MICKAI
Article · 4 July 2026

The EU Just Pushed High-Risk AI to December 2027. Here Is What We Are Building Instead of Waiting

The Digital Omnibus defers Annex III deadlines to 2 December 2027. We read that as a build window, not a reprieve, because the controls that arrive in 2027 are the exact attestation record a sovereign system already produces on day one.

The EU Just Pushed High-Risk AI to December 2027. Here Is What We Are Building Instead of Waiting
Author
Micky Irons
Published
4 July 2026
Follow Micky Irons
LinkedInX
EU AI ActDigital OmnibusAI governancehigh-risk AIsovereign AI

# The EU Just Pushed High-Risk AI to December 2027. Here Is What We Are Building Instead of Waiting

By Micky Irons

On 7 May 2026 the Council and Parliament reached a provisional agreement on the Digital Omnibus, and the headline every compliance team read that week was simple. The high-risk obligations for Annex III systems, the ones that were due to bite on 2 August 2026, now move to 2 December 2027. Formal adoption is expected before the original August date, so for planning purposes you can treat the new deadline as real. Sixteen more months. Most of the coverage called it relief.

We do not read it that way. A deferral is not a pardon. The obligations did not shrink, they slid. Logging, human oversight, traceability, technical documentation, post-market monitoring: every one of those requirements survives the move intact. All the Digital Omnibus changed is when the auditor knocks. If you treat that as permission to do nothing until late 2027, you have not been given breathing room. You have been handed a countdown, and you will spend the last two quarters of it retrofitting controls into systems that were never designed to produce them.

So here is the contrarian read, and it is the one we built for. December 2027 is a build window. The right move is to own the compliance record now, so that on day one of enforcement you are not scrambling to generate evidence. You already have it.

What actually got deferred, and what did not

Let us be precise, because precision is the whole point when an auditor is across the table. The Digital Omnibus pushes the application date of the Annex III high-risk rules. It does not soften them. When December 2027 arrives, a provider or deployer of a high-risk system still has to demonstrate a specific, boring, unglamorous set of things.

You need automatic event logging across the lifecycle of the system, retained and inspectable. You need meaningful human oversight, with the ability for a person to intervene and to understand what the system did. You need traceability, so that any given output can be tied back to the inputs, the model version and the data that produced it. You need technical documentation that is current, not reconstructed after the fact. And you need this to hold up under scrutiny from a national competent authority who is allowed to ask for the records and expect them to exist.

None of that is negotiable in 2027. The only thing the deferral bought you is time to decide how you produce it. And that decision is the one worth making now, because the two ways of producing it are not equivalent.

Retrofitting is the expensive path, and everyone is about to take it

The default plan across most regulated teams is to wait, watch the guidance settle, and bolt compliance tooling onto whatever AI stack they end up running. We understand the instinct. Nobody wants to over-build against rules that are still moving.

The problem is that logging and oversight and traceability are not features you add at the end. They are properties of the architecture. If your AI runs as a black box behind a vendor API, you do not control the log. You control a request and a response, and a hope that the provider's retention policy and your regulator's expectations line up. If your model version changes underneath you, your traceability breaks and you find out during an audit. If oversight means a human can veto an output but cannot see why the output was produced, you have oversight theatre, not oversight.

Retrofitting means discovering all of this in 2027, under a live deadline, with the same consultants and the same auditors that every other firm is trying to book at the same time. It is the most expensive way to arrive at compliance, and it arrives late.

Classical marble scene, Chronos, gold rim light on void black

The controls are the attestation record, and we already build that

Here is what changes the maths. The exact controls the AI Act demands in 2027 are, line for line, the record that a Sovereign Intelligence Operating System produces as a matter of course. This is not a compliance module we sell alongside the product. It is what the product is.

Mickai is a SIOS. Regulated organisations own it and run it inside their own walls, air-gapped, with a cryptographically signed audit record written on every action the system takes. Every inference, every retrieval, every human intervention, every model version in play at the moment of a decision: signed, timestamped, tamper-evident, and yours. That is not a byproduct of the design. It is the design. We built the attestation record first and the intelligence on top of it, because for the buyers we serve the record is the product.

Read the AI Act's high-risk obligations next to that and the overlap is almost total. Automatic logging is the signed action record. Human oversight is a first-class, logged intervention rather than a bolt-on veto. Traceability is the signature chain that ties an output to its inputs and its exact model state. Technical documentation stops being a document someone maintains by hand and becomes a live export of a system that already knows what it did. You are not building evidence for the auditor. You are handing over a ledger that was true the whole time.

If you want the deeper architecture behind this, we have written it up in our work on the Mickai SIOS attestation record and its cryptographic audit trail, and on why air-gapped ownership beats cloud AI for regulated workloads. This article is the timing argument. Those are the how.

Own it now, be compliant on day one

The honest version of the market is worth stating plainly, because over-claiming helps nobody. Almost every regime you operate under, DORA, the FCA and PRA regimes, the EBA guidelines, GDPR, permits cloud AI with the right controls. There is no blanket legal bar on cloud, and we will not pretend there is. The genuine no-cloud requirement is workload-specific: classified material, isolated operational technology, data where a data protection impact assessment comes back negative, regimes like ITAR. For everyone else the case for owning your stack is not prohibition, it is preference, and it is a strong one. Control of your own data. Cost you can predict. No exfiltration surface. And, uniquely relevant right now, a compliance record that is native rather than retrofitted.

The register-backed sovereign market we are built for is roughly 16,092 institutions across the UK and EU, split between a regulated core of about 7,933 institutions and a large-private adjacency of about 8,159, sitting inside an enterprise AI platform software market that Verdantix sizes at USD 13bn in 2024 rising toward USD 50.3bn by 2030, roughly £11.7bn to £39.7bn at current rates. Those are organisations for which the 2027 deadline is not abstract. It is a line item on a risk register with an owner's name against it.

The patents underneath this run to 104 filed UK applications across 13 families, roughly 2,340 claims, in the name of inventor Mickarle Wagstaff-Irons, building toward examination and grant. Much of what they contain is exactly this: signed action records, air-gapped inference, the machinery of provable compliance. We filed it because it is the part that is hard to copy and the part that matters when a regulator wants proof rather than assurances.

Classical marble scene, Chronos, gold rim light on void black

The takeaway

The Digital Omnibus gave regulated teams sixteen extra months. Spend them buying yourself out of the 2027 scramble, not deferring it. If you stand up an owned, air-gapped SIOS now, the logging and oversight and traceability that become mandatory on 2 December 2027 are already running on the day you switch it on. You are compliant on day one, because the record was never something you added. It was the foundation you built on.

The teams that treat this as relief will be retrofitting under a deadline in late 2027. The teams that treat it as a build window will already be done. We know which one we would rather be, and it is why we are building instead of waiting.

Frequently asked questions

Does the Digital Omnibus deferral mean the high-risk obligations are weaker now?

No. The provisional agreement of 7 May 2026 moves the application date for Annex III high-risk systems from 2 August 2026 to 2 December 2027. It changes the timing, not the substance. Logging, human oversight, traceability, technical documentation and post-market monitoring all survive the move. When enforcement begins you still have to produce the full record.

Are we legally required to run AI on-premises to comply with the AI Act?

No, and we would not tell you otherwise. The AI Act and most adjacent regimes such as DORA, FCA and PRA rules, EBA guidelines and GDPR permit cloud AI with appropriate controls. The genuine no-cloud requirement is workload-level: classified data, isolated operational technology, ITAR-controlled material, or cases where a data protection impact assessment comes back negative. The case for owning your stack is control, cost and a native compliance record, not a blanket prohibition.

Why build now instead of using the extra time to wait for final guidance?

Because logging, oversight and traceability are architectural properties, not features you add at the end. Retrofitting them into a black-box AI stack in 2027 means generating evidence under a live deadline with scarce audit and consulting capacity. Standing up a system that produces the record natively means you are compliant on day one of enforcement, with the hardest work already behind you.

How does a SIOS produce the specific records the AI Act asks for?

A Sovereign Intelligence Operating System writes a cryptographically signed, timestamped audit record on every action: every inference, retrieval, human intervention and model version in play. That signed chain maps directly onto the Act's requirements. Automatic logging is the action record, oversight is a logged first-class intervention, traceability is the signature chain tying outputs to inputs and model state, and technical documentation becomes a live export rather than a hand-maintained document. It is the same signed-audit foundation we describe in our writing on sovereign AI for regulated enterprise.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/digital-omnibus-high-risk-deferral-what-regulated-teams-should-build-now. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Alex Karp Is Right: You Are Paying For Tokens You Cannot Audit
Alex Karp said hosted-AI vendors capture your data and bill you for unproductive tokens that create no value. He is right. We built Mickai so regulated organisations own the substrate instead of renting it, with a signed audit record on every action.
4 Jul 2026
Article 50 Lands in August: Machine-Detectable AI Provenance, and Why We Sign It At Source
Article 50 makes synthetic content machine-detectable from 2 August 2026, and the draft Code of Practice names C2PA as the route. We bind Content Credentials to the cryptographically-signed audit record Mickai writes on every action, so provenance is produced at source inside your own walls, not bolted onto a cloud API afterward.
4 Jul 2026
Under Oath, They Said They Could Not Say No. That Sentence Is the Whole Market
Microsoft France told the French Senate under oath that it cannot guarantee European data will never reach US authorities under the CLOUD Act, even inside a French sovereign region. We think that single sentence defines the market. Sovereign cloud is a real engineering improvement, but while the parent is US-domiciled the legal gap stays open. The only structure where the answer to a foreign subpoena is genuinely no is one you own and run inside your own walls.
4 Jul 2026
Schrems III Is Coming. Do Not Bet Your AI Pipeline on an Adequacy Decision
A single US Supreme Court ruling has put every AI stack that routes personal data to a US processor back on the wrong side of legal certainty. We explain why the Data Privacy Framework is now shaking, why a third adequacy invalidation is a live risk, and why owning your inference in-territory is the only hedge that does not depend on how Brussels or Luxembourg rules.