There’s a sigh of relief going around these days among the people who build software for healthcare. The Digital Omnibus was adopted in its final form at the end of June, and the AI Act’s obligations for high-risk systems slip to December 2, 2027, with a further tail in August 2028 for artificial intelligence embedded in already regulated products such as medical devices. The relief, it should be said, has serious arguments on its side. The Commission itself has implicitly admitted that the original timeline was not sustainable: the harmonised standards don’t exist yet, the classification guidelines arrived in draft form right up against the deadline, notified bodies are few, and the continent’s certification capacity would not have withstood the impact. Postponing was the rational thing to do, and whoever is recalibrating budgets accordingly is not doing anything irresponsible. They are reading a signal the legislator itself has sent.
The problem is that the signal says something different from what the market is reading into it. The postponement concerns a deadline. The relief concerns the pressure. And the hidden premise of the relief, the one nobody spells out because it seems obvious, is that the pressure came from the deadline. In healthcare software that premise is false, and it’s worth dismantling it calmly, because budget, roadmap and staffing decisions are being made on top of it these very weeks, and someone will come to regret them.
In this industry, the pressure comes from three different clocks. The Digital Omnibus has touched none of them.
The First Clock: Who Is Already Watching
The first clock is enforcement, and it reads: now. Anyone working in compliance knows this already, but it’s worth saying for the benefit of those watching the regulations from the bridge: the authority overseeing an artificial intelligence system that processes clinical data is not the AI Act’s authority, which will come into operation in a year and a half. It’s the Garante, Italy’s data protection authority, which has been applying the GDPR for eight years with proven tools, settled case law and a sanctioning power it has just shown it can use against players of the very first rank. And the Garante has spent the past few months saying with remarkable clarity where it is looking: it has publicly called on the healthcare sector to use data and artificial intelligence responsibly, and it has formally warned a startup over a system that claimed to detect employees’ emotions and stress levels. That second measure deserves a moment of attention, because emotion recognition in the workplace is one of the practices the AI Act bans. The authority did not wait for the ban to become actionable with the new regulation’s tools: it used the ones it already had. It’s a preview of how everything else will work. The two bodies of law are not sequential, with the second relieving the first; they overlap, and the older one already covers most of the ground the newer one will formalise tomorrow. A model that processes health data without a solid legal basis, without demonstrable minimisation, without transparency towards the people concerned is not a 2027 problem. It’s a problem for this quarter, with this quarter’s fines.
There’s a GDPR principle that makes this overlap particularly treacherous for anyone who has relaxed, and it’s accountability. Being compliant is not enough: you have to be able to prove it, at any moment, on request. Anyone who has been through an investigation knows that the difference between a proceeding that closes in a month and one that spirals lies almost entirely in the quality of the evidence you manage to produce in the first few weeks. And evidence brings us to the second clock.
The Second Clock: The One That Can’t Be Rewound
The second clock is engineering’s, and it has a property that regulatory calendars don’t: it cannot be rewound. The obligations slipping to 2027 look like paperwork, the kind of thing a willing organisation clears in a quarter of catch-up with a couple of good consultants. Looked at closely, they are something else. They are immutable logs that must exist from the system’s first day in operation, because a reconstructed log is not a log, it’s a testimony. They are the lineage of the training datasets: which data, from which source, under which legal basis, in which version, transformed by which pipeline. They are design decisions documented as they were made, not remembered years later by people who have since changed companies. They are the design of human oversight, which either lives in the system’s architecture or lives nowhere, because adding a human checkpoint to a decision flow already in production means redesigning the flow, not bolting on a form.
None of this can be recovered. Documentation produced after the fact is not documentation, it’s archaeology: you dig, you find a few artefacts, you invent the rest in the best possible faith. Anyone who has tried to reconstruct the data provenance of a model trained two years earlier knows the exact feeling: the people who knew have left, the scripts that generated the datasets have been rewritten, the intermediate buckets were cleaned up to save on storage, and what remains is a chain of plausible deductions nobody would sign in front of an inspector. Compliance debt behaves like technical debt, with an aggravating factor that makes it more dangerous: code can be refactored, the past cannot. A CTO can always decide to rewrite a badly built component. What a CTO cannot decide is to have logged what was never logged.
The Fixed Date Is Not a Gift
There’s also a detail in the story of this postponement that the sigh of relief has missed, and that anyone planning roadmaps should write down. In the Commission’s original proposal the new deadlines were conditional: the obligations would have applied six months after the confirmation that harmonised standards were available, with 2027 as a mere backstop. The negotiation removed the condition, and the dates are now fixed. It looks like a gift to those who postpone, and it’s the opposite. For two years the official justification for waiting was that you cannot comply with standards that don’t exist; with the dates decoupled from the standards, that justification is dead. And the standards are coming anyway: the draft classification guidelines have just closed their public consultation, the harmonised standards are expected well before the deadline, and every piece that gets published enters tender specifications and due diligence questionnaires the day after, without waiting for 2027. Planning an adaptation that starts in mid-2027 means betting you can absorb in six months a yardstick your competitors will have had eighteen months to metabolise. Maybe it works out. But building your regulatory position on that kind of bet is a strategy that has a name, and the name is not strategy.
The Third Clock: The Market Doesn’t Wait
The third clock is the market’s, and it’s the one I think gets underestimated the most, partly because it doesn’t appear in any official journal. While the AI Act’s obligations were slipping, everything else in the European regulatory picture stayed exactly where it was. The security measures under Italy’s NIS2 transposition come fully into force in the autumn, and from that moment the national cybersecurity agency can inspect. The Cyber Resilience Act’s vulnerability reporting obligations kick in in September, and they apply to products already on the market, not just future ones. And there’s a compliance step that went almost unnoticed and that changes the position of anyone selling software to hospitals, regions or large groups: NIS entities have just finished filing the list of their relevant suppliers with the authority. Whoever supplies platforms to those entities is now, formally, inside their risk perimeter. By name.
The practical consequence of this census is that requirements will travel down the supply chain by contract long before they travel by law. A hospital or a prime contractor that has to demonstrate the security of its supply chain in October will not wait for 2027 to ask suppliers for evidence, incident notification clauses, audit rights, vulnerability management processes. It is already asking, or it will at the first renewal. And here the CEO’s perspective becomes more interesting than the lawyer’s, because the supply chain’s enforcement mechanism doesn’t run on fines, it runs on replacements. The supplier who shows up at the table without a presentable technical file doesn’t get a fine, which can be contested, paid in instalments, entered into the books. They get a non-renewal, which has no appeal. The first real audit won’t be run by an authority: it will be run by a procurement office, and procurement offices grant no mitigating circumstances.
The Upside Nobody Prices In
The reverse holds too, and it’s the part that almost never makes it into discussions about the cost of compliance. In a market where most suppliers are reading the postponement as permission to slow down, the supplier who shows up with logs, lineage, documented decisions and a tested notification process is not demonstrating compliance: they are shortening the sales cycle. Every buyer question that closes with a link instead of a meeting is margin. Every due diligence that takes a week instead of two months is a deal that doesn’t go cold. Compliance built during development has an almost invisible cost, because it blends into the cost of doing things well; compliance built afterwards has a budget line with its own name on it, and between the two sits a gap that, at the system level, someone has estimated in the hundreds of thousands of euros for an SME starting from zero on high risk. But the number matters less than the shape of the curve: the cost of postponing doesn’t grow linearly with time, it grows with the volume of undocumented past that piles up. Every sprint without evidence is one more layer of sediment to dig through.
One Question, Three Rooms
If the three clocks converge on anything, it’s a single question, the same one for the three roles that usually split this problem without talking to each other. The compliance officer hears it from an authority: can you prove it? The CTO hears it in an architecture review: can we prove it? The CEO will hear it in a due diligence, the day the company goes looking for capital or a buyer, and in that room the wrong answer doesn’t produce a fine but a discount on the price. The question is identical because the European framework, underneath the acronyms, asks for one thing: evidence of diligence. The AI Act asks for it on models, the GDPR on data, the CRA on vulnerabilities, and the new product liability directive, which arrives in December and explicitly includes software, will ask for it in front of a civil judge. You can argue forever about which deadline slips and which doesn’t. The system’s direction is not in question, and the direction is this: the word of whoever builds software is worth less and less, and their archive is worth more and more.
The File or the Narrative
Seventeen months is exactly the time it takes to do this work without emergencies, inside normal development cycles, spreading it where it costs little. It’s also exactly the time it takes to convince yourself there’s still plenty left. The postponement didn’t move the work: it moved the excuse. Whoever starts now will arrive in December 2027 with a technical file that grew alongside the product. Whoever starts in mid-2027 will arrive with a narrative, and narratives, in front of an inspector, a procurement office or a fund running due diligence, have a terrible conversion rate.
Key takeaways
The postponement to December 2, 2027 concerns one AI Act deadline, not the regulatory pressure. In healthcare software the pressure comes from three different clocks (enforcement, engineering, the market) and the Digital Omnibus touched none of them.
The authority overseeing an AI system that processes clinical data today is not the AI Act’s: it’s the Garante, Italy’s data protection authority, which has applied the GDPR for eight years and has just formally warned a startup that detected employees’ emotions at work, with the tools it already has. The two bodies of law overlap; they are not sequential.
Immutable logs, dataset lineage, design decisions documented as they are made and human oversight designed into the architecture cannot be recovered after the fact. Documentation produced later is archaeology: code can be refactored, the past cannot.
The postponed dates are fixed: the original proposal tied them to the availability of harmonised standards, and the negotiation removed the condition. That kills the alibi of waiting for standards that don’t exist: the standards are coming before the deadline anyway, and each piece enters tender specifications and due diligence the day it’s published.
NIS2 and the CRA did not slip, and NIS entities have just filed the list of their relevant suppliers: requirements will travel down the supply chain by contract long before they travel by law. The supplier without evidence doesn’t get a fine, they get a non-renewal. And procurement offices grant no mitigating circumstances.
Questions & answers
What exactly did the Digital Omnibus postpone for healthcare software?
The AI Act’s obligations for high-risk systems slip to December 2, 2027, with a further tail in August 2028 for artificial intelligence embedded in already regulated products such as medical devices. The postponement has serious arguments on its side: the harmonised standards don’t exist yet, the classification guidelines arrived in draft form right up against the deadline, and notified bodies are few. But it concerns those deadlines only: everything else in the European regulatory picture stayed exactly where it was.
Why doesn't the AI Act postponement reduce the pressure on anyone processing clinical data?
Because the authority overseeing an AI system that processes clinical data today is not the AI Act’s, which will come into operation in a year and a half: it’s the Garante, Italy’s data protection authority, which has applied the GDPR for eight years. And the Garante has just formally warned a startup over a system that detected employees’ emotions, one of the practices the AI Act bans, using the tools it already has. The two bodies of law overlap; they are not sequential: a model that processes health data without a solid legal basis is not a 2027 problem, it’s a problem for this quarter.
Why can't compliance documentation be reconstructed after the fact?
Because the obligations that look like paperwork are actually properties of the system that must exist from its first day in operation: immutable logs (a reconstructed log is not a log, it’s a testimony), training dataset lineage, design decisions recorded as they are made, human oversight designed into the architecture. Anyone who has tried to reconstruct the data provenance of a model trained two years earlier knows it: the people who knew have left, the scripts have been rewritten, the intermediate buckets have been cleaned up. Compliance debt behaves like technical debt, with an aggravating factor: code can be refactored, the past cannot.
Is the December 2, 2027 deadline final?
Yes, and that is the most important difference from the Commission’s original proposal, where the obligations would have applied six months after the confirmation that harmonised standards were available, with 2027 as a mere backstop. The negotiation removed the condition: the dates are fixed. But calendar certainty is not permission to postpone. It kills the alibi of waiting for standards, and the standards are coming before the deadline anyway: the draft classification guidelines have already closed their public consultation and the harmonised standards are expected well before 2027. Each piece enters tender specifications and due diligence the day it’s published, without waiting for the application date.
What happens in the market while the AI Act obligations slip?
Everything else moves forward. The security measures under Italy’s NIS2 transposition come fully into force in the autumn, the CRA’s vulnerability reporting obligations kick in in September and also apply to products already on the market, and NIS entities have just filed the list of their relevant suppliers with the authority. Whoever supplies platforms to hospitals, regions or large groups is now formally inside their risk perimeter, and requirements will travel down the supply chain by contract: evidence, incident notification clauses, audit rights. Whoever shows up without a technical file doesn’t get a fine, they get a non-renewal.