AI Transparency Is Now Law — What Your Chatbot, Marketing Content, and Employee Tools Must Display by August 2026

The Compliance Trigger Most Organizations Are Missing

When companies assess their EU AI Act exposure, they typically start with the high-risk classification framework: does the organization use AI in one of the listed high-risk categories — recruitment, critical infrastructure, law enforcement, credit scoring? If not, they conclude their compliance burden is minimal.

That conclusion is wrong for a third of all organizations — and it is wrong because of a provision that receives far less attention than the high-risk framework: Article 50, the EU AI Act's transparency obligations.

Data from the EU AI Act Compliance Checker — published in a May 14, 2026 analysis by the Future of Life Institute, which administers the most comprehensive independent EU AI Act guidance resource — shows that transparency obligations are the second most common compliance trigger across all organizations, after AI literacy requirements. They affect approximately 33% of all respondents, regardless of whether those organizations have any high-risk AI at all.

The obligations take effect on August 2, 2026 — the same day that enforcement powers for general-purpose AI model providers activate, and the same day that high-risk employment AI obligations become fully enforceable. For many organizations, Article 50 will be their primary compliance challenge this year.

Why Article 50 Is Different From Every Other Part of the AI Act

The AI Act's high-risk framework is conditional: it applies only to AI systems classified as high-risk, which covers a defined list of categories and requires specific assessment criteria to trigger. Organizations outside those categories have limited direct obligations under the high-risk framework.

Article 50 works differently. Its transparency obligations apply to any AI system used in four specific situations, completely independently of whether that system is high-risk. An organization can have no high-risk AI at all and still have significant Article 50 obligations — for example, because it deploys a customer-facing chatbot, uses AI to generate marketing content, or has deployed an emotion recognition tool.

This is the aspect of Article 50 that catches organizations by surprise. The presence of the high-risk framework creates an implicit assumption that AI Act compliance is only relevant to organizations in regulated industries or using AI in sensitive domains. Article 50 eliminates that assumption.

The obligations also extend to open-source AI systems. There is no carve-out for organizations using open-source models rather than commercial products. And there is no minimum size threshold: SMEs, startups, and enterprise organizations have the same obligations.

The Four Disclosure Scenarios

Article 50 applies in four situations. Each has its own specific requirements, and organizations should assess their exposure to all four independently rather than assuming one characterization covers all cases.

1. When AI Interacts Directly With People (Article 50(1))

The most widely applicable obligation covers any AI system designed to interact with people: chatbots, virtual assistants, automated phone systems, AI-powered customer service agents, or any other AI interface where the system communicates with a human user.

The obligation: the provider of the system must design and develop it so that users are informed they are interacting with an AI. The draft EU Commission Guidelines, published for stakeholder consultation in 2026, confirm that AI agents fall explicitly within Article 50(1) — including agentic systems that may not interact with a human every time but should be designed to disclose in every interaction where a human could plausibly be involved.

When does the disclosure happen? The May 2026 analysis is precise: "at the latest at the time of the first interaction" — meaning before or during the very first exchange, not at registration, not in the account settings, not in the privacy policy, and not after the conversation has proceeded for several messages.

What does the disclosure have to look like? The analysis is equally precise about what doesn't qualify. The guidance explicitly names:

• "A very small snippet of text hidden in the footer of a website"
• "A faint label on an image"
• "A brief label flashing for only an instant"
• "Disclosures buried in T&Cs"
• "Vague labels"

None of these are compliant. The disclosure must be clear and distinguishable and must conform to applicable accessibility requirements. In practice, this means a visible, legible, persistent disclosure that users cannot reasonably miss.

There is a narrow exception for situations where it is "obvious from the point of view of a naturally well-informed, observant and circumspect person" that they are interacting with AI — but the EU Commission draft guidelines adopt a two-step approach to establishing this: first assess the target audience, then assess how well-informed an average member of that group would be. This exception cannot be assumed; it must be affirmatively evaluated.

For the majority of B2C deployments — customer service chatbots, AI assistants on e-commerce platforms, virtual agents handling inquiries — this exception will rarely apply. The user-base is typically broad, includes users unfamiliar with AI interfaces, and the systems are often designed to mimic conversational human interaction, which actively undermines the "obviously AI" exception.

2. Marking AI-Generated Content (Article 50(2))

The obligation covers providers of generative AI systems — any AI system that generates synthetic audio, image, video, or text. Providers of these systems must ensure that outputs are both marked in a machine-readable format and detectable as AI-generated.

This is a technical obligation about provenance infrastructure, not just front-end labeling. The purpose is to enable detection tools to verify whether content was AI-generated — including by third parties, platforms, or regulators examining the content after it has been distributed.

The specific technical standards for this machine-readable marking are being developed through the Code of Practice on AI-generated content — the second draft of which was published in March 2026, with a final version expected by June 2026. Providers of generative AI systems (including those building on top of general-purpose AI models to create content-generating features) must track these developments closely, as the implementation specifications are being finalized in the months before the August deadline.

One narrow exception applies: if the AI system performs only an assistive function for standard editing — correcting grammar, checking spelling, suggesting minor style edits — without substantially altering the content, the marking obligation does not apply. But this exception is narrow: systems that generate paragraphs, create images, compose audio, or produce video are clearly within scope.

Who this affects in practice: marketing teams using AI to generate ad copy, blog posts, product descriptions, or social content. Design functions using generative AI for visual assets. Agencies producing AI-assisted video or audio content for clients. Platforms embedding generative AI features.

3. Disclosing Emotion Recognition and Biometric Categorization (Article 50(3))

For systems used outside the prohibited workplace context — recall that emotion recognition in workplaces has been banned since February 2025 under Article 5 — organizations that deploy emotion recognition or biometric categorization must inform the individuals exposed to those systems.

This obligation is distinct from the workplace prohibition. It applies in permitted contexts: retail environments where AI analyzes shopper sentiment, healthcare settings where AI assesses patient emotional state, customer service contexts where call center AI monitors caller sentiment, or any other setting where individuals' emotional or biometric characteristics are being assessed by AI outside a workplace or education setting.

The requirement is notice — individuals must know that a system is operating on these principles. The notice must meet the same standard as other Article 50 disclosures: clear and distinguishable, provided before or at the start of exposure, and not buried in documentation users are unlikely to read.

4. Labeling Deepfakes and AI-Generated Public Interest Text (Article 50(4))

This provision has two components, each with its own requirements.

Deepfakes: Deployers using AI to create deepfakes — AI-generated or manipulated image, audio, or video content that resembles existing persons, objects, places, or events and could falsely appear authentic — must disclose this. The draft EU Commission Guidelines clarify that clearly fantastical content falls outside the definition: if the content is physically impossible or obviously imaginary, it is not a deepfake. But content that could be mistaken for authentic footage of a real person or event is within scope.

The proposed disclosure approaches include: persistent visual labels on images, opening disclaimers for video, and audible warnings for audio. Where deepfake content forms part of a clearly artistic or satirical work, the obligation is reduced to disclosing the existence of AI-generated or manipulated content in a manner that doesn't impair the work itself.

AI-generated text on matters of public interest: Where deployers publish AI-generated or manipulated text with the purpose of informing the public on matters of public interest, the text must be disclosed as AI-generated — unless it has undergone genuine human review with editorial responsibility. The emphasis is on the publisher's purpose: if the goal is informing the public on public matters, the obligation triggers regardless of subject area.

The editorial carve-out is meaningful but narrow: human review must be substantive, not superficial or cursory. A workflow where a human reads an AI-generated article and approves it for publication with minimal changes — perhaps fixing a factual error — may meet the standard if the human bears genuine editorial responsibility. A workflow where AI generates content that is published automatically after keyword scanning does not.

What "Clear and Distinguishable" Actually Requires

The phrase "clear and distinguishable" will be the center of regulatory interpretation after August 2026. The May 2026 analysis provides the most authoritative non-legislative guidance available:

The disclosure must be provided at the time of first interaction or exposure — before the exchange has begun, not after several messages, not during account registration conducted days or weeks before.

It must be visible — not in a font size that requires effort to read, not in a color that creates low contrast against the background, not positioned in a footer users are not expected to read.

It must be persistent where context requires — for a video featuring AI-generated content, a label that appears briefly at the beginning and disappears may not be sufficient for sensitive content.

It must meet accessibility requirements — including requirements for users with visual impairments, who may be using screen readers or other assistive technologies.

In some sensitive contexts — emotion recognition in healthcare, AI-generated content in legal proceedings — one-time disclosure may be insufficient, and repeated disclosure may be required.

The practical implication: most current implementations of AI disclosure are non-compliant as-of August 2026. The chatbot with a tiny "Powered by AI" badge in the header is not compliant. The AI-generated marketing copy with no label is not compliant. The emotion analysis tool used in a customer experience context with disclosure only in the privacy policy is not compliant.

The Code of Practice: What to Track Before June 2026

The Code of Practice on AI-generated content is the practical implementation guide for Article 50(2) and 50(4). As of the publication of the March 2026 second draft, key elements being developed include:

• A standardized EU label: Currently proposed as an "AI" visual label, localized as "KI" in German, "IA" in French, and equivalent terms in other EU languages
• A taxonomy distinguishing "fully AI-generated" from "AI-assisted" content: With different disclosure requirements applying to each
• Technical standards for watermarking, metadata, and provenance tools: Including technical specifications for machine-readable output marking across modalities (audio, image, video, text)
• Modality-specific labeling guidance: Persistent labels for video, visible labels for images, audible disclaimers for audio

Although the Code of Practice is voluntary, its practical status is clear from the EU Commission's own language: organizations that comply with the Code will be in the best position to demonstrate compliance. In regulatory practice, the Code will become the benchmark.

Final version expected: June 2026 — giving organizations approximately six weeks to implement before the August deadline. Organizations that are not tracking the Code of Practice now will have inadequate time to implement its specifications if they wait for the final version.

The Industries Most at Risk

While Article 50 applies broadly, certain industries have disproportionate exposure:

Customer Service and E-Commerce: Customer-facing chatbots and virtual assistants are the most common Article 50(1) trigger. Any organization with a chatbot interface — whether built internally or licensed from a vendor — has an immediate disclosure obligation.

Marketing and Content: AI-generated copy, product descriptions, social content, email campaigns, and blog posts are within Article 50(2) scope for providers of the generative systems and within Article 50(4) scope for organizations publishing on public interest matters.

Media and Publishing: Organizations publishing AI-generated news summaries, analysis, or public affairs content face the Article 50(4) text disclosure obligation — or must demonstrate substantive editorial review sufficient to qualify for the carve-out.

Financial Services: AI-generated summaries, personalized communications, and investment commentary may constitute public interest text. AI-powered customer service interfaces are within Article 50(1) scope.

Legal Technology: AI systems that help lawyers draft documents or analyze cases, where outputs are shared with clients or published, may be within scope for both Article 50(2) and 50(4).

Healthcare: Emotion recognition or biometric categorization tools used in patient-facing contexts outside the workplace trigger Article 50(3) disclosure.

The Compliance Checklist for August 2

The May 2026 analysis provides a structured checklist. For organizations assessing their Article 50 exposure:

For all organizations: Map all AI systems in use across the organization and identify those used in the four Article 50 scenarios. Check whether any exemptions apply. Monitor the Code of Practice (final version expected June 2026) and the Commission's Guidelines.

For customer-facing chatbot and virtual assistant providers: Review current disclosure practices immediately. Ensure users are informed they are interacting with AI at the start of every interaction. Review the interface design — the disclosure must be clear, not buried.

For providers of generative AI systems: Begin assessing technical capacity for machine-readable output marking. Engage with or track the Code of Practice to understand the watermarking and metadata specifications being finalized for June 2026.

For organizations publishing AI-generated content: Inventory content production workflows. Identify all AI-generated content published externally. For deepfakes, plan disclosure from the start of the content creation process. For text, assess whether you can rely on the editorial carve-out — and if so, document the review process substantively enough to demonstrate it.

For deployers of emotion recognition or biometric systems: Screen each use case against the Article 5 prohibition first. Then design clear, accessible notice for exposed individuals that is provided before or at the start of exposure.

Frequently Asked Questions About Article 50 Compliance

We use a third-party chatbot platform. Is compliance their responsibility or ours?
Both, but differently. The chatbot provider (the system provider) must design the system so it can disclose AI interaction to users — the disclosure mechanism must be built into the product. The deployer (your organization) must ensure it is enabled and configured correctly. If you have deployed the chatbot in a way that disables or obscures the AI disclosure, that is your compliance failure as deployer.

We use AI to help draft communications, but a human always reviews and edits. Do we still have to disclose?
It depends on whether the AI performs only assistive editing functions (grammar, spelling, minor suggestions) or generates substantive content. If AI is generating paragraphs, structuring arguments, or creating original content that a human reviews and publishes, the editorial carve-out in Article 50(4) requires genuine human editorial responsibility — not just cursory approval. If that standard is met, the disclosure obligation for public interest text may not apply. But the burden is on the organization to document that the human review is substantive.

Does Article 50 apply to internal AI tools used only by employees?
Not directly — Article 50(1) covers systems intended to interact with people in a way where they might not expect AI. Internal tools where the AI nature is clear from context may fall under the "obviously AI" exception. But emotion recognition or biometric categorization deployed on employees triggers a different issue: it is prohibited in the workplace under Article 5 (since February 2025), not merely subject to Article 50 disclosure.

Our organization is not in the EU and has no EU operations. Does Article 50 apply?
If your AI systems' outputs are deployed or accessible in the EU — for example, a chatbot on a website accessible to EU users, or AI-generated content published in EU markets — you are likely within the EU AI Act's territorial scope even without an EU legal presence. Article 2(1) covers AI systems placed on the EU market or put into service in the EU.

The Code of Practice isn't final yet. Can we wait for the final version before implementing?
You can wait for the June 2026 final version before implementing the specific technical standards for watermarking. But Article 50(1) obligations — chatbot disclosure — are independent of the Code of Practice and can be implemented now based on existing guidance. Organizations that wait for all guidance to finalize before starting any implementation will not have enough time to deploy compliant systems before August 2.

---

Intrabit helps organizations map their AI systems against Article 50 obligations, assess the completeness of existing disclosure practices, and build the governance workflows needed to meet August 2026 deadlines with documentation that demonstrates compliance.

Further Reading

• The EU AI Act Is Already Enforcing
• AI in HR: The August 2026 Deadline
• Generative AI and Data Privacy
• The Hidden Risk of Shadow AI