§ whyisthisdown _
← Back to posts

Sixteen Months

9 min read
governanceeu-ai-actobservabilityauditcompliance

Sixteen Months

On 7 May 2026, at the third attempt, the EU did two things in one trilogue. It banned a category of software that generates fake nudes of real people — fast, decisively, with the top penalty tier attached. And it pushed the deadline for high-risk AI governance back sixteen months, to 2 December 2027.

Hold those two decisions next to each other. One is a tabloid-legible harm: deepfaked images of a sitting prime minister circulating on social media, public revulsion, a clean villain. That got a hard decision in an afternoon. The other is the unglamorous structural work — logging, traceability, human oversight, the requirement that a high-risk system be able to prove what it did and why. That got a snooze.

This is not an accusation of laziness. It’s a pattern, and the pattern is the whole point of this post. Institutions move fast on decisions that are easy to explain and slow on decisions that are hard to make. Brussels can afford that asymmetry, because Brussels only owes the world a date. You — the person actually building the system the regulation points at — don’t get the same luxury. The deadline moved. The architecture didn’t.

What actually happened, precisely

Most coverage led with “the AI Act got delayed,” which is true and useless. Here is the version that survives contact with the actual text.

The agreement reached on 7 May is provisional. It still needs formal endorsement by Parliament and Council, legal-linguistic revision, and publication in the Official Journal. Adoption is expected before 2 August 2026 — the date the original high-risk rules would otherwise have snapped into force. Until then, the enacted Act technically still says August 2026; every signal says it moves. Plan against the new dates, but call them what they are: not yet law.

The new dates:

  • 2 December 2027 — high-risk obligations for standalone Annex III systems (biometrics, critical infrastructure, employment, education, law enforcement, justice, migration). Sixteen months later than the original 2 August 2026.
  • 2 August 2028 — high-risk obligations for AI embedded in regulated products under Annex I (medical devices, machinery, toys, lifts).
  • 2 December 2026 — watermarking and synthetic-content marking under Article 50(2), and the new Article 5 prohibition on AI-generated non-consensual intimate imagery and CSAM.

Read that last line again. The two obligations that land soonest — watermarking and the nudifier ban, both 2 December 2026 — are the ones the press is filing under “relief.” The thing everyone exhaled about, high-risk governance, is the thing that’s furthest out. The relief deadline is later than two live ones. If you ship a generative feature into the EU market, your nearest real obligation is seven months from the deal, not nineteen.

One more that almost nobody covered: the Commission had proposed deleting the obligation to register self-assessed-non-high-risk systems in the EU database. Parliament and Council refused. Registration survives. Which means the old escape hatch — “we decided it’s not high-risk, moving on” — is now a public, queryable filing you have to stand behind. Out-of-scope is no longer a private memo. It’s a documented position a regulator can run a thematic sweep against. In-scope or out, you need the same evidence base.

The official reason for the sixteen-month slip is that the harmonised standards and support tools aren’t ready. That’s real. The standards bodies are behind schedule, and it’s genuinely incoherent to penalise a company for failing to meet a technical standard that doesn’t exist yet. Give the institutions their due: the reason is legitimate.

But watch what they said while saying it. One co-rapporteur framed the deal as proof that “politics can move just as quickly as technology” — in the same breath as announcing that the high-risk requirements are paused. Speed as a press line; deferral as the substance. You don’t get to claim you move at the speed of technology in the sentence where you move a governance deadline by sixteen months.

And it isn’t only engineers being sceptical about this. The Jacques Delors Centre published a policy brief titled “The EU’s Digital and AI Omnibus is Heading in the Wrong Direction,” arguing that the omnibus procedure is being used for substantive changes well past the clarification and streamlining it was designed for — without proper impact assessment. Civil society saw this coming before the package even landed: in November 2025, ahead of the Omnibus proposal, 127 organisations including EDRi and Amnesty International warned the broader package would be “the biggest rollback of digital fundamental rights in EU history.” That warning was about the whole deregulation agenda, not this single deferral — but the May deal is the agenda arriving on schedule. When the think tanks with no product to sell are flagging the substance, the posture is worth naming.

So: the institutions took the decision that was easy to explain and deferred the decision that was hard to make. That is a rational thing for a legislature to do. It is a catastrophic thing for an engineering organisation to imitate.

Why you can’t

Here’s the part the legal coverage cannot write, because it requires having built the thing. I sketched the five architectural properties of a post-MCP infrastructure stack in The MCP Trust Deficit; Article 12 is what happens when a regulator names the fifth one — cryptographically signed, event-sourced audit log — and writes it into binding law.

Article 12 says a high-risk system “shall technically allow for the automatic recording of events (logs) over the lifetime of the system.” Three words in that sentence are load-bearing, and none of them is about a deadline.

Technically. Not “the organisation maintains a logging policy.” The capability has to be in the system. A policy is a promise; Article 12 asks for a property.

Automatic. The system generates the record itself. Manual documentation — the post-hoc Confluence page someone writes after the incident — does not satisfy it. If a human has to remember to log it, it isn’t logged.

Over the lifetime. From deployment to decommissioning. Not the current release, not the window you happened to have debug logging turned up. Every materially-affecting decision, reconstructable later.

Now ask what it takes to actually produce that, and why you cannot bolt it on in November 2027.

The record Article 12 implies — every decision attributable to an actor, tied to a model and policy version, threaded by a correlation ID from user to agent to tool to outcome, and unaltered since it was written — is not a logging volume problem. It’s a logging property problem. Correlation IDs have to exist at write time; you cannot reconstruct them six months later from a SIEM full of unstructured JSON that nobody designed to be correlated. Tamper-evidence — append-only, hash-chained, signed — has to wrap the write path from the first commit; adding it to a live system in 2027 means rewriting the write path of a system in production. “Lifetime” means model version, policy context, and the rationale for each decision are captured at the moment of the decision — they are unrecoverable afterward, because the state that produced them is gone.

This is the GDPR rerun, and we already know how it goes. The organisations that struggled most in 2018 were the ones that had mistaken documentation for capability — retention policies with no technical controls, breach-notification procedures with no ability to detect a breach in time to use them. Article 12 is the same reckoning, aimed at a different layer. A policy that says “we log high-risk decisions” is not a system that can produce the evidentiary record. The gap between those two sentences is an architecture, and architectures don’t appear because a deadline arrives.

If your audit story is a SOC 2 Type II report, understand what that report attests: that you follow your controls. It does not attest that the log you produce is an artifact that survives a regulator’s request or a court proceeding. SOC 2 is a statement about process. Article 12 wants the artifact. Those are not the same thing, and no amount of 2027 will turn one into the other. (The maturity model behind this distinction is the Governance & Auditability dimension of the LLM observability scorecard — Article 12 maps to L3 on that axis; closed-loop enforcement is L4.)

Sixteen months is not runway

Nineteen months from the May deal — to the December 2027 date — sounds like a lot. It isn’t, for this class of work. Enterprise governance procurement and implementation — platform selection, integration, building the evidence pipeline, training, notified-body engagement where it applies — runs twelve to eighteen months in practice. Start the RFP in Q1 2027 for a December 2027 go-live and you miss. The deferral didn’t buy you slack; it just moved the wall.

And the architecture decision sits before all of that. You can defer the procurement. You cannot defer the choice of whether the system you’re shipping this quarter writes records that will be legible to an auditor in 2028 — because by the time you’re sure you’re in scope, the write path is load-bearing and the rewrite is a project. The engineer who waits for 2 December 2027 isn’t buying time. They’re scheduling a panic, and pricing it at the cost of a rewrite under deadline.

The institutions blinked because they only have to publish a date, and the standards they’re waiting on are someone else’s deliverable. You’re building the thing the date points at. The standard’s absence is their excuse; it is not your blocker — you don’t need a published harmonised standard to know what append-only, attributable, lifetime-scoped logging is. Decide the architecture now. Let Brussels reschedule the paperwork.

Three questions for your next architecture review

  • Where does a high-risk decision in your stack get logged after the fact, instead of captured at the decision point — and what’s unrecoverable by the time anyone looks?
  • Where does your audit story depend on reconstructing correlation from logs that nobody designed to be correlated?
  • Where have you mistaken a retention policy for a retention capability — a promise for a property?

Answer those honestly and the sixteen months are runway. Answer them in 2027 and they’re a countdown you started late.

Disclosure: I build MCP Hangar in this space; the event-sourced, tamper-evident audit layer is the part that maps directly to what Article 12 will eventually demand. The entire project is MIT-licensed at github.com/mcp-hangar/mcp-hangar. I’m not pitching it here — but it shapes what I notice, and you should know that.

§ Sources & References

Artificial Intelligence: Council and Parliament agree to simplify and streamline rules
Council of the EU·consilium.europa.eu·2026-05-07
regulation
AI Act: deal on simplification measures, ban on "nudifier" apps
European Parliament·europarl.europa.eu·2026-04-27
regulation
Digital Omnibus on AI — Legislative Train Schedule
European Parliament·europarl.europa.eu
regulation
Article 12 — Record-keeping (AI Act text)
AI Act (annotated)·artificialintelligenceact.eu
regulation
The EU's Digital and AI Omnibus is Heading in the Wrong Direction
Jacques Delors Centre·delorscentre.eu·2026-03-30
analysis
Forthcoming Digital Omnibus would mark point of no return
EDRi (joint civil-society letter, 127 organisations)·edri.org·2025-11
analysis
Open Joint Letter: Preserving the Scope and Integrity of the AI Act
BEUC, CDT & co-signatories (on preserving Annex I scope)·cdt.org·2026-04
analysis
AI Act Omnibus: What just happened and what comes next?
IAPP·iapp.org·2026-05
analysis
EU AI Act Omnibus Deal Reached: Postponed Deadlines, Watermarking Compromise, and the Nudification Prohibition
William Fry·williamfry.com·2026-05
analysis
Digital Omnibus on AI: Provisional Agreement Reached at the May Trilogue
Bird & Bird·twobirds.com·2026-05
analysis