AI Act: Behind the Delay, a Demand for Stronger Evidence
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
A Delay That Conceals Increased Requirements
In May 2026, the artificial intelligence agenda was marked by several key events. Among these, the postponement of deadlines for the Digital Omnibus on AI, decided by the Council of the Union and the European Parliament, has pushed back compliance dates for high-risk systems in Annex III to December 2, 2027, and those in Annex I to August 2, 2028. This delay is justified by the lag in the harmonized standards from CEN-CENELEC JTC 21, necessary to ensure compliance. However, this agreement remains provisional until it is formally adopted before August 2, 2026, which means that the original dates from Article 113 remain in effect. This additional time should not be confused with a reduction in requirements.
The Pressure for Evidence Intensifies
In the same month, the G7 cybersecurity working group published a crucial document: the SBOM for AI. This document, co-led by Italy and Germany and signed by the cybersecurity agencies of the seven countries, including ANSSI for France, demands detailed documentation of AI systems. It structures traceability into seven clusters: metadata, models, datasets, system properties, performance indicators, security, and infrastructure. The goal is to fill the gaps left by traditional SBOMs, addressing specific AI risks such as data poisoning, prompt injection, and weight alteration. For operators, this means they will need to provide the complete genealogy of their models, including training data and dependencies.
The OECD and SME Transparency
At the same time, the OECD revised its notification framework as part of the Hiroshima process to include SMEs in the reporting process. This transparency, once reserved for large companies, is now becoming a standard expectation for medium-sized publishers and deployers. This revision aims to push transparency requirements down the production chain.
The Omnibus and System Registration
As for the Digital Omnibus on AI, often perceived as a relaxation, it actually reinstates the registration of high-risk systems in the European database, thereby reducing loopholes and increasing public visibility. The timeline may seem to loosen, but documentation is tightening, which means that simplifying declarations often results in heavier proof requirements.
Implications for Businesses
For AI leadership, the challenge is clear: it is no longer just about meeting deadlines but being able to prove the origin and validation of their AI models during audits or investigations. Companies must use this additional time to prepare to provide detailed evidence rather than mere promises, relying on existing standards such as ISO/IEC 42001. Organizations that succeed will be those that can demonstrate the transparency and traceability of their systems with ease.
A Silent Convergence
This May was also marked by an encyclical from Pope Leo XIV dedicated to artificial intelligence, highlighting the growing importance of this field. The accumulation of these texts reveals a silent convergence towards an increased demand for proof and transparency. The organizations that will benefit from this period of respite will not be those that simply waited, but those that are ready to open the hood of their systems without breaking a sweat.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.