From 2 August 2026, Article 50 of the AI Act imposes transparency duties on companies for content created with the involvement of artificial intelligence. In short: a chatbot has to admit it is AI, generated graphics, audio and video must be machine-marked, and deepfakes and some text require a human-readable disclosure. This applies to every company publishing such content on the EU market, not only to model providers. This guide explains when the obligation actually arises, when editorial review lifts it, and how to set up a process before the deadline becomes a problem.
The legal basis is Regulation (EU) 2024/1689, commonly known as the AI Act. It entered into force on 1 August 2024, but its individual parts apply in stages. The transparency obligations under Article 50, meaning everything discussed here, start to apply on 2 August 2026. This is not some distant abstraction for corporate legal departments. If you run media, an agency, a shop with a chatbot, or you simply drop generator graphics onto a website, this article concerns your everyday work.
It is worth defusing two extremes that circulate around the market straight away. The first: “the AI Act will ban AI content.” It does not. Article 50 prohibits nothing; it only requires you to be transparent. The second: “it is enough to add made with AI in the footer.” Also untrue, because in many cases a visible note alone, without the technical layer, does not meet the requirement. The truth lies in between and is more workable than the panic suggests, but more demanding than a shrug suggests.
What Article 50 of the AI Act says
Article 50 splits the world into two roles, and that distinction decides what you have to do. A provider is whoever creates or makes an AI system available. A deployer is whoever uses the system and publishes the output. A single company is often in both roles at once, for example when it has built its own generator and publishes its outputs itself.
The four paragraphs of Article 50 distribute the obligations like this:
| Paragraph | Who it concerns | Obligation |
|---|---|---|
| Art. 50(1) | Provider | An AI system that talks to people (a chatbot) must inform them that they are dealing with AI, unless this is obvious from the context. |
| Art. 50(2) | Provider | A system generating synthetic audio, image, video or text must mark the output in a machine-readable format, detectable as artificially generated or manipulated; the solution must be effective, interoperable, robust and reliable as far as is technically feasible. |
| Art. 50(3) | Deployer | Anyone deploying an emotion recognition or biometric categorisation system must inform the people exposed to it. |
| Art. 50(4) | Deployer | Anyone who generates or manipulates a deepfake (image, audio, video) must disclose that the content is artificially generated or manipulated; anyone who generates or manipulates text published to inform the public on matters of public interest must also disclose this, unless the content has undergone human review or editorial control and someone holds editorial responsibility. |
The most common mistake in companies is thinking that because they did not build the model, it does not concern them. It does. Paragraph 4 speaks directly about the deployer, that is, about you, when you take a graphic from a generator and put it on a client’s site. The machine-marking duty under paragraph 2 sits with the model provider, but the duty to disclose a deepfake and informational text sits with whoever publishes.
When you MUST label and when you do not
This is the crux, because the law does not treat all content the same. The dividing line runs between visual and audio media and text, and between free-form text and text under editorial control.
For image, audio and video the rule is firm. If the content is artificially generated or manipulated in a way that creates an impression of authenticity (a deepfake), the deployer must disclose it. There is no convenient editorial exemption here like the one known from text. The only softening concerns clearly artistic or satirical works, where the disclosure should be made in a way that does not spoil the experience of the work.
For text there is an important exemption. Text published to inform the public on matters of public interest requires disclosure, but not when it has undergone human review or editorial control and a natural or legal person holds editorial responsibility for it. This is the loophole for newsrooms and for anyone who has a real content-approval process, rather than publishing raw model output straight to the site.
| Content type | Situation | Label for humans? |
|---|---|---|
| AI graphic | Realistic photo of a person, place, event (deepfake) | Yes, disclosure required |
| AI graphic | Clearly illustrative, abstract, not posing as reality | Usually not as a deepfake, but good practice to label |
| AI video or audio | Synthetic voice-over, avatar, cloned voice | Yes, disclosure required |
| AI text | Article informing the public, no editorial review | Yes, disclosure required |
| AI text | The same article after review and with editorial responsibility | No, the editorial exemption applies |
| AI text | Product description, internal note, non-informational content | Outside the scope of the disclosure duty |
| Chatbot | An assistant talking to a customer | Yes, must inform that it is AI |
| Minor AI edit | Proofreading, style improvement that does not change the meaning | Generally out of scope |
The boundary of the “minor edit” is in practice the most important one for agencies and marketers. If AI fixes punctuation or trims a paragraph without changing the meaning and context, that is an assistive edit that usually does not trigger the obligation. If AI creates the whole narrative, fabricates a statement or generates a photorealistic image of an event that did not happen, you are on the other side of the line.
Two layers of labelling
The most important thing to remember: compliance is not a single gesture but two layers. You can have one without the other and still be non-compliant.
The first layer, the machine layer, follows from paragraph 2. The AI output has to carry a signal that a machine will detect: that the content is artificially generated or manipulated. In practice this is done today in three ways, often combined. C2PA Content Credentials is an open provenance standard that attaches a cryptographically signed manifest with the history of origin to the file. A watermark, visible or invisible, woven into the pixels or the audio samples. Metadata, that is fields written into the file itself. The regulation requires the solution to be effective, interoperable, robust and reliable as far as is technically feasible, so easily removable metadata alone is a weak choice.
The second layer, the human layer, follows from paragraph 4. It is a clear piece of information that a person will see and understand: a note under a graphic, a label next to an article, a chatbot’s greeting line. Here we return to the myth from the introduction. A small visible note “made with AI” may not be enough on its own, because it does not replace the machine layer from paragraph 2. And the other way round, a technical watermark invisible to the reader does not satisfy the disclosure duty from paragraph 4 where that duty applies. You need both, matched to the content type.
A technical trap that catches practitioners off guard: the publishing pipeline can destroy the machine layer. Image optimisation, conversion to AVIF, running a file through a CDN or the media library in a CMS often strips metadata and C2PA manifests. If you upload a labelled file and a system along the way strips the metadata, the labelling disappears and you are back to square one without knowing it.
How to roll this out step by step
The three most common contexts in which this lands on a marketer’s or agency’s desk are social media, the website and marketing materials. The process is similar for each, but the details differ.
On social media, platforms increasingly have their own AI disclosure mechanisms, and some of them read C2PA and add a label automatically. That does not release you from responsibility, but it makes the human layer easier. The practical move: mark the file with C2PA at the source, before it reaches the platform, and switch on the available “AI-generated content” toggles when you publish. Do not rely solely on the platform detecting it, because compression on upload can be aggressive.
On your own website you have full control and full responsibility. This is where an agency genuinely helps a client: designing a label component next to graphics and video, adding a disclaimer to the chatbot, and making sure in the CMS that the image pipeline does not strip provenance data or that the label is appended independently of the metadata. For a blog with an editorial process, documenting that process is crucial, because it is what triggers the exemption under paragraph 4.
In marketing materials (ads, presentations, sales content), approach it by risk. A photorealistic likeness of a person, a synthetic voice in a spot, a presenter avatar are high-risk cases requiring disclosure. An abstract background graphic or an icon is a low-risk case. Build a simple checklist for the team to run through before publishing, rather than deciding each case from scratch.
A concrete minimal process looks like this: inventory AI usage, map the content type to the requirement, turn on the machine layer at the source, add a human-readable note where needed, and a decision log with a person who holds editorial responsibility. You will find the full version of these five steps in the instructions section of this article.
The most common pitfalls
First: confusing the roles. A company assumes that because it did not train the model, Article 50 does not concern it. As a deployer publishing a deepfake or informational text you are subject to the obligation, regardless of whose model generated the content.
Second: the human layer without the machine one, or the other way round. A note under a photo alone does not replace the marking from paragraph 2, and an invisible watermark alone does not replace the clear disclosure from paragraph 4 where it applies.
Third: a pipeline that wipes metadata. You label a file, and the CMS, compression or CDN strips the provenance on publication. You have to test this on the real, published version of the file, not on the local one.
Fourth: overzealousness with minor edits. Labelling every punctuation fix as “AI content” dilutes the signal and tires the audience. An assistive edit that does not change the meaning is usually out of scope.
Fifth: treating the editorial exemption as automatic. The text exemption only works when human review genuinely exists and someone holds editorial responsibility. Without a documented process it is hard to invoke.
What about Poland and enforcement
Caution is needed here. Poland is designating a national market surveillance authority for the AI Act, but at the time of publication the final shape and name of that body should be treated as a work in progress rather than a settled fact. What is certain is that enforcement will be national, and the sanctions follow directly from the regulation, so they do not wait for a Polish act to have force.
The scale of the penalties is striking. Breaches of Article 50 fall under Article 99 and can reach up to 15 million euros or 3 percent of total worldwide annual turnover, whichever is higher. This is deliberately the lower tier in the regulation, because prohibited practices are punished more severely, up to 35 million euros or 7 percent of turnover. For a small company the real risk is not the upper ceiling, but the fact that the obligation exists and there is no process.
There is also a moving part. The European Commission, together with the AI Office, is finalising a code of practice and guidelines on the marking and detection of AI content. They will fill in the technical details, for example which specific marking methods are considered robust enough. That is why it is worth building the process flexibly, ready to be refined, rather than set in concrete around a single solution.
What to do today
Do not wait until 2 August 2026, because rolling out two layers takes more than a week, and testing the pipeline for metadata stripping can reveal surprises. Start with an inventory: list every place where AI touches your content, and assign the provider or deployer role. Then map the content type to the requirement using the table above. Next, turn on the machine layer at the source and a clear note where it applies. Finally, write down the process and designate the person with editorial responsibility, because that is what triggers the exemption for text.
The cheapest move today is two documents: a short pre-publication checklist and a decision log. The most expensive mistake is assuming this does not concern you because you did not build the model. Transparency is also an advantage. Clear labelling builds audience trust, and in a world flooded with synthetic content a brand that plays with its cards on the table stands out positively.
If you want us to go through this with you, we run an AI usage audit and implement a labelling process for sites, shops and newsrooms: inventory, the machine layer in the publishing pipeline, disclosure components and editorial policy. Get in touch and we will prepare an individual quote tailored to your stack and publishing scale.
Last verification of legal facts: 2 June 2026.
