EU AI Act Article 15: 16 Extra Months Just Landed. Here Is What to Do With Them.
Dominik
12 min
EU AI Act
EU AI Act Article 15: 16 Extra Months Just Landed. Here Is What to Do With Them.
On May 7, 2026, the European Parliament and the Council reached a political agreement on the Digital Omnibus on AI. The headline: high-risk AI obligations under Annex III now apply from December 2, 2027 instead of August 2, 2026. Annex I systems embedded in regulated products move to August 2, 2028.
That is 16 months of extra runway for most companies in scope. Useful, but easy to misread.
The Act itself did not change. The risk classes, the cybersecurity requirements, the documentation duties, the penalties of up to 15 million EUR or 3 percent of global turnover, all of it stays. What moved is the date by which you have to be ready. What did not move is the work.
We have spent the last months talking to security and compliance teams about this, and the reaction we are seeing now splits cleanly in two. One group is exhaling and pushing AI Act work to Q1 2027. The other is using the extra time to actually build something real instead of a documentation rush. This post is for the second group.
What Actually Changed on May 7
Formal adoption is still pending. The text needs to be published in the Official Journal, with final approval expected in June and publication in July. But the political deal is done, and the AI Office plus the major law firms are already planning against the new dates.
The substance:
Annex III high-risk systems (hiring, credit scoring, insurance, education, biometrics, law enforcement, critical infrastructure): deadline moves from August 2, 2026 to December 2, 2027.
Annex I high-risk systems (AI embedded in regulated products like medical devices, lifts, machinery): deadline moves to August 2, 2028.
National AI sandboxes: member states have until August 2, 2027 to set them up.
Risk-based classification, GPAI rules, prohibited practices, conformity assessments: unchanged.
So if you operate AI in any of the Annex III sectors, December 2027 is your new planning baseline.
Why "We Have More Time" Is the Wrong Take
The extension exists because compliance infrastructure was not ready. National competent authorities are not all designated. Harmonised standards under CEN-CENELEC are still being drafted. The conformity assessment ecosystem is incomplete.
In other words: the EU bought itself time, not you. The technical controls Article 15 requires are the same controls that protect you from prompt injection, data exfiltration and shadow AI right now. None of that risk got smaller on May 7.
A few realities that have not changed:
Prompt injection attacks are happening today, against systems your employees use every day.
PII flows into ChatGPT, Claude, Gemini and dozens of embedded AI features whether or not you have a policy about it.
When an incident happens in 2026, the regulator does not care that the formal Article 15 deadline is in 2027.
The companies that will be defensibly compliant in December 2027 are the ones building controls now, not the ones starting in Q3 2027.
What Article 15 Actually Requires
The article is titled "Accuracy, robustness and cybersecurity." It names three specific attack types that high-risk AI systems must defend against:
Prompt injection and adversarial inputs. Manipulated prompts that get a model to do something it should not, like leak system instructions or bypass safety filters.
Data poisoning. Bad data fed into training or inference to corrupt how the system behaves.
Confidentiality attacks. Attempts to pull sensitive data out of the model or its conversations, including model inversion and membership inference.
These are technical problems with technical answers. A policy document does not stop a prompt injection. An annual audit does not catch data exfiltration in real time. You need controls that work inside the interaction, while it is happening.
How Articles 9 and 12 Fit In
Article 15 does not stand alone. Two other articles complete the picture:
Article 9: Risk Management. You need a continuous risk management process across the lifecycle of the AI system. Without real visibility into what your AI systems are doing, this becomes paperwork.
Article 12: Record-Keeping. You need automatic logs of what your AI systems do across their full lifecycle. The word in the law is "automatically", manual spreadsheets do not satisfy this.
So the structure is: Article 9 says manage the risk, Article 12 says log everything automatically, Article 15 says here are the specific threats you need to defend against. Together they require visibility, technical controls and audit-grade records.
Where Most Compliance Tools Fall Short
The EU AI Act compliance market is exploding. The AI governance platform market is projected to reach 492 million USD in 2026 spending alone. Most vendors offer documentation platforms, audit trails, policy management. Useful work, but it does not cover what Article 15 asks for.
A documentation platform cannot detect a prompt injection. A policy manager does not stop an employee from pasting customer data into ChatGPT. A risk workshop cannot catch an attack while it is happening.
These tools sit in the governance layer. Article 15 is asking for something else: technical controls that work in real time, inside the interaction itself.
What Technical Controls Look Like
For each of the three threats in Article 15, the answer is specific:
Prompt injection. Every prompt going to an AI system needs to be checked for manipulation before the model processes it. The best place to do this is on the endpoint, before the data leaves your network.
Data poisoning at inference time. Suspicious inputs need to be flagged and blocked before they reach the model. Logging them feeds back into Article 9 risk management.
Confidentiality breaches. PII and confidential business data need to be caught and either blocked or masked before they end up in an external AI tool. This is where shadow AI becomes a real liability.
All three need to work in real time. A report you read on Monday morning does not help when someone leaked a customer file on Friday afternoon.
Who This Applies To
Article 15 becomes binding for high-risk AI systems under Annex III. That covers companies using AI in:
Financial services like credit scoring and underwriting
HR work like CV screening and hiring tools
Insurance pricing and claims processing
Critical infrastructure
Law enforcement and justice
Education, certification and exam grading
Biometric identification and categorization
A study by appliedAI of 106 enterprise AI systems found 18 percent were clearly high-risk, while 40 percent had unclear classifications. So the question "is our AI high-risk?" is itself a project. If you have not done that classification yet, that is step zero.
How to Use the 16 Months
Most teams will not have a tight 8-week scramble in 2027. They will have 16 months of slow, deliberate work. Here is roughly what that looks like:
Q2-Q3 2026: Visibility. You cannot manage what you cannot see. Get telemetry on which AI tools are actually used across the company, including the ones nobody approved.
Q4 2026 - Q1 2027: Technical controls. Roll out detection for prompt injection and PII exfiltration on the endpoints where AI gets used. Start with the highest-risk teams.
Q2-Q3 2027: Records and governance. Article 12 logs in place, Article 9 risk processes documented, governance roles assigned.
Q4 2027: Audit-ready. Run a full internal review with the same questions a regulator would ask. Fix the gaps before December.
Teams that start this in 2027 will be doing all of it under deadline pressure with whatever vendors have inventory. Teams that start in Q2 2026 will have working systems by the time the music stops.
The Honest Question: Where Do You Stand Today?
Most teams we talk to know the AI Act exists. Fewer can answer concrete questions about their own setup. Three that cut to the core:
Do you know which AI tools your employees actually use across the company? Including the ones nobody officially approved?
Can you see, in real time, when someone sends sensitive data to an AI tool, or when a prompt looks like an injection attempt?
Do you have automatic logs that show which data flowed into which AI system, that would survive an audit?
If you cannot answer yes to all three, you have a gap. 16 more months is a lot of runway, but only if you start using it.
Our EU AI Act Cybersecurity Assessment
We built a free assessment that walks you through 23 questions across the parts of the Act that actually involve technical security: Article 15 (cybersecurity), Article 9 (risk management), Article 12 (record-keeping), plus the governance and maturity pieces that wrap around them.
Every question quotes the original legal text and explains what it means in practice. At the end you get a personalized report with:
Your overall score out of 230 points
Five sub-scores across visibility, technical protection, logging, governance and regulatory maturity
The three most important findings per area
Concrete next steps, not generic recommendations
It takes about 8 minutes. You do not need to install anything, you do not need to be technical, and you get the report immediately as a PDF.
The point of the assessment is not to sell you something. We are honest about where Patronus fits and where it does not. Some questions are clearly outside what our product covers, and we mark them that way. You walk away knowing what is missing in your AI Act readiness, whether that gap is something we can help with or not.
Start the Free EU AI Act Assessment
If you would rather talk before clicking, drop us a line at team@patronus.studio and we will show you the assessment together.
