Three developments defined AI regulation this week. Europe's second attempt to reform the AI Act's compliance architecture collapsed after twelve hours of trilogue negotiations, leaving companies facing a legally binding August 2 high-risk AI deadline with no extension now in sight. Simultaneously, Colorado advanced SB 26-189 — a near-complete rewrite of the nation's most-watched state AI law — with fewer than nine days left in the legislative session. And in London, the UK's Technology Secretary explicitly framed AI as a national security issue while rejecting the EU's regulatory model entirely. The dominant trend: the delay era is ending. Enforcement is becoming real.
Get more from AI Weekly
More signal, less noise — pick your channels.
You're reading the weekly brief. Below are the other ways to follow the story — every channel free, easy to leave.
-
→ Explore 16 deep divesWeekly topic-specific newsletters: Generative AI, Machine Learning, AI in Business, Robotics, Frontier Research, Geopolitics, Healthcare, and more.Browse all 16 deep dives →
-
→ Breaking AI alertsWhen something major breaks (a $60B acquisition, a regulator's emergency meeting, a frontier model leak), alert subscribers know within hours. Typically 0-2 emails per day.Get breaking alerts →
-
→ AI News Today (live)Live dashboard updated as the scanner finds news: scored stories from the last 48 hours, weekly entity movers, and quarterly trend lines across 113 AI companies, people, and topics.Open AI News Today →
Watch & Listen First
-
IAPP YouTube — AI Act Omnibus Explainer Coverage — The IAPP's video team has been tracking every trilogue session; search their channel for their April 28–29 breakdown of why conformity assessment architecture — not the headline deadline — sank the deal. Essential for compliance professionals.
-
Future of Life Institute Podcast — FLI's recent episodes have directly addressed the state-versus-federal preemption standoff and the DOJ AI Litigation Task Force; relevant to anyone tracking the Colorado and California legislative battles this week.
-
Lawfare Podcast — Lawfare regularly publishes rapid-response episodes on AI governance; their coverage of the Take It Down Act's implementation mechanics and the UK national security framing from Liz Kendall's RUSI speech is worth queuing.
Key Takeaways
- The EU's August 2 high-risk AI deadline is now the operative date. The Omnibus extension collapsed; companies cannot rely on a deferral to December 2027. Conformity assessments, CE marking, and registration in the EU database must be complete by August 2.
- Colorado's AI law is being rewritten in real time, but the clock is running out. SB 26-189 must clear committee and the full legislature before May 13. If it fails, SB 24-205 — currently subject to an AG enforcement suspension — remains on the books.
- The UK is explicitly not building an EU-equivalent framework. Tech Secretary Liz Kendall's April 28 RUSI speech signals the UK will pursue standards-setting through allied networks rather than statutory mandates — a meaningful fork for international compliance teams.
- May 19 is an active federal deadline. Platforms hosting user-generated content must have Take It Down Act notice-and-takedown systems operational. The 48-hour removal window is mandatory; FTC enforcement begins the day after.
- China's humanlike AI rules take effect July 15. Four ministries finalized mandatory AI identity disclosure and psychological monitoring requirements for AI companion and chatbot platforms — affecting any global product serving Chinese users.
The Big Story
EU AI Act Omnibus Trilogue Collapses, Leaving August High-Risk Deadline Intact · April 28–29, 2026 · IAPP · The Next Web · Bird & Bird
-> After approximately twelve hours of negotiations between Parliament, the Council, and the Commission, the second political trilogue on the Digital AI Omnibus broke down — not over the headline proposal to defer the August 2, 2026 high-risk compliance date to December 2027, but over the narrower question of conformity assessment architecture for AI systems embedded in Annex I, Section A products. The proposed deferral that thousands of companies had been quietly depending on now has no legal force. The operative obligations — finalized conformity assessments, CE marking, technical documentation, and registration in the EU database — remain due August 2, 96 days out. A follow-up trilogue is scheduled for approximately May 13; if no deal is reached before July 1, Lithuania assumes the Council presidency and negotiations restart under new leadership. Compliance and legal teams should immediately assume the August deadline is real and plan accordingly, while maintaining scenario models for a last-minute Omnibus agreement that could still shift timelines.
Also This Week
Colorado Advances SB 26-189: A Near-Total Rewrite of the Nation's Landmark AI Consumer Law · May 4, 2026 · Colorado Newsline · CPR News
-> The bill replaces SB 24-205's broad "algorithmic discrimination" language with a narrower "automated decision-making technology" scope, eliminates the requirement to explain AI system logic, and pushes the compliance start date from June 2026 to January 2027 — but it must survive a Senate committee and full vote before the May 13 session close or the original law, currently under an AG enforcement suspension, reverts as the controlling statute.
UK Frames AI as National Security; Rejects EU Regulatory Architecture · April 28–29, 2026 · GOV.UK · Bird & Bird
-> Technology Secretary Liz Kendall's RUSI speech announced UK leadership of the international AI Security Institutes network and a sovereign AI hardware plan, while explicitly positioning UK governance as a "pro-innovation standards" alternative to EU regulation — a meaningful signal for companies choosing where to domicile compliance programs.
China Finalizes Humanlike AI Interaction Rules; Effective July 15 · April 10, 2026 (finalized) · Mayer Brown · Geopolitechs
-> Four Chinese ministries finalized mandatory AI identity disclosure, "core socialist values" alignment, and psychological-risk monitoring requirements for any AI simulating human personality or emotional interaction — affecting every global chatbot and companion AI platform with Chinese users, effective in 71 days.
California Governor Newsom Signs EO N-5-26: AI Vendor Certification for State Procurement · Late April 2026 · Ropes & Gray · Morgan Lewis
-> Any vendor supplying AI systems to California state agencies must now meet certification standards — a procurement compliance layer that often foreshadows broader statutory requirements and which gives California leverage over AI vendors without waiting for legislative action.
OpenAI Ordered to Produce 20 Million ChatGPT Conversation Logs in Copyright Litigation · 2026 · ABA Journal · Bloomberg Law
-> A court rejected OpenAI's privacy objections, compelling production of conversation logs relevant to pending copyright cases — a discovery ruling with significant implications for AI companies' data retention policies and litigation exposure across multiple active suits.
Deadlines & Compliance
- May 13, 2026: Colorado's 120-day legislative session closes — SB 26-189 must pass both chambers or die; simultaneously, the second EU AI Act Omnibus trilogue attempt is expected, which could still rescue the December 2027 deferral
- May 19, 2026: Take It Down Act — all covered platforms must have NCII and deepfake notice-and-takedown systems operational; 48-hour removal window begins; FTC enforcement authority active (Pub. L. No. 119-9)
- July 15, 2026: China Interim Measures for Humanlike AI Interaction Services effective for all covered platforms serving Chinese users
- August 2, 2026: EU AI Act — high-risk AI conformity assessments, CE marking, technical documentation, and EU database registration due; prohibited AI systems (real-time biometric ID, social scoring) enforcement also begins; fines up to €35M or 7% global revenue
- January 1, 2027: Colorado ADMT compliance start date under SB 26-189 (if enacted); Illinois AI hiring disclosure has been in effect since January 2026 — ensure records retention is current
Worth Reading
-
U.S. Companies Face EU AI Act's Possible August 2026 Compliance Deadline — Holland & Knight's step-by-step breakdown of what conformity assessment actually requires under Articles 43–49, written for US legal teams unfamiliar with CE marking mechanics.
-
AI in Litigation Series: An Update on AI Copyright Cases in 2026 — Norton Rose Fulbright's tracker covers Thomson Reuters v. Ross (Third Circuit appeal), GEMA v. OpenAI (Germany), and the growing discovery obligations AI companies now face — essential reading for any GC managing IP exposure.
-
2026 State AI Laws – Where Are They Now? — Cooley's April 24 roundup maps the fragmented state landscape across employment, chatbot disclosure, deepfake, and healthcare AI — the most useful single-page jurisdictional matrix currently available.
The deadline era has arrived: the question is no longer whether AI will be regulated, but whether your legal team has 96 days to be ready for Brussels.