There is a compliance deadline that a significant number of European AV/IT managers have been watching, preparing for, and in some cases restructuring procurement processes around. On 7 May 2026, that deadline moved significantly, and in two different directions depending on which part of the regulation you are tracking.

The provisional agreement between the European Parliament and the Council of the EU, part of the broader “Digital Omnibus on AI” package, extends the compliance deadline for standalone high-risk AI systems from August 2026 to 2 December 2027. That is a 16-month extension, and it directly affects AV/IT deployers running systems classified as high-risk under Annex III of the EU AI Act — including certain occupancy analytics platforms, biometric access control systems, and AI-enabled camera tracking tools used in workplace environments.

The watermarking and transparency obligation for AI-generated content, however, moved in the opposite direction. That deadline tightened: providers of generative AI models released before August 2026 now have until 2 December 2026 to apply watermarking or equivalent transparency solutions. The Commission had originally proposed a six-month grace period; co-legislators cut it to three. If you are running AI-generated content across digital signage or corporate broadcast channels, that is not a delay — it is a compression.

This piece updates the record on both fronts and translates the revised timetable into what it actually means for your next deployment decision.

The August 2026 deadline for high-risk AI system compliance was set when the AI Act was adopted in 2024. It applied to AI systems listed under Annex III — a legally binding catalogue that includes biometric identification and categorisation systems, AI used to monitor and evaluate worker performance and behaviour, and AI systems used in critical infrastructure management. For AV/IT, the practical scope of that list is wider than most integrators initially assumed.

AI-based identification systems used for facility access control or attendance monitoring are classified as high-risk. AI systems that monitor and evaluate the performance and behaviour of persons in work-related relationships are high-risk. Emotion recognition in workplaces is outright prohibited under Article 5 — that ban has been in force since February 2025, and the Omnibus agreement did not touch it.

What the 7 May agreement changes is the timeline for everything else in Annex III. According to the Council’s official press release, standalone high-risk systems now have until 2 December 2027 to comply. High-risk AI embedded in regulated products — those covered by existing product safety legislation such as the Machinery Regulation — have until 2 August 2028. The agreement is provisional and requires formal adoption, but given the political alignment on both sides, the revised dates are the working planning assumption.

What this does not change: the compliance obligations themselves. Risk management systems, technical documentation, human oversight requirements, log retention for at least six months, and deployer responsibilities all remain in place. The Omnibus moved the deadline; it did not reduce the workload.

Here is the practical problem that the deadline extension does not fix: most AV/IT managers still do not know which of their systems are legally classified as high-risk. The classification turns on how the system is actually used, not on the product category it belongs to.

Consider AI camera tracking. If a camera system uses AI to auto-frame speakers in a meeting room and does nothing else with that data, it almost certainly sits outside Annex III. If the same system’s analytics feed is used to generate attendance or engagement reports that inform decisions about individual employees — who attended, how long, whether they were active — it moves into the territory of systems that monitor and evaluate worker behaviour. That is Annex III Category 4. The primary function of the device, being AV, does not change that.

Occupancy analytics follows the same logic. Aggregate space planning data sits outside Annex III. Systems that track individual presence, generate identifiable records, or connect to HR workflows tip into a different risk category. Your contract, your data flows, and your client’s intended use of the output all determine which side of that line you are on.

The AVIXA Xchange post “AV/IT Is Officially Inside the EU AI Act Compliance Window” made the point clearly: the AV/IT sector is inside the compliance window whether or not individual practitioners have recognised it. The deadline extension buys time. It does not change the underlying legal exposure, and it does not shift the classification question from “something to address at some point” to “something to ignore.” For a full account of how the Act’s prohibitions and transparency duties apply to meeting-room AV specifically — including which features must come out and which require disclosure — see the companion piece to this article, The Boardroom Microphone Is Now a Legal Liability in Europe.

Sixteen months is a meaningful runway if you use it properly. The compliance obligations under Annex III require risk management documentation, data governance records, technical documentation of the AI system before deployment, conformity assessment — which for most Annex III systems is a self-assessment rather than a third-party audit — and registration in the EU AI database. None of that is trivial, but none of it is impossible for an organisation that starts structured preparation now.

For integrators, the extension has a specific practical value: it gives you time to ask your vendors the right questions before the contract is signed. Does this product have technical documentation that meets the AI Act’s requirements? Has the manufacturer completed a conformity assessment? Is it registered in the EU AI database? For products placed on the market before the new deadline, the obligations fall primarily on the provider — the manufacturer or developer who brought the system to market. But Article 26 deployer obligations land with your client, and you are the person who specified and installed the system.

As Hogan Lovells notes in its analysis of the agreement, AI systems placed on the EU market before the new December 2027 date will not be subject to Annex III requirements unless they undergo a substantial modification after that date. That is directly relevant to retrofit projects and system upgrades. Adding AI-enabled analytics to an existing camera infrastructure is precisely the kind of modification that could trigger the full compliance regime. Get that scoped correctly before the upgrade contract is signed, not after.

While the high-risk extension dominates the coverage, the tighter watermarking deadline is the more immediate operational issue for a subset of the AV/IT sector.

Under the AI Act’s transparency requirements, providers of generative AI systems must ensure their AI-generated content — synthetic video, synthetic audio, manipulated images — is labelled as such. The Omnibus agreement sets this deadline at 2 December 2026 for providers whose generative AI models were released before August 2026. As Pinsent Masons reports, co-legislators cut the Commission’s proposed six-month grace period to three months, effectively moving the deadline forward relative to what the industry had been expecting.

For AV/IT, the practical question is where AI-generated content is now flowing through your installed systems. Corporate broadcast workflows increasingly use generative AI for background replacement, synthetic narration, and image synthesis. Digital signage networks running AI-generated creative content are in scope. Any system delivering AI-synthesised audio-visual output into a European public or commercial environment needs a clear path to labelling compliance by December 2026.

This is not a back-burner item. The infrastructure to apply watermarking or equivalent transparency signals — whether at the platform level or in the output pipeline — takes time to build and test. The generative AI provider carries the primary obligation, but if you integrated the system, you are the person your client calls when the compliance question arrives. That conversation is better had now than in November.

Stop treating the EU AI Act as a legal department problem. It is a specifying problem.

The deadline moved by 16 months. The compliance work did not disappear. Every AI-enabled camera system, every occupancy analytics platform, and every generative content pipeline you specify, install, or recommend in a European workplace now carries a legal classification that your client will eventually need to account for. Your job is to know that classification before the contract is signed — not after the enforcement deadline lands.

Use the extension as design time, not deferral. Map your product portfolio against Annex III. Ask vendors for their technical documentation and conformity assessment status. Scope AI system upgrades and retrofits carefully, because substantial modifications after December 2027 trigger the full compliance regime. And if your clients are running generative AI content at scale, do not wait for December 2026 to discover that the watermarking infrastructure does not exist.

The AV/IT sector arrived inside the EU AI Act compliance window whether or not it intended to. The extension gives you time to arrive prepared.