Press
Organisations risk costly recovery operations and people longer exposed to high-risk AI-systems due to AI Act delay
Date
June 15, 2026
Amsterdam, 15 June 2026
The delay to obligations for high-risk AI systems under the European AI Act could drive up costs for organisations. At the same time, citizens, customers and employees will remain exposed to AI systems for longer, with risks that have not yet been sufficiently addressed. While the regulatory framework has not yet been finalised, AI systems are already being deeply embedded in business processes and public services. Organisations that act only once obligations are final will have to build compliance into systems already fully woven into their operations. Data and AI consultancy ADC warns that organisations risk a costly compliance scramble if they wait.
“The delay is easily seen as breathing space,” says Elianne Anemaat, senior manager public & society at ADC. “But organisations that only act once all guidelines are final will create unnecessary extra work for themselves. AI systems are already running in processes that directly affect people.”
Embedded systems and unclear guidelines drive up costs
Technical standards and practical guidelines for the AI Act are still lacking. The European Commission recently published draft guidelines with examples, but these are not yet legally binding. The precise scope of what qualifies as ‘high-risk’, as well as the accompanying technical standards, may still be tightened, creating uncertainty for organisations.
At the same time, organisations are rapidly implementing AI applications, from fraud detection and recruitment to biometric identification and credit assessment. They are making decisions about architecture, suppliers and processes even though the technical standards and compliance guidelines have not yet been finalised. If these choices need to be corrected later, costs could rise significantly.
“Organisations that already put transparent data flows, proper logging, clear roles and testable models in place now will be able to align with the final standards much more easily later. Without incurring unnecessary extra costs,” says Anemaat.
Not just a business risk, but a human impact
According to ADC, the delay is not only an organisational or financial risk. High-risk AI is increasingly being used in areas where decisions directly affect people’s lives, such as recruitment, medical triage, fraud detection, education and public services.
“If these systems are poorly designed or insufficiently monitored, they can determine whether someone is invited for a job interview, receives care in time or gets a timely response from a public institution,” Anemaat explains. “Every month of delay can therefore have a major impact on this group of people.”
Public sector particularly vulnerable
The public sector in particular must remain alert. Municipalities, benefits agencies and healthcare organisations have much to gain from AI, but their processes also directly affect citizens. These organisations also operate within strict procurement rules, budget cycles and political accountability, making rapid course correction structurally more difficult.
“If an AI system fails in the private sector, that is primarily a business risk,” says Anemaat. “In the public sector, the same problem can escalate into an administrative crisis.”
Delay creates opportunity, but requires action
ADC advises organisations to use the additional time to gain a structured overview of their AI use now. This means mapping all AI applications, including functionalities embedded in existing software or dashboards; identifying which systems may be high-risk based on their function and impact; carrying out impact assessments even before formal requirements are in place; testing systems for bias, explainability and controllability; documenting governance; and investing in AI literacy so employees can recognise risks.
“Responsible AI use is not a one-off exercise, but a skill. And like any skill, it becomes easier the earlier you start. Organisations that begin now can embed compliance into the way they work, rather than treating it as an obligation that has to be added later,” says Anemaat.
Note to editors
On 7 May, the European Parliament and the Council reached a provisional agreement to delay the obligations for high-risk AI systems. For stand-alone systems under Annex III, the deadline moves from August 2026 to December 2027; for high-risk AI in regulated products, it moves to August 2028. On 19 May, draft guidelines for the classification of Annex III were shared. The agreement still needs to be formally adopted.
Date
June 15, 2026
Amsterdam, 15 June 2026
The delay to obligations for high-risk AI systems under the European AI Act could drive up costs for organisations. At the same time, citizens, customers and employees will remain exposed to AI systems for longer, with risks that have not yet been sufficiently addressed. While the regulatory framework has not yet been finalised, AI systems are already being deeply embedded in business processes and public services. Organisations that act only once obligations are final will have to build compliance into systems already fully woven into their operations. Data and AI consultancy ADC warns that organisations risk a costly compliance scramble if they wait.
“The delay is easily seen as breathing space,” says Elianne Anemaat, senior manager public & society at ADC. “But organisations that only act once all guidelines are final will create unnecessary extra work for themselves. AI systems are already running in processes that directly affect people.”
Embedded systems and unclear guidelines drive up costs
Technical standards and practical guidelines for the AI Act are still lacking. The European Commission recently published draft guidelines with examples, but these are not yet legally binding. The precise scope of what qualifies as ‘high-risk’, as well as the accompanying technical standards, may still be tightened, creating uncertainty for organisations.
At the same time, organisations are rapidly implementing AI applications, from fraud detection and recruitment to biometric identification and credit assessment. They are making decisions about architecture, suppliers and processes even though the technical standards and compliance guidelines have not yet been finalised. If these choices need to be corrected later, costs could rise significantly.
“Organisations that already put transparent data flows, proper logging, clear roles and testable models in place now will be able to align with the final standards much more easily later. Without incurring unnecessary extra costs,” says Anemaat.
Not just a business risk, but a human impact
According to ADC, the delay is not only an organisational or financial risk. High-risk AI is increasingly being used in areas where decisions directly affect people’s lives, such as recruitment, medical triage, fraud detection, education and public services.
“If these systems are poorly designed or insufficiently monitored, they can determine whether someone is invited for a job interview, receives care in time or gets a timely response from a public institution,” Anemaat explains. “Every month of delay can therefore have a major impact on this group of people.”
Public sector particularly vulnerable
The public sector in particular must remain alert. Municipalities, benefits agencies and healthcare organisations have much to gain from AI, but their processes also directly affect citizens. These organisations also operate within strict procurement rules, budget cycles and political accountability, making rapid course correction structurally more difficult.
“If an AI system fails in the private sector, that is primarily a business risk,” says Anemaat. “In the public sector, the same problem can escalate into an administrative crisis.”
Delay creates opportunity, but requires action
ADC advises organisations to use the additional time to gain a structured overview of their AI use now. This means mapping all AI applications, including functionalities embedded in existing software or dashboards; identifying which systems may be high-risk based on their function and impact; carrying out impact assessments even before formal requirements are in place; testing systems for bias, explainability and controllability; documenting governance; and investing in AI literacy so employees can recognise risks.
“Responsible AI use is not a one-off exercise, but a skill. And like any skill, it becomes easier the earlier you start. Organisations that begin now can embed compliance into the way they work, rather than treating it as an obligation that has to be added later,” says Anemaat.
Note to editors
On 7 May, the European Parliament and the Council reached a provisional agreement to delay the obligations for high-risk AI systems. For stand-alone systems under Annex III, the deadline moves from August 2026 to December 2027; for high-risk AI in regulated products, it moves to August 2028. On 19 May, draft guidelines for the classification of Annex III were shared. The agreement still needs to be formally adopted.
About ADC
ADC is a European data and AI consultancy. Wayfinders for what's next, we help organisations navigate complexity and turn AI ambition into real impact. With over 200 professionals across Amsterdam, Copenhagen, Stockholm, and Utrecht, we combine scientific rigour, engineering craftsmanship, and a people-centred approach to AI. Together with CLEVER°FRANKE, our data design studio, we deliver end-to-end solutions trusted by leading organisations across financial services, life sciences, retail, transportation, public & society, and agriculture & food.
