The August 2 AI deadline you are bracing for just moved
The news: The EU AI Act's August 2 deadline is about to mean less than you think. Brussels just deferred the high-risk rules most enterprises were racing to meet.
Why it matters: The Digital Omnibus moved high-risk systems like hiring and credit scoring to December 2027. What still binds August 2 is narrow: transparency rules and new enforcement powers. The catch: that deferral is not final law, so it could shift again.
What to do: Before locking Q3 compliance spend, confirm with legal what truly applies August 2 versus what moved to 2027.
A competitive-intelligence app called Klue became the entry point for one of the year's quietest breaches. Attackers stole the OAuth tokens linking Klue to customer Salesforce, then pulled CRM records through the trusted connection. At least 13 firms confirmed data loss, including Huntress, Tanium, HackerOne, Snyk, LastPass, and OneTrust. The way in was a test credential Klue built and never switched off. The real lesson: audit dormant OAuth grants, since each is a door into your CRM you forgot you opened.
Your AI Vendors Are Now an Uptime Problem
The AI you wired into production is now failing like infrastructure. Microsoft started routing GitHub traffic to rival AWS in mid-June after AI coding agents broke its reliability limits. Copilot, ChatGPT, and Claude all logged serious outages this quarter, and disruption reports keep climbing. Most AI contracts still treat these tools as best-effort, so an outage that stops your work may breach no SLA. Check whether your AI agreements credit downtime, and stage a fallback for any agent in a critical path.
Watch This
Agent budgets meet their reckoning this fall. Gartner expects over 40% of agentic AI projects scrapped by 2027, and Q3 reviews are where the first cuts land. Survivors will carry a hard ROI number, so build that case before the review, not during it.
This week, DoGood network members are pulling forward two reviews at once: which AI obligations actually bind on August 2, and which third-party integrations still hold live tokens into their CRM. If you run IT or security at a $100M+ company, those are the two audits your peers are already staffing.
Know a CIO who needs this? Forward it and they can subscribe here.
Enterprise IT leader at a $100M+ company? Apply to join DoGood.