EU AI Act Annex III: three months from 2 August, with Brussels' Digital Omnibus in mid-air

2 August 2026 should be the third real step of Regulation (EU) 2024/1689 — the AI Act. General application of Chapter III, section 2: obligations for Annex III high-risk systems, conformity assessment, CE marking, registration in the EU database, FRIA, post-market monitoring, full sanctions regime. Twenty-four months from entry into force on 1 August 2024.

Three months out, the calendar is subject to the Digital Omnibus on AI from the Commission — a simplification package published on 19 November 2025 that proposes, among other things, moving the deadline to 2 December 2027 for stand-alone Annex III systems and to 2 August 2028 for systems integrated into Annex I products. On 28 April 2026 the second trilogue closes without agreement after twelve hours. A third trilogue is scheduled for mid-May. Meanwhile, the law in force still says 2 August 2026.

Previous calendar covered in IRONHACKERS:

December 2023 — political agreement from the Three Days in Brussels trilogue.
August 2024 — entry into force of the Regulation and full calendar.
February 2025 — Art. 5 in application: eight prohibited practices.
August 2025 — GPAI Chapter V in application: documentation, training data summary, Code of Practice.

This post is the next instalment in the arc. Real product affected, no OJ paraphrase. For a CISO / DPO / responsible AI lead with Annex III systems in the inventory, what is on the table and what to do in the worst case “the Omnibus doesn’t arrive on time”.

Reading: consolidated text of the Regulation on EUR-Lex, the Digital Omnibus proposal of November 2025, revised Council mandate of 17 April 2026, EP Think Tank briefings and technical-legal reporting. For binding decisions, read the Regulation text and the negotiation mandate of the relevant institution.

The date and why it matters

Art. 113 of the Regulation sets 2 August 2026 as the default date: the full text applies save for the exceptions in points (a), (b) and (c). (a) covers Art. 5 prohibitions from February 2025. (b) covers GPAI from August 2025. (c) defers Annex I (regulated products) to August 2027. Everything else, including Annex III systems from the whole block of Chapter III, section 2, enters on 2 August 2026:

Obligation	Art.	Applicable to
Risk management system	Art. 9	Provider
Data quality	Art. 10	Provider
Technical documentation	Art. 11	Provider
Log retention	Art. 12	Provider
Transparency to deployer	Art. 13	Provider
Human oversight	Art. 14	Provider (design) + Deployer (operation)
Accuracy, robustness and cybersecurity	Art. 15	Provider
Quality management system	Art. 17	Provider
Conformity assessment	Art. 43	Provider
EU declaration of conformity	Art. 47	Provider
CE marking	Art. 48	Provider
Registration in EU database	Art. 49	Provider
Post-market monitoring	Art. 72	Provider
Serious incident reporting	Art. 73	Provider
FRIA (some deployers)	Art. 27	Deployer (public sector + credit + insurance)

The sanctions regime of Art. 99 completes the picture the same day: up to €15 million or 3 % of worldwide annual turnover for high-risk non-compliance; up to €7.5 million or 1 % for incorrect information to authorities. Lower regime than Art. 5 (€35M / 7 %) but still well above the GDPR baseline for equivalent obligations. For SMEs and startups, the lower of the two amounts (Art. 99.6).

Annex III, eight categories

Art. 6.2 defines as high-risk any AI system listed in Annex III. The list (with sub-categories added by the Commission via delegated acts):

1. Biometrics

1.a Remote biometric identification. Exception: biometric verification confirming the claimed identity of a specific person.
1.b Biometric categorisation by sensitive attributes not falling under the Art. 5.1.g prohibition.
1.c Emotion recognition outside workplaces and educational institutions (which fall under the Art. 5.1.f prohibition).

2. Critical infrastructure

Safety components for management and operation of critical digital infrastructure, road traffic, and supply of water, gas, heating or electricity.

3. Education and vocational training

3.a Access and admission.
3.b Assessment of learning outcomes leading to orientation of the process.
3.c Assessment of the appropriate level of education the person accesses.
3.d Detection of prohibited behaviour during exams.

4. Employment and worker management

4.a Recruitment — targeted job advert publication, CV screening, candidate evaluation.
4.b Decisions affecting the employment relationship, promotion, termination, task assignment, performance and behaviour monitoring.

5. Access to essential services

5.a Essential public assistance, including healthcare.
5.b Creditworthiness assessment and credit scoring (exception: financial fraud detection).
5.c Risk assessment and pricing in life and health insurance.
5.d Emergency call triage and dispatch.

6. Law enforcement

6.a Victimisation risk assessment.
6.b Polygraphs and similar tools.
6.c Evidence reliability assessment during investigation or pre-trial.
6.d Recidivism risk.
6.e Profiling of persons during criminal investigation.

7. Migration, asylum and border control

7.a Polygraphs and similar tools.
7.b Risk assessment (security, irregular migration, health).
7.c Assistance in the examination of asylum, visa, residence applications.
7.d Detection, recognition, identification of persons (exception: travel document verification).

8. Administration of justice and democratic processes

8.a Assistance to judicial authority in researching and interpreting facts and applying the law.
8.b Systems intending to influence the outcome of elections or referenda or voter behaviour (exception: administrative or logistical tools without impact on the vote).

Operational step: for each system in the inventory, first confirm whether it falls in a sub-category. If it does, second, check the Art. 6.3 exception — a provider can document that the system, despite being listed, does not materially affect the outcome of decision-making. The exception is narrow (four cases, all relating to bounded procedural tasks), but it exists and must be documented with reasoning.

What the provider must have ready

Assuming a system falls under Annex III and the 6.3 exception does not apply, the provider’s package by 2 August 2026 is:

Technical documentation — Annex IV

Document of up to nine sections (Annex IV of the Regulation) that the provider maintains and delivers on request to market surveillance authorities:

General system description — purpose, version, intended use, foreseeable misuse, hardware and software, deployment model, CE marking forms.
Detailed description of the elements and development process — methods, dates, pre-trained AI models used, validation, test.
Description of capabilities and performance limitations, including persons or groups the system is designed to operate on and, where relevant, limitations by geographic context.
Description of the risk management system (Art. 9).
Description of planned or executed significant changes during the lifecycle.
List of harmonised standards applied or, where not applied, description of the technical solutions adopted to meet the Regulation.
Copy of the EU declaration of conformity (Art. 47).
Description of the post-market monitoring system (Art. 72), including the plan.
List of supplementary documentation (validation reports, data sheets, etc.).

It is the bulkiest compliance document. The industrial practice emerging in Q1 2026 (thanks to AESIA guidelines and templates being published by CEN-CENELEC and legal firms): technical file of 100–300 pages per system, kept in a versioned CMS. The provider planning to keep it in a Notion without traceability is going to have an awkward conversation.

Quality management system — Art. 17

Structurally analogous to ISO 9001 + ISO/IEC 42001 (the AI management systems-specific standard, published in December 2023). Covers the system lifecycle, not just development. The Art. 17 points:

Strategy for Regulation compliance, including the conformity assessment chosen.
Techniques, procedures and systematic actions for design, quality control, verification, validation and testing of the system.
Procedures to examine, test, validate and document before and after development.
Systems and procedures for data management.
Risk management system (cross-referenced to Art. 9).
Reporting of serious events.
Communication management with national authorities and notified bodies.
Systems and procedures for archiving all documentation.
Resource management, including supply-related security measures.
Accountability framework defining management responsibilities.

Firms already running mature ISO 9001 or ISO 27001 can extend the existing QMS. Those that can’t have to build one from scratch, and building a QMS from scratch in three months is not realistic. This is one of the actual political reasons behind the Omnibus.

Conformity assessment — Art. 43

The regime depends on the type of Annex III system:

Remote biometric identification (Annex III point 1): conformity assessment with notified body intervention (Annex VII of the Regulation).
Rest of Annex III: conformity assessment based on internal control (Annex VI of the Regulation). The provider audits its own QMS and technical file and issues the EU declaration of conformity.

The biometric exception matters: notified bodies operationally designated for AI Act as of 1 May 2026 are very few — the national designation process is still open in most Member States. For a provider of remote biometric identification needing third-party conformity assessment, finding a notified body with actual availability before August is an exercise. For public deployers depending on those systems (transport, border control), the compliance chain remains broken.

For the rest of Annex III systems (most of the market in employment, education, credit, insurance, public scoring), internal control lowers the procedural bar, not the substantive one. The provider signs the EU declaration of conformity under its responsibility. If the system does not meet Arts. 9–15, liability is direct.

CE marking and registration

CE marking (Art. 48). Physical when the system is a physical product or component of one; digital in the software interface when standalone. The EU declaration of conformity (Art. 47) references the marking.
Registration in the EU high-risk systems database (Art. 49 and Annex VIII). Before placement on market. Public registration information: provider, system, description, instructions for use, declaration of conformity, market surveillance data. There is a subset of confidential information accessible only to authorities.

The database is managed by the Commission. By May 2026 it is operational in preliminary version; the definitive version with all bulk submission flows is not yet open to the public. This is another point the Omnibus addresses — the November proposal adds flexibility on what information is published.

What the deployer must have ready

The deployer, the entity using the system rather than developing it, has its own Art. 26 package:

Use in accordance with provider instructions. Document the organisation’s specific intended use.
Effective human oversight, with personnel of adequate competence, training and authority to revert or halt the system.
Input data management appropriate to the deployer’s context.
Operational monitoring of the system and suspension on detection of anomalous functioning.
Retention of automatic logs generated by the system for at least six months (Art. 26.6).
Notification to the provider and market surveillance authority of any serious incident.
Information to the worker affected by an Annex III system in their work environment before deployment (Art. 26.7).
Cooperation with authorities.

And, for specific deployers of Annex III, the FRIA — Fundamental Rights Impact Assessment (Art. 27). Applies to:

Any public body or private entity providing public services.
Any deployer of Annex III systems, points 5.b (credit scoring) and 5.c (insurance risk).

Mandatory FRIA content:

Description of the process in which the system will be used.
Period and frequency of use.
Categories of affected persons and groups.
Specific risks to fundamental rights, based on the intended use communicated by the provider.
Implemented human oversight measures.
Measures to take in case of risk materialisation, including internal complaint and redress procedures.

The FRIA must be completed before first use of the system. The market surveillance authority can request its delivery. The format will likely be harmonised templating from the AI Office; as of end of April 2026 still pending.

The Digital Omnibus on AI — what it proposes and where it stands

This is the piece changing the entire operational conversation in Q2 2026.

On 19 November 2025 the Commission publishes the Digital Omnibus on AI — proposal COM(2025)/X. It is not a package touching only the AI Act; the parallel omnibus also amends GDPR, ePrivacy, NIS2 and Data Act. The AI portion proposes, in essence:

Date changes (article 113 modified)

Stand-alone Annex III: application 2 December 2027 (instead of 2 August 2026).
Annex I (regulated products with integrated AI): application 2 August 2028 (instead of 2 August 2027).
National regulatory sandboxes (Art. 57): operational deadline pushed from 2 August 2026 to 2 August 2027, with an additional EU sandbox operated by the AI Office.
Transparency and generative watermarking (Art. 50): postponed by the Commission to 2 February 2027; the Parliament defends 2 November 2026; the Council settles on 2 December 2026 (intermediate compromise).

Substantive changes in Annex III systems

Greater flexibility in the EU database registration — which subset is published and under what conditions.
Special category data processing (Art. 9 GDPR) extended for training and bias detection in systems not classified as high-risk. EDPB and EDPS publish a joint opinion in March 2026 warning of the impact on purpose limitation.
Adjustments to the Annex III classification — the Commission introduces via delegated act the possibility of excluding intended use cases processing only strictly procedural tasks without material influence on the decision.

Procedural changes

Removal of the EU database registration obligation for Annex III systems where the Art. 6.3 exception applies (change from the original Regulation).
Intermediate position on AI literacy obligations (Art. 4) — the Parliament defends keeping them; Council and Commission open the door to flexibilisation.

New prohibition — nudification apps

The Omnibus adds a new prohibited practice to Art. 5: systems whose principal purpose is generating non-consensual intimate images (deepfake nudifiers). The prohibition is not retroactive — current products have until 2 December 2026 to withdraw from the EU market.

Critical stance from civil society

More than 40 organisations sign in mid-April 2026 an open letter to the European institutions arguing the Omnibus weakens protections of the original Regulation. Main objections:

The delay operates as de facto deregulation for systems deployed in the interim period without binding obligations.
Modifications to sensitive data processing for bias detection break GDPR purpose limitation.
Removing registration and FRIA obligations in Art. 6.3 cases reduces transparency.

Access Now, EDRi, Article 19, Center for Democracy and Technology are signatories. The letter asks the Parliament to keep some binding obligations during the interim period. Whether this lands in the final text depends on the trilogue balance.

The Q2 2026 trilogue timeline

To understand why the operational calendar is still the original as of 30 April:

Date	Milestone
19 Nov 2025	Commission publishes the Digital Omnibus on AI — proposal
13 Mar 2026	Council adopts partial mandate for negotiation (Danish presidency)
18 Mar 2026	IMCO and LIBE adopt joint report: 101 votes in favour, 9 against, 8 abstentions
26 Mar 2026	First political trilogue — the three institutions present priorities
17 Apr 2026	Council issues revised mandate (doc 8260/26) after technical meetings with EP
28 Apr 2026	Second political trilogue — closes without agreement after 12 hours
13 May 2026	Third trilogue scheduled
Not yet set	Formal adoption in EP plenary + Council, OJEU publication, entry into force

What blocks the 28 April negotiation is not the Annex III date: there is tripartite convergence around 2 December 2027. What blocks it is the conformity assessment architecture for Annex I, that is, how AI obligations articulate with existing sectoral legislation (Machinery Regulation, MDR, IVDR, motor vehicles). The Parliament, via McNamara, warns that routing AI compliance via sectoral legislation could be “deregulatory rather than simplifying”. Council and Commission defend broad carve-outs.

The mid-May third trilogue is the last realistic window to land in time. If not adopted before 2 August 2026, the original text applies. If adopted just after, there remains uncertainty for systems placed between 2 August and the publication date of the modified Omnibus.

Real product affected — three scenarios

Scenario 1 — Credit scoring provider (Annex III point 5.b)

A Spanish fintech operating credit decisioning for EU financial entities.

2 Aug 2026 without Omnibus: full technical file, QMS compliant with Art. 17, conformity assessment by internal control, EU declaration of conformity, CE marking, registration in the EU database. Each banking client (deployer) must also complete a FRIA before first use. Typical use case: five banking clients, five distinct FRIA with similar results but separate documentation.
2 Dec 2027 with Omnibus: sixteen extra months to have the technical file and QMS externally audited, align with ISO/IEC 42001, and publish public model cards. Enough time for CEN-CENELEC to publish the harmonised standards of Art. 9 and Art. 10 (in draft by April 2026, expected publication Q3-Q4 2026).
Operational plan as of 30 April: execute as if 2 August. If the Omnibus passes, the competitive advantage is being ready before the competition. If not, having not started late.

Scenario 2 — Public deployer of a recruitment system (Annex III point 4.a)

A regional administration using AI to filter candidates in public competitive exams.

Provider in the US: the EU client depends on provider compliance. If the provider does not prepare, the deployer cannot legally operate from 2 August without taking on personal risk — a system without CE marking in the EU market is non-compliant by default.
FRIA: applies because of the public-entity status (Art. 27). Separate document for each call. AI Office standardised template not yet published — the deployer works with DG CONNECT drafts and AESIA guidelines.
Operational plan: contact with provider to confirm CE marking timeline, plan B of human selection if the provider does not deliver.

Scenario 3 — Provider of remote biometric identification (Annex III point 1.a)

A Spanish company selling face recognition to public transport operators.

Conformity assessment with notified body: mandatory (Art. 43, Annex VII). List of notified bodies designated for AI Act published by the Commission via NANDO database. As of 1 May 2026, AI Act-specific designations remain open in most Member States — the practical situation is that many Annex III point 1.a systems are procedurally blocked.
Operational plan: if the assigned notified body cannot deliver before 2 August, the system cannot be placed on the market on that date. Companies in this pillar are the ones extracting the most operational benefit from the Omnibus.

Operational triage as of 30 April 2026

No alarmism. Operational work for a CISO / DPO / responsible AI lead until 1 August:

Complete AI inventory. If the answer to “what AI systems do we have” has not finished mapping since February 2025 (Art. 5), work is behind. Before 1 June, inventory closed.
Re-classification against Annex III. For each system, check against the eight categories and sub-categories. Document the decision and basis.
Art. 6.3 exception documented where applicable. There are four alternative grounds (one suffices), but there is an override: any system that performs profiling of natural persons is high-risk by default, with no possible exception. Providers applying the exception must defend it under inspection.
Role check — provider / deployer / importer / distributor. For substantive fine-tunes on GPAI, check whether the operation triggers a role change (Art. 25).
Gap against Annex IV. For each system classified as high-risk, gap analysis of the technical file vs what already exists. Prioritise Arts. 9 (risk management), 10 (data), 14 (human oversight), 15 (accuracy, robustness and cybersecurity) — the four with the widest gap between current industrial practice and regulatory requirement.
QMS — gap analysis vs ISO/IEC 42001. For organisations with mature ISO 9001 / 27001, map existing controls and extend. For those without, decision: certify ISO/IEC 42001 (realistic timeline 6–12 months) or build AI Act-specific QMS without external certification.
For Annex III point 1.a: contact with notified body from now. Ecosystem capacity is constrained.
FRIA where applicable — public sector and 5.b/5.c deployers. Template in draft.
Dual plan — prepare as if the Omnibus does not arrive (deadline 2 August 2026); execute at a sustainable pace assuming it does (deadline 2 December 2027). Dual plans are what the Big Four legal firms and the major AI compliance consultancies publishing playbooks in Q2 2026 are doing.

Coordination with the rest of the compliance stack

The AI Act does not live alone. Coordination on 2 August 2026 with existing rules:

GDPR (2016/679): any Annex III system processing personal data also has GDPR obligations. Art. 27 FRIA and Art. 35 GDPR DPIA have significant conceptual overlap; data controllers are consolidating templates covering both — what the EDPB coordinated in March 2026 is state of the art.
NIS2 (Directive 2022/2555): Art. 15 AI Act cybersecurity coordinates with NIS2 for essential entities. Spain approves transposition via Organic Law X/2025 at end of 2025. For NIS2 entities that are also provider or deployer of Annex III systems, the threat model unifies.
DORA (2022/2554): for financial entities that are deployer of Annex III 5.b or 5.c (credit, insurance), Art. 6 DORA ICT risk management and Art. 9 AI Act risk management sit in the same ICT risk framework.
EU AI Liability Directive: proposed in September 2022, withdrawn by the Commission in February 2025. Civil liability for harm from AI systems remains under national law + Defective Products Directive. For Annex III, liability hooks are the obligations of Chapter III, not a specific strict liability regime.

What stays open as of 30 April

Omnibus adoption. If the 13 May trilogue doesn’t land, the Annex III date is 2 August. If it lands, it depends on the final text and transition.
Harmonised standards. CEN-CENELEC JTC 21 is in draft for the Arts. 9, 10, 12, 13, 14, 15 standards. Expected publication Q3 2026 — exactly when it applies. Providers relying on harmonised standards for presumption of conformity can work with drafts, but do not have the full procedural cover until official OJEU publication.
Notified bodies designated for AI Act. Bottleneck for Annex III point 1.a. AESIA, ENAC and Member States with designated AI Act bodies are publishing provisional designations, but the NANDO database as of 30 April still shows very low numbers.
Spanish sanctions regime. Draft Law for the exercise of the AI Act sanctions regime approved by Council of Ministers in March 2025; parliamentary procedure active during Q1-Q2 2026. AESIA has inspection capacity but no power to impose AI Act sanctions until the national law passes. Equivalent to the gap NIS2 had in Spain until end of 2025.
AESIA-specific guidance on Annex III. The agency published 16 technical guidelines during 2025-2026; Guide 13 (post-market monitoring) and Guide 14 (incident reporting) are confirmed for 28 April 2026. Toolkits with Annex III-applicable templates are in beta — the final version will depend on the Omnibus text if it passes.

References

Official Regulation (EU) 2024/1689 text (OJEU 12 Jul 2024): https://eur-lex.europa.eu/eli/reg/2024/1689/oj
Art. 6 — High-risk classification: https://artificialintelligenceact.eu/article/6/
Annex III — List of high-risk systems: https://artificialintelligenceact.eu/annex/3/
Annex IV — Technical documentation: https://artificialintelligenceact.eu/annex/4/
Art. 27 — FRIA: https://artificialintelligenceact.eu/article/27/
Art. 43 — Conformity assessment: https://artificialintelligenceact.eu/article/43/
Art. 99 — Sanctions: https://artificialintelligenceact.eu/article/99/
European Commission, Digital Omnibus on AI Regulation Proposal (19 Nov 2025): https://digital-strategy.ec.europa.eu/en/library/digital-omnibus-ai-regulation-proposal
EP Think Tank, Digital Omnibus on AI, briefing EPRS_BRI(2026)782651: https://www.europarl.europa.eu/RegData/etudes/BRIE/2026/782651/EPRS_BRI(2026)782651_EN.pdf
EU Council, revised negotiation mandate 8260/26 (17 Apr 2026): https://table.media/assets/documents/20260417_revised-mandate-for-negotiations_omnibus-on-ai.pdf
Bird & Bird, Digital Omnibus on AI Trilogue Stalls Ahead of the AI Act Deadline: https://www.twobirds.com/en/insights/2026/digital-omnibus-on-ai-trilogue-stalls-ahead-of-the-ai-act-deadline
AESIA — Practical guidelines for AI Act compliance: https://aesia.digital.gob.es/en/present/resources/practical-guides-for-ai-act-compliance
Civil society open letter on the Omnibus (EDRi, Access Now, Article 19): https://edri.org/our-work/open-letter-eu-lawmakers-must-safeguard-the-ai-act/
ISO/IEC 42001:2023 — AI management systems: https://www.iso.org/standard/81230.html
Previous IRONHACKERS posts: political agreement · in force · Art. 5 prohibitions · GPAI obligations