The EU AI Act Newsletter #101: Trilogue Breakdown

The EU’s AI Act is entering a critical phase as legislators walked away from a compromise that would have delayed its most stringent provisions until late 2027. Without a postponement, companies that develop or deploy high‑risk AI must meet compliance obligations this August, accelerating product redesigns and certification processes. The dispute over sector‑specific exemptions for machinery and medical devices reflects a broader tension between industry‑friendly approaches and the EU’s ambition to enforce a uniform, horizontal regulatory framework. This impasse could spur firms to seek national workarounds, complicating the single‑market vision the bloc originally pursued.

Security concerns have risen to the fore with Anthropic’s Mythos model, which demonstrated the ability to autonomously execute complex cyber‑attack sequences. The European Parliament’s internal market committee has summoned Anthropic for a hearing, while the European Commission has received detailed briefings on the model’s capabilities. These developments illustrate how the AI Act’s systemic‑risk provisions can be leveraged to address emerging threats, giving regulators a legal foothold to demand transparency, risk assessments, and possibly pre‑deployment oversight for frontier models that could be weaponised.

Beyond industry, the Act’s ripple effects are felt in academia and civil society. Universities risk having to overhaul AI‑assisted assessment tools to meet transparency and data‑quality standards, a challenge amplified by the lack of clear guidance from the AI Office. Simultaneously, 35 organisations have warned that the still‑unestablished Advisory Forum leaves civil‑society voices out of critical rule‑making discussions. Tools like the new AI Act Explorer, now in beta, aim to demystify the legislation for stakeholders, but meaningful participation will depend on the EU delivering on its promised institutional mechanisms. Together, these dynamics shape a regulatory environment where compliance, security, and inclusive governance are increasingly intertwined.