Actionable Regulatory Intelligence

Today's Focus: AI Governance

The Cypriot Council Presidency's second trilogue on the EU Digital Omnibus on AI collapsed on 28 April 2026 after 12 hours of talks, with no political agreement on whether high-risk AI systems embedded in regulated products should be exempted from the AI Act. Negotiators had broadly converged on postponement dates — 2 December 2027 for stand-alone Annex III high-risk and 2 August 2028 for Annex I-embedded systems — but none of those dates have any legal effect until the Omnibus is published in the Official Journal. That means the 2 August 2026 Annex III deadline (95 days from today) remains the binding date. Compounding the squeeze: only 8 of 27 EU Member States have designated the Article 70 single point of contact, a deadline that already passed on 2 August 2025. The next trilogue is expected around mid-May 2026.

Sources: European Parliament Legislative Train · Implicator.ai · Holland & Knight client alert

🇨🇳 China's CAC names ByteDance apps in first public AI-labeling enforcement. On 28 April the Cyberspace Administration of China announced its first publicly-named action under the Measures for Labeling AI-Generated Content (in force since 1 September 2025) and mandatory standard GB 45438-2025, citing CapCut, Maoxiang ("Cat Box") and Dreamina AI — all ByteDance properties — for failing to apply explicit and implicit AI-content labels. Penalties announced: regulatory inquiries, rectification orders, formal warnings, and personal sanctions on responsible individuals. CAC said there is "no room for compromise or circumvention." If you ship synthetic-content tools to Chinese users, audit your labels against GB 45438-2025 today. Xinhua · TechNode

🇺🇸 US states diverge: Florida punts, Connecticut presses ahead. On the opening day of Florida's special session, House Speaker Daniel Perez (R) announced the House would not consider Governor DeSantis' AI Bill of Rights — which would have banned companion chatbots for minors and restricted AI in K-12 — saying he prefers to "defer to the federal government." Meanwhile, the Connecticut Senate passed SB 5 (the Maroney AI / Online Safety Act) 32-4 on 21 April, a 64-page, 37-section bill covering companion chatbots, automated hiring tools, frontier-model safety, and synthetic-content labeling. SB 5 now moves to the CT House. Net effect: federal preemption is being cited to kill state AI bills and to pass them — read each state's statute on its own terms. Florida Phoenix · CT Mirror

Colorado AI Act (SB24-205) — 30 June 2026 (62 days). With the Colorado General Assembly on track to adjourn 8 May without further amending the statute, the risk-management, impact-assessment and consumer-notice obligations for "high-risk" AI making consequential decisions go live in 62 days. The Colorado AG enforces, with a 60-day cure period before action. coag.gov AI page · SB24-205

Treat 2 August 2026 as the binding EU AI Act Annex III deadline and resume your high-risk AI inventory work as if no postponement is coming. The Omnibus may yet pass in May, but until it lands in the OJEU, the original date stands — and member-state SPOC gaps mean enforcement risk will concentrate where SPOCs are designated (Spain's AESIA, Italy's AgID/AGCOM).

Thursday is our CyberEyeQ Weekly edition — the cross-domain wrap on the week's most actionable regulatory moves.

CyberEyeQ — Actionable Regulatory Intelligence
Questions or feedback: [email protected]