News

The EU AI Act Delay Is No Stoplight for CIOs

With fines reaching €35 million and an AI-use compliance framework that applies globally, experts say digital leaders must treat the December 2027 enforcement extension with alacrity.
  • Article:News
  • Key Play:Enterprise AI
  • Nutanix-Newsroom:Article

July 15, 2026

Artificial intelligence (AI) regulations are taking shape that will impact enterprises and organizations worldwide. Among the first taking shape is the European Union (EU) AI Act, created in 2024 to catch high-risk systems before they reach the market. Enforcement of the regulations recently moved from August 2026 to December 2027 for stand-alone IT systems and August 2028 for those built into products, but experts warn that the extension is not a reprieve for CEOs and CIOs. With fines reaching €35 million and the act's reach extending well beyond European borders, IT organizations know the compliance clock is ticking.

The delay was predictable, according to Nader Henein, vice president of research at Gartner. 

"The delay is not surprising as the regulators are not ready, so even if the enforcement had come into effect, no enforcement would have happened," Henein, an expert on AI regulation, told The Forecast.

That lack of preparedness reflects how new the AI regulatory landscape remains. The EU's General Data Protection Regulation (GDPR) is widely seen as a predecessor to the AI Act, but Henein draws a sharp distinction between the two. 

"GDPR was not the first iteration of privacy regulations in Europe; there was a directive dating back to 1995, so there was a lot of guidance material available and existing regulations. GDPR came in and organized all of that,” he said. “The EU AI Act has none of this existing infrastructure."

A survey of CIOs conducted for this article found that 18% believe the shifting deadlines are negatively disruptive. The delay gives 27 member states and their business communities more time to prepare. More time, but no less urgency.

EU Not Alone​

Europe is not alone in drafting AI regulation. Henein said there is growing discussion of a federal AI law in the United States, though he does not expect anything to emerge before the midterm elections in November. Several U.S. states already have their own rules in place. He argues Europe deserves credit for what it has achieved

"The fact that the EU has a piece of legislation for 27 countries is nigh on a miracle," he said.

Related Agent Gateway Enforces AI Token and Traffic Control
AI agents are multiplying and IT governance will need to keep pace in order to manage chaos, cost and data security. Nutanix experts describe a new kind of gatekeeper stepping into the breach, bringing speed to builders and control to enterprise IT teams.
  • Article:Technology
  • Key Play:Enterprise AI
  • Nutanix-Newsroom:Article

June 25, 2026

For now, the EU AI Act remains the only general AI legislation of its kind, the Gartner analyst said, noting there are also sectoral and regional regulations that CIOs will need to track.

Being EU AI Act Compliant

​The EU AI Act establishes three risk categories for AI use: unacceptable risk, high risk and limited risk. AI training specialist Alex Issakova cautions that business and technology leaders outside the EU are not off the hook. 

"The Act is far-reaching, covering businesses that are in the EU, but it also applies if the output of your business is seen or used in the EU," she said in a tutorial by Huckr AI.

That means leaders worldwide must understand what the EU classifies as unacceptable AI, those uses that are banned outright. Prohibited applications include emotional targeting in workplaces and educational settings. AI cannot be used to monitor whether students are paying attention, nor can employers use it to analyze workforce emotions. Social scoring via AI is banned outright, as is public surveillance using closed-circuit television in conjunction with AI.

Related Shaping Data Sovereignty Strategies that Scale
Telekom Deutschland CTO of Cloud and Infrastructure Andreas Eisenreich helps IT teams create high-level digital and data sovereignty strategies. In an interview with The Forecast, he explains how IT teams can scale capabilities while complying with regulations without losing control over their data, operations and free will.
  • Article:Business
  • Key Play:Thought Leadership
  • Nutanix-Newsroom:Article
  • Use Cases:AI ML, Digital Sovereignty, Hybrid Multicloud

February 25, 2026

Companies can use AI to screen candidate CVs, but the EU classifies this as a high-risk application, requiring firms to maintain strong oversight of any screening process. Beginning in August 2026, businesses that use AI to create content or operate an AI chatbot must inform customers that AI has been involved. AI-generated content will need to carry a watermark, bringing it to the same standard of transparency seen in broadcasting, where using library footage requires an on-screen label indicating archive material is in use.

Despite the enforcement delay, Henein remained emphatic about moving towards compliance. 

"CIOs should definitely not take their foot off the gas, as the EU Act is not the only game in town, and between now and December 2027, more will happen,” Henein said. 

“If you are the CIO of a multi-national organization, you are going to want to put in place governance that factors in the EU AI Act and is ready to ingest other requirements." 

More than a third (36%) of the CIOs surveyed for this article have not yet begun assessing their ability to comply.

Changing Landscape

For two years, the EU has expressed concern that, despite being home to enterprise tech companies such as SAP and chipmaking tool manufacturer ASML, it is falling behind the U.S. and China on competitiveness. Former Italian Prime Minister Mario Draghi penned "The Future of European Competitiveness" for the European Commission, which called for a boost in innovation and technology adoption across the region.

That tension was compounded by sluggish growth in the EU’s biggest economies, creating friction around the AI Act. The Digital Omnibus aimed to simplify a set of tech regulations and allow EU companies to keep pace with their U.S. and Asian competitors. 

"Big Tech is probably popping champagne,” Dutch lawmaker Kim van Sparrentak told Reuters. “While European companies that care about safety and did their homework now face regulatory chaos." 

Privacy and civil rights groups across Europe expressed concern that the Omnibus changes had "caved" to the demands of AI firms. But Henein pushed back on the idea that regulation and innovation are at odds. 

"Nothing in the EU AI Act will hinder innovation in any way; in fact, there are surveys that show the biggest hindrance to AI adoption is the lack of regulation," he told The Forecast. 

He sees uncertainty itself as a barrier. 

"It helps if you know which side is up before you start investing," he said. 

Even so, 27% of the CIOs surveyed for this article believe the AI Act will slow innovation.

What Must Be Done​

The EU AI Act cannot be ignored. Failure to comply carries fines of €35 million or 7% of global turnover. Meeting the regulations requires addressing both technology and change management.

On the technology side, firms need to map their application programming interface (API) integrations with AI tools. That task is harder than it sounds. Many employees have experimented, sometimes at the organization's own encouragement, with a wide range of AI tools. Already labeled shadow AI by some in the technology community, unsanctioned tools create a real risk: AI not approved by the CIO or CTO could leak customer data.

Related AI Sparks Rise in Shadow IT
The 2026 Enterprise Cloud Index shows 79% of IT leaders encounter unauthorized AI deployments, and this familiar pattern of Shadow IT puts them at risk.
  • Article:Business
  • Key Play:Enterprise AI, Hybrid Cloud, Thought Leadership
  • Nutanix-Newsroom:Article
  • Products:Nutanix Enterprise AI (NAI)
  • Use Cases:Security

March 19, 2026

Business and technology leaders worry about poor documentation of integrations, uncertainty about where data resides once it enters an AI system and a limited ability to analyze AI behavior and outputs. These are the same challenges they face in developing and deploying agentic AI, systems that operate autonomously and carry the deterministic power to make decisions without human intervention. As a result, an inventory and management system is becoming essential, and observability tools are fast becoming a CIO priority.

Alongside the technology requirements, CIOs must demonstrate ongoing staff training to what Issakova describes as a "significant level of AI literacy." She said many organizations that have made headlines for AI failures could have avoided them had their teams truly understood AI's strengths and weaknesses. 

"The EU has left a lot of flexibility as to what good training looks like, but they are specific about what bad training looks like. For example, if you are just telling staff to read the instructions, or do some generic training, that is not good enough," she said.

Henein agrees. 

"It is critically important in how you train your employees," he said. “I tell clients the use of generative AI is dependent on the question the user asks, and the Act hinges on the intended use of AI, so you have to train your people to ask the right questions and avoid the dangerous ones.”

Related Data Sovereignty Drives Business Decisions
Why CIOs must evolve strategies for managing the location and accessibility of enterprise data.
  • Article:Business
  • Nutanix-Newsroom:Article

April 14, 2025

Issakova said organizations need to provide a basic level of training to everyone in the organization, including contractors, then tailor further training to specific business lines, their workflows and the impact on the customer. 

"I find that companies with good AI adoption have leaders who are really plugged into what it means; they are trained, and this helps cascade that training down through the business," she said.

Training should focus on the AI tools the organization actually uses, not abstract versions of the technology, according to Issakova. 

"It should also be continuous and not an annual box-ticking exercise as AI is moving so quickly, so training must reflect this," she said. 

As with technology requirements, AI training also requires thorough documentation to satisfy regulators.

There is often a knee-jerk reaction that regulation will strangle business, and, if poorly implemented, it can. Good regulation can be the catalyst for innovation. AI represents as significant a shift in how communities work, communicate, trade and create as the internet has been. 

With thoughtful governance, all can thrive. As Issakova points out, the EU AI Act requires organizations to invest in training — businesses are already paying for the technology but not realizing its full potential. An investment in AI literacy meets the needs of both regulators and shareholders alike.

Related articles:

Is Your AI Data and Infrastructure Audit Ready?

The Myth of the Sovereign Datacenter: Why Geography Is Not a Strategy

Self-Regulation Is Key to Future of Ethical Enterprise AI

Steps to a Successful AI and Cloud Governance Strategy

Ungoverned AI Can Cause Harm: Effective AI Governance for Organizations

Mark Chillingworth writes about leaders in business and technology. He’s a regular contributor to Digimonica. Find him on LinkedIn.

© 2026 Nutanix, Inc. All rights reserved. For additional information and important legal disclaimers, please go here.

Related Articles