The European Parliament’s decision to postpone enforcement of high-risk AI system obligations until 2027 has sparked relief among organizations scrambling to meet the original August 2026 deadline. Ley Muller, founder of Values-driven AI and a key contributor to the ISO standards underpinning the EU AI Act, argues that this delay should be treated as an opportunity—not a reason to pause compliance efforts.
Why the Delay Matters
The postponement, agreed upon by the European Parliament and European Commission, aims to give authorities more time to finalize harmonized standards that will guide organizations in meeting AI Act requirements. While the Council of the European Union must still approve the delay, many businesses have already shelved their compliance roadmaps. Muller cautions against this approach, emphasizing that the core obligations—such as risk management and human oversight—remain unchanged.
The standards being developed by Muller’s team at JTC 21 and Standard Norge are designed to clarify compliance, not simplify it. Organizations that continue preparing now will find their efforts validated by the final standards. Those waiting until 2027 risk scrambling to meet requirements retroactively, potentially exposing gaps in their systems.
Leadership Over Compliance
Muller stresses that true responsible AI leadership isn’t about meeting a legal deadline but demonstrating a commitment to ethics, safety, and fundamental rights. Companies that push forward during the delay signal to regulators, customers, and stakeholders that their values align with the AI Act’s goals—not just its timelines.
- Internal motivation over external pressure: Organizations should act because it’s the right thing to do, not just because they’re legally required.
- Market differentiation: Early adopters can position themselves as trustworthy partners, ahead of competitors scrambling to comply later.
- Regulatory goodwill: Authorities like NKOM (Norwegian Communications Authority) favor companies that proactively address risks, not those that cut corners until the last minute.
Practical Steps During the Delay
Muller advises businesses to use the extra time wisely:
- Stress-test risk classifications to ensure AI systems are properly categorized.
- Strengthen human oversight mechanisms to align with upcoming standards.
- Educate teams on the why behind compliance, not just the what.
- Prepare for standards adoption by monitoring developments in ISO/IEC 42001 and related frameworks.
For scale-ups and SMBs, harmonized standards may not be the first step—but the AI Act’s core principles (risk mitigation, transparency, human oversight) still apply. Compliance doesn’t require certification, but it does require proof of due diligence.
The Window Won’t Stay Open
Full enforcement of the AI Act is inevitable. Organizations that leverage this delay to build robust, defensible systems will emerge as industry leaders. Those who delay risk playing catch-up when the standards finally arrive—a scenario that could erode trust and market position. The choice isn’t whether to comply, but when to start doing it right.
Read more: digi.no