If your company generates AI images, audio, video, or text for EU users, you have 70 days to get Article 50 compliance in place. The GPAI Code of Practice finalizes in June 2026 with watermarking technical standards. Enforcement starts August 2, 2026.
Article 50 is often confused with the GPAI obligations. They are different. GPAI obligations apply to model developers. Article 50 applies to deployers: the companies that put AI systems in front of users. If you use an AI image generator to create marketing content for EU customers, Article 50 applies to you, even if you never trained a model in your life.
TL;DR: Article 50 requires four disclosures: AI-generated content must be labeled, deepfakes must be marked, emotion recognition and biometric categorization systems must disclose themselves to subjects, and chatbots must reveal they are not human when asked. Obligations fall on deployers. Enforcement starts August 2, 2026. Fines up to 15 million EUR or 3% of global turnover.
The four Article 50 obligations
Obligation 1: Label AI-generated content
Any deployer that uses an AI system to generate or substantially manipulate images, audio, video, or text in a way that could be mistaken for real content must ensure that output is labeled as AI-generated.
What counts as "substantially manipulated": altering a person's voice, image, or likeness using AI; generating a realistic image of a real location, event, or person that did not happen; creating synthetic video of a real person.
What does not require labeling (generally): content that is obviously AI-generated from context (clearly stylized art), content used in explicitly fictional contexts (a film with disclosed AI effects), content that is not presented to humans at all (AI processing of internal data).
The label must be machine-readable as well as human-readable if technically feasible. The GPAI Code of Practice finalizing in June 2026 specifies C2PA as an acceptable machine-readable standard for images and video.
Obligation 2: Mark deepfakes
Deepfake content (AI-generated or manipulated audio or video that portrays a real person doing or saying something they did not do or say) must be explicitly marked as deepfake content.
The marking must be unambiguous and visible to the person consuming the content. It cannot be buried in fine print or metadata only.
Exemptions apply for satire, parody, and artistic purposes where context makes the artificial nature clear. The exemption is narrow: a satirical deepfake of a politician must be clearly understood as satire from context, not just labeled somewhere users will not see it.
Non-consensual intimate deepfakes are subject to separate national laws and, in many EU member states, criminal liability. Article 50 marking requirements apply on top of, not instead of, those laws.
Obligation 3: Disclose emotion recognition and biometric categorization
AI systems that categorize individuals based on biometric data (facial analysis, gait analysis, voice analysis) or that attempt to infer emotional states must inform the subjects that they are being processed.
This applies to:
- Hiring tools that analyze video interviews for emotional or behavioral signals
- Retail analytics tools that analyze customer facial expressions
- Security systems that infer behavioral anomalies from biometric data
- Any HR tool that uses AI to analyze employee emotional states
The disclosure must happen before or during the processing, not after.
Obligation 4: Chatbot disclosure
AI systems designed to interact with humans must disclose they are not human when asked. The disclosure requirement is triggered by a direct question from the user, not by every interaction.
The disclosure must be clear. "I am Claude" is not enough if it does not make clear the system is artificial. "I am an AI assistant, not a human" is sufficient.
There is no requirement for AI systems to proactively disclose their nature on every interaction, only when asked. But deployers may not configure AI systems to deny being artificial when asked.
Does Article 50 apply to you?
Use this decision table:
| If your company... | Article 50 applies? |
|---|---|
| Generates AI images for marketing shown to EU consumers | Yes (Obligation 1) |
| Runs an AI chatbot for EU customer support | Yes (Obligation 4) |
| Uses AI video dubbing or voice cloning with real people's voices | Yes (Obligation 2, if presenting as real) |
| Uses AI to analyze emotional signals in job interviews | Yes (Obligation 3) |
| Uses AI internally to analyze internal documents (not shown to users) | No |
| Uses AI code generation tools for internal development | No |
| Offers an AI product to EU businesses (not consumers) | Possibly yes, if EU business employees interact with the AI system |
| Develops a GPAI model and provides API access to others | Different obligation set (GPAI provisions + must enable watermarking for deployers) |
If you are a GPAI model provider (not a deployer), your obligations come from Articles 53-55 and the Code of Practice, not from Article 50. But you must technically enable the watermarking that deployers need to meet their Article 50 obligations.
Technical standards for watermarking
The EU AI Act does not mandate a specific watermarking standard, but the GPAI Code of Practice finalizing in June 2026 names acceptable approaches:
For images and video: C2PA (Coalition for Content Provenance and Authenticity) C2PA attaches a cryptographically signed manifest to the content recording its provenance. Major AI image generators (Adobe Firefly, Stable Diffusion via certification programs) already support C2PA. Verify your provider supports it.
For audio: Similar manifest-based approaches The C2PA standard is being extended to audio. Voice cloning tools are the primary target. If your product uses AI voice generation or cloning, check whether your provider supports C2PA audio manifests.
For text: Statistical watermarking (interim) Text watermarking is technically harder than image watermarking. The Code of Practice allows providers to use statistical watermarking methods (modifying token selection in ways that are detectable by the provider but invisible to users) as an interim approach while technical standards mature.
Practical reality: Most of the watermarking obligation falls on GPAI providers, not deployers. A deployer using an AI image generator that already implements C2PA can pass through that watermark to users. If your AI provider does not support machine-readable watermarking, you may need to add visible human-readable labels manually.
8-step compliance checklist
Work through these steps before August 2, 2026:
Step 1: Inventory your AI systems that interact with EU users List every AI system your company deploys that EU users interact with or that generates content shown to EU users. Note which obligation applies to each (Obligations 1-4).
Step 2: Check whether your AI providers support C2PA or equivalent For each AI image/video/audio generator you use, confirm whether it outputs C2PA manifests or equivalent machine-readable watermarks. If not, you need a manual labeling process.
Step 3: Add visible AI-generated content labels to your UI For content shown to EU users that is AI-generated, add a visible label ("Generated by AI" or equivalent). The label must be present when the content is consumed, not just at generation time.
Step 4: Review your chatbot configuration for denial-of-nature responses Check whether your customer-facing chatbots can tell users they are human. Disable any such response paths. Test with the direct question: "Are you an AI?"
Step 5: Review deepfake use cases If you use AI voice cloning, AI face synthesis, or AI video manipulation with real people's content, map each use to the satire exemption or add the required marking. Non-consensual intimate deepfakes have no exemption.
Step 6: Audit biometric and emotion recognition tools Review all HR and customer-facing tools that analyze video, audio, or images of people. Add pre-processing disclosures where Article 50 Obligation 3 applies.
Step 7: Update your privacy policy and terms of service Add a section on AI-generated content and disclosure practices. Reference the Article 50 obligations where relevant.
Step 8: Document your compliance approach Prepare written documentation of what you implemented for each obligation. The EU AI Office can request this documentation in an investigation. Having it ready in advance is significantly better than reconstructing it afterward.
What the exemptions actually cover
Three exemptions apply:
Law enforcement and national security: AI systems authorized by national law for law enforcement, national security, or defense purposes are exempt. This exemption is narrow and does not apply to commercial use.
Artistic, satire, and parody: Content that is clearly understood from context to be satirical, fictional, or artistic, with no intention of deceiving anyone about its nature. The content does not need a formal label if the context makes its artificial nature obvious. The exemption covers satire by publications and creators, not deepfakes of private individuals for entertainment.
Authorized testing: AI systems being tested by authorized parties for research, red teaming, or regulatory assessment purposes.
These exemptions are narrow. When in doubt, label.
