The EU Just Pushed High-Risk AI to December 2027. Here Is What We Are Building Instead of Waiting
The Digital Omnibus defers Annex III deadlines to 2 December 2027. We read that as a build window, not a reprieve, because the controls that arrive in 2027 are the exact attestation record a sovereign system already produces on day one.
# The EU Just Pushed High-Risk AI to December 2027. Here Is What We Are Building Instead of Waiting
By Micky Irons
On 7 May 2026 the Council and Parliament reached a provisional agreement on the Digital Omnibus, and the headline every compliance team read that week was simple. The high-risk obligations for Annex III systems, the ones that were due to bite on 2 August 2026, now move to 2 December 2027. Formal adoption is expected before the original August date, so for planning purposes you can treat the new deadline as real. Sixteen more months. Most of the coverage called it relief.
We do not read it that way. A deferral is not a pardon. The obligations did not shrink, they slid. Logging, human oversight, traceability, technical documentation, post-market monitoring: every one of those requirements survives the move intact. All the Digital Omnibus changed is when the auditor knocks. If you treat that as permission to do nothing until late 2027, you have not been given breathing room. You have been handed a countdown, and you will spend the last two quarters of it retrofitting controls into systems that were never designed to produce them.
So here is the contrarian read, and it is the one we built for. December 2027 is a build window. The right move is to own the compliance record now, so that on day one of enforcement you are not scrambling to generate evidence. You already have it.
What actually got deferred, and what did not
Let us be precise, because precision is the whole point when an auditor is across the table. The Digital Omnibus pushes the application date of the Annex III high-risk rules. It does not soften them. When December 2027 arrives, a provider or deployer of a high-risk system still has to demonstrate a specific, boring, unglamorous set of things.
You need automatic event logging across the lifecycle of the system, retained and inspectable. You need meaningful human oversight, with the ability for a person to intervene and to understand what the system did. You need traceability, so that any given output can be tied back to the inputs, the model version and the data that produced it. You need technical documentation that is current, not reconstructed after the fact. And you need this to hold up under scrutiny from a national competent authority who is allowed to ask for the records and expect them to exist.
None of that is negotiable in 2027. The only thing the deferral bought you is time to decide how you produce it. And that decision is the one worth making now, because the two ways of producing it are not equivalent.
Retrofitting is the expensive path, and everyone is about to take it
The default plan across most regulated teams is to wait, watch the guidance settle, and bolt compliance tooling onto whatever AI stack they end up running. We understand the instinct. Nobody wants to over-build against rules that are still moving.
The problem is that logging and oversight and traceability are not features you add at the end. They are properties of the architecture. If your AI runs as a black box behind a vendor API, you do not control the log. You control a request and a response, and a hope that the provider's retention policy and your regulator's expectations line up. If your model version changes underneath you, your traceability breaks and you find out during an audit. If oversight means a human can veto an output but cannot see why the output was produced, you have oversight theatre, not oversight.
Retrofitting means discovering all of this in 2027, under a live deadline, with the same consultants and the same auditors that every other firm is trying to book at the same time. It is the most expensive way to arrive at compliance, and it arrives late.
The controls are the attestation record, and we already build that
Here is what changes the maths. The exact controls the AI Act demands in 2027 are, line for line, the record that a Sovereign Intelligence Operating System produces as a matter of course. This is not a compliance module we sell alongside the product. It is what the product is.
Mickai is a SIOS. Regulated organisations own it and run it inside their own walls, air-gapped, with a cryptographically signed audit record written on every action the system takes. Every inference, every retrieval, every human intervention, every model version in play at the moment of a decision: signed, timestamped, tamper-evident, and yours. That is not a byproduct of the design. It is the design. We built the attestation record first and the intelligence on top of it, because for the buyers we serve the record is the product.
Read the AI Act's high-risk obligations next to that and the overlap is almost total. Automatic logging is the signed action record. Human oversight is a first-class, logged intervention rather than a bolt-on veto. Traceability is the signature chain that ties an output to its inputs and its exact model state. Technical documentation stops being a document someone maintains by hand and becomes a live export of a system that already knows what it did. You are not building evidence for the auditor. You are handing over a ledger that was true the whole time.
If you want the deeper architecture behind this, we have written it up in our work on the Mickai SIOS attestation record and its cryptographic audit trail, and on why air-gapped ownership beats cloud AI for regulated workloads. This article is the timing argument. Those are the how.
Own it now, be compliant on day one
The honest version of the market is worth stating plainly, because over-claiming helps nobody. Almost every regime you operate under, DORA, the FCA and PRA regimes, the EBA guidelines, GDPR, permits cloud AI with the right controls. There is no blanket legal bar on cloud, and we will not pretend there is. The genuine no-cloud requirement is workload-specific: classified material, isolated operational technology, data where a data protection impact assessment comes back negative, regimes like ITAR. For everyone else the case for owning your stack is not prohibition, it is preference, and it is a strong one. Control of your own data. Cost you can predict. No exfiltration surface. And, uniquely relevant right now, a compliance record that is native rather than retrofitted.
The register-backed sovereign market we are built for is roughly 16,092 institutions across the UK and EU, split between a regulated core of about 7,933 institutions and a large-private adjacency of about 8,159, sitting inside an enterprise AI platform software market that Verdantix sizes at USD 13bn in 2024 rising toward USD 50.3bn by 2030, roughly £11.7bn to £39.7bn at current rates. Those are organisations for which the 2027 deadline is not abstract. It is a line item on a risk register with an owner's name against it.
The patents underneath this run to 104 filed UK applications across 13 families, roughly 2,340 claims, in the name of inventor Mickarle Wagstaff-Irons, building toward examination and grant. Much of what they contain is exactly this: signed action records, air-gapped inference, the machinery of provable compliance. We filed it because it is the part that is hard to copy and the part that matters when a regulator wants proof rather than assurances.
The takeaway
The Digital Omnibus gave regulated teams sixteen extra months. Spend them buying yourself out of the 2027 scramble, not deferring it. If you stand up an owned, air-gapped SIOS now, the logging and oversight and traceability that become mandatory on 2 December 2027 are already running on the day you switch it on. You are compliant on day one, because the record was never something you added. It was the foundation you built on.
The teams that treat this as relief will be retrofitting under a deadline in late 2027. The teams that treat it as a build window will already be done. We know which one we would rather be, and it is why we are building instead of waiting.
Frequently asked questions
Does the Digital Omnibus deferral mean the high-risk obligations are weaker now?
No. The provisional agreement of 7 May 2026 moves the application date for Annex III high-risk systems from 2 August 2026 to 2 December 2027. It changes the timing, not the substance. Logging, human oversight, traceability, technical documentation and post-market monitoring all survive the move. When enforcement begins you still have to produce the full record.
Are we legally required to run AI on-premises to comply with the AI Act?
No, and we would not tell you otherwise. The AI Act and most adjacent regimes such as DORA, FCA and PRA rules, EBA guidelines and GDPR permit cloud AI with appropriate controls. The genuine no-cloud requirement is workload-level: classified data, isolated operational technology, ITAR-controlled material, or cases where a data protection impact assessment comes back negative. The case for owning your stack is control, cost and a native compliance record, not a blanket prohibition.
Why build now instead of using the extra time to wait for final guidance?
Because logging, oversight and traceability are architectural properties, not features you add at the end. Retrofitting them into a black-box AI stack in 2027 means generating evidence under a live deadline with scarce audit and consulting capacity. Standing up a system that produces the record natively means you are compliant on day one of enforcement, with the hardest work already behind you.
How does a SIOS produce the specific records the AI Act asks for?
A Sovereign Intelligence Operating System writes a cryptographically signed, timestamped audit record on every action: every inference, retrieval, human intervention and model version in play. That signed chain maps directly onto the Act's requirements. Automatic logging is the action record, oversight is a logged first-class intervention, traceability is the signature chain tying outputs to inputs and model state, and technical documentation becomes a live export rather than a hand-maintained document. It is the same signed-audit foundation we describe in our writing on sovereign AI for regulated enterprise.


