This week at a glance
• The April 28 trilogue ended without a deal after a marathon negotiating session, derailing the expected political agreement
• Most provisions had converged. The breakdown came over Annex I: how to handle AI built into already-regulated products like medical devices and machinery
• Without an Omnibus deal, the AI Act’s August 2, 2026 high-risk deadline holds, including for HR and employment tools
Twelve hours of talks, no agreement
After roughly twelve hours at the table on April 28, the political trilogue on the AI Omnibus broke up without a result. The Cypriot presidency told Reuters negotiators had not been able to land an agreement.
That outcome is striking because the package was largely settled going in. The December 2, 2027 date for Annex III high-risk systems, the rules around general-purpose AI models, the prohibition on deepfake-style misuse, and a streamlined registration setup had all been agreed in principle. The entire deal hung on one unresolved question: whether AI integrated into products that already fall under sectoral safety law (medical devices, machinery, and similar) should be carved out of the AI Act’s direct scope altogether.
An IAPP analysis sketches four possible paths from here, ranging from a narrower deal at a May session, to a broader package once Ireland takes over the Council presidency on July 1, to a technical workaround, or no agreement at all. Another trilogue session is expected within roughly two weeks.
The Annex I problem, explained
The simplest way to frame the dispute: should a manufacturer building AI into a medical device or industrial machine deal with two regulatory layers (the AI Act plus its existing product safety regime) or just one (the existing product safety regime, with sectoral rules absorbing the AI-specific obligations)?
Industry has pushed for the second option, on the basis that overlapping conformity assessments add cost without adding much safety. Civil society and parts of Parliament have pushed for the first, arguing that AI raises distinct risks the sectoral frameworks weren’t designed to handle. With the rest of the file effectively closed, this is the issue blocking adoption.
Modulos AI walks through the technical detail and what each potential outcome would mean for businesses already mid-implementation.
What it means in practice: August 2 still applies
The most immediate consequence is for businesses using AI in their people operations. As DLA Piper notes, AI used in recruiting, performance management, task assignment, monitoring, and termination decisions sits squarely in the AI Act’s high-risk category.
If the Omnibus had passed, those obligations would have moved to December 2027. Without it, the August 2, 2026 date stands as originally drafted. Companies that paused implementation expecting the deferral now have a narrow window to be ready, unless a May session closes the gap.
Until a follow-up trilogue actually produces a deal, treating the original deadline as the live one is the safer assumption.
Worth watching
- The next trilogue session. Expected in roughly two weeks. The outcome on Annex I will define the trajectory of the file.
- The Council presidency handover on July 1. If the Cypriot presidency can’t close the deal in May, the dossier moves to Ireland, with the chance of a wider package and different negotiating dynamics.
- Your AI Act August timeline. Without an Omnibus deal in hand, the original obligations apply, including for high-risk HR and employment tools.