Your Guidance Isn't Coming
Flying blind into August 2026
Executive Summary
The European Commission is about to miss its own deadline.
Article 6 classification guidelines — the document organizations have been waiting for to understand which AI systems are high-risk — were legally mandated by February 2, 2026. They will not arrive in time. A draft for public consultation will come later this month. Final adoption is now expected in March or April.
The delay comes as the Commission shifts institutional focus toward the Digital Omnibus — the proposal to amend the AI Act alongside other digital regulations.
Translation: the Commission is rewriting the regulation before it has finished explaining the original.
Meanwhile, August 2026 enforcement has not moved. The documentation obligation has not paused. The penalty for misrepresenting classification status — up to €7.5 million or 1% of global turnover under Article 99 — has not been suspended.
Organizations that built compliance timelines around February guidance now have two to three fewer months of implementation runway — and a regulation that may look different by the time they finish. The help they were waiting for is not coming in time.
This piece explains why waiting was the trap, what the Digital Omnibus actually changes, and why your classification documentation must be forensically robust today — guidelines or not.
The Comfortable Lie
Here is what the market wanted to believe:
Wait for guidance. The Commission will clarify what counts as high-risk. Then start compliance work.
This was always a fragile strategy. Guidance clarifies interpretation. It does not replace the legal obligation to classify before placing systems on the market. The regulation has been in force since August 2024. The classification requirement crystallizes in August 2026 regardless of what Brussels publishes.
But organizations clung to the timeline anyway. February 2 was the anchor. Guidance arrives, ambiguity resolves, compliance begins.
That anchor just slipped.
The guidance is delayed. The deadline is not. And the regulation itself may be changing underneath you while you wait.
What Actually Happened
This week, reporting confirmed what insiders had suspected: the Commission will not meet its Article 6(5) obligation to publish classification guidelines by February 2.
The delay coincides with the Commission’s push to advance the Digital Omnibus — the proposal to “simplify” the AI Act alongside other digital regulations. Institutional resources are being spent on amendments while guidance remains unfinished.
This is not a minor administrative delay. It reflects a political choice about where to spend institutional capacity.
The Commission is not behind schedule. It is prioritizing revision over implementation.
For organizations tracking EU AI Act compliance, the implications are structural. The body responsible for clarifying the regulation is simultaneously rewriting it. The guidance you receive in March or April may describe requirements that are already under amendment. You will be implementing a moving target.
The Digital Omnibus Problem
The Digital Omnibus — formally the proposal to simplify AI Act implementation — changes more than timelines. It changes the regulatory architecture.
Three provisions matter for classification.
First: high-risk system obligations that were due August 2026 would be postponed until December 2027. The Commission cites delays in establishing standards and support tools. Organizations that planned compliance for August now face a sixteen-month extension — and the planning uncertainty that comes with building toward a deadline that may move again.
Second: conformity assessment procedures would be loosened. The original text requires third-party assessment for certain high-risk categories under Annex III. The Omnibus proposes expanding self-assessment pathways — reducing external verification before market placement. The safeguard intended to catch non-compliance before deployment weakens.
Third: the Omnibus acknowledges agentic AI as a distinct category requiring special treatment — but offers no framework for how classification applies to systems whose behavior emerges at runtime. The problem is named. The solution is deferred.
This is not regulatory fine-tuning. It is a structural weakening of enforcement before enforcement begins.
What “Simplification” Actually Means
The word simplification does useful political work. It implies burden reduction. Cutting red tape. Helping businesses compete.
Look at what it simplifies away.
External verification before market placement shrinks. Self-assessment pathways expand. The third-party checks that would have caught misclassification or non-compliance before deployment become optional for more system categories.
Extended timelines become permanent uncertainty. A deadline that moves once can move again. Organizations cannot plan capital expenditure, staffing, or technical implementation against a target that shifts with political winds.
Guidance drafted during amendment becomes provisional. Any classification methodology you build from April guidance may require revision when the Omnibus passes. You are not building compliance. You are building a messy draft.
The burden being reduced is the burden of regulatory certainty. The beneficiaries are organizations that prefer ambiguity to accountability.
Consumer groups have noticed. Agustín Reyna, Director General of BEUC — the European Consumer Organisation — called the Omnibus “a watering down of the EU’s privacy rules and a substantial delay and undermining of AI rules that will benefit mainly non-European Big Tech companies.” The simplification frame is not neutral. It is a policy choice disguised as administrative efficiency.
The Standards Gap
Guidelines are not the only thing missing.
Harmonised standards — the technical specifications that would give providers a presumption of conformity with AI Act requirements — do not exist yet. The Commission requested them from CEN/CENELEC in May 2023, with a deadline of April 30, 2025. That deadline was missed. Full adoption is now expected in 2027.
This matters because harmonised standards are the shortcut. Conformity with a published harmonised standard creates a legal presumption that you meet the corresponding AI Act requirements. Without them, providers must demonstrate compliance directly — through common specifications if the Commission publishes them, or through the generic assessment checklist in Annex VII as a last resort.
Neither pathway offers the clarity that harmonised standards would provide. Both require organizations to build their own compliance architecture from first principles.
The AI Act’s designers assumed harmonised standards would be ready before high-risk obligations applied. They are not. Organizations face August 2026 without the presumption-of-conformity pathway the regulation was built around.
The Documentation Gate
Here is what has not changed — and what the delay makes more dangerous.
The August 2026 deadline for classification documentation remains in force. The Digital Omnibus proposes extending high-risk compliance obligations to December 2027 — but classification and registration requirements for August 2026 are not part of that extension.
Here is the trap: even if you determine a system is not high-risk under Article 6(3), you are legally required to document that assessment before placing the system on the market. Claiming exemption without documented reasoning is not a defense. It is exposure.
Article 99 imposes penalties up to €7.5 million or 1% of global annual turnover for providing misleading information about regulatory status — including undocumented classification claims. The absence of guidance does not suspend this obligation. It makes your documentation the only evidence that matters.
When Market Surveillance Authorities arrive, they will ask the same questions regardless of what guidance exists.
Show us the classification decision. Which systems are high-risk? Which claim exemption? What reasoning supports each determination?
Show us who made that determination. A named individual or body with documented authority. Not a consultant’s recommendation. Not an assumption. A decision with accountability attached.
Show us the documentation. The analysis that connects your system’s function to its regulatory status. The reasoning chain that survives scrutiny.
Delayed guidance does not delay these questions. It removes the safety net you thought you would have when answering them. You cannot point to Commission interpretation as your defense. You must build defensible reasoning from the regulation itself — today, not when the guidelines arrive.
The organizations that treated guidance as a prerequisite for action now have less time and less clarity. The organizations that built classification capability from the regulatory text have a methodology that does not depend on Brussels publishing anything.
The Political Mirage
France’s role deserves separate attention — because it explains why political relief is a mirage.
France simultaneously hosts AI investment summits, announces €109 billion in AI funding, and backs provisions that weaken the regulatory framework governing that investment. At the Berlin Digital Sovereignty Summit in November 2025, French Digital Minister Anne Le Hénanff publicly endorsed the postponement of high-risk obligations.
Here is why this matters for your compliance planning: the political pressure to delay creates a mirage of relief. The December 2027 extension looks like breathing room. It is not.
The extension — if it passes — applies to high-risk system obligations under Annex III. It does not suspend the classification documentation requirement. It does not remove the penalty exposure for misrepresenting regulatory status. It does not pause Market Surveillance Authority powers to request your documentation at any time.
France’s recent push to split the file effectively creates two timelines: a political timeline that keeps moving, and a legal timeline that does not. Organizations betting on political delays are betting against legal reality.
The deadlines may move. The documentation obligation is live today.
What To Do Now
If your organization was waiting for February 2 guidance to begin classification work, adjust immediately.
Accept that guidance is interpretation, not instruction.
The Commission guidelines were never going to tell you which of your specific systems are high-risk. They were going to clarify how to apply Article 6 and Annex III to your own analysis. That analysis was always your responsibility. It still is.
Build classification capability from the regulation. Article 6 is published. Annex III is published. The criteria for high-risk determination exist in binding legal text. Guidance would have provided examples and clarification — helpful, but not necessary to begin.
Assume the timeline compresses, not extends. The Omnibus proposes pushing high-risk obligations to December 2027. This is a proposal, not law. It requires European Parliament and Council approval. It may not pass. It may pass with modifications. Planning for a deadline that does not yet legally exist is not compliance strategy. It is false hope.
Track what actually passes. The Digital Omnibus is under negotiation. Public consultation runs through March 11, 2026. The provisions that emerge may differ from the current draft. Build flexibility into your compliance architecture — but do not build around assumptions about future amendments.
Conclusion
Your guidance isn’t coming. Not in time to matter.
The February 2 deadline will pass without delivery. A draft arrives this month for consultation. Final adoption may or may not come in March or April — guidance describing requirements that may already be under amendment.
The organizations that built compliance timelines around waiting have lost months. The organizations that bet on political relief are betting against legal reality. The documentation obligation exists today. The penalty exposure exists today. The Market Surveillance Authority powers exist today.
Different timeline. Same cliff.
The Commission will miss its deadline. Yours didn’t move. The only question is whether your classification documentation exists — or whether you are flying blind into enforcement hoping the map arrives before you hit the ground.
Spoiler: It won’t.
If your organization needs a structured methodology for Article 6 classification — the upstream logic that makes compliance defensible regardless of what guidance eventually arrives — the framework I use is documented in The Article 6 Classification Handbook.
This analysis benefited from reporting by Luca Bertuzzi, Chief AI correspondent at MLex and ongoing dialogue with Adam Leon Smith DEng FBCS, project leader for prEN 18286 at CEN-CENELEC JTC 21.