Up to €15 Million or 3% of Global Turnover: EU AI Act Compliance for AI-Generated Content in 2026
The AI Label Is Coming: Article 50 Transparency Obligations for AI-Generated Content, Watermarking and Deepfakes
Table of Contents:
▫️Why 2026 Matters
▫️Article 50 Explained
▫️Key Dates and Timeline
▫️Fines and Penalties
▫️Provider vs Deployer
▫️The AI Content Code of Practice
▫️What AI Labelling Means
▫️Watermarks, Metadata and C2PA
▫️Deepfakes
▫️Advertising and Marketing
▫️Publishers and Media
▫️Business Compliance Checklist
▫️Open Questions
▫️Main Conclusion
▫️FAQ
In 2026, labels such as “Made with AI” or “You are now interacting with AI” will no longer be voluntary. You will be required to disclose this. If you fail to do so, your company may face a significant fine.
The new EU law requires people to understand when they are interacting with AI or viewing content created by AI under Article 50 of the EU Artificial Intelligence Act, Regulation (EU) 2024/1689.
These rules will start applying on 2 August 2026. For some AI systems that were already on the market before that date, a transitional period will apply until 2 December 2026.
🗣 On paper, this looks like a serious attempt to tame a wild beast. In practice, it feels more like officials walking up to a giant killer whale with a sewing needle, a whistle, and a sign saying: “Please behave transparently.”
The law is trying to bring order to a world where AI has already learned how to write, speak, draw, fake faces, imitate voices, and produce content faster than a regulator can open a new PDF document.
We are being offered labels, watermarks, and disclosure rules. But the real question is different: will this stop the chaos, or will it simply create a new and expensive bureaucracy around AI? Below, I explain why I tend to believe the second option is more likely.
🔺This will not simply be a “created by AI” label placed on an image. There will be many interesting new requirements.
The new rules apply to the entire system of working with AI-generated content:
▫️Developers of AI systems will have to redesign the internal architecture of their products
▫️Businesses will have to change how they control content and services
🔺Here are concrete examples of how this will work once the new rules enter into force:
▫️If a customer is interacting with AI, they must be informed of this, unless it is already obvious
▫️If an AI system creates text, images, audio, or video, that content must be technically recognisable as having been created or modified by AI
🗣 According to the logic of the people who designed these rules, the ideal AI product must become slightly worse so that the state can feel safer.
Not too smooth. Not too invisible. Not too convenient.
It must come with labels, signals, warnings, and traces, so that every step can be checked. It is as if businesses are being told: “Create innovation, but not too much. Let the user always see the seams.”
In my view, this is a dangerous logic. Instead of real control over AI, we may end up with a market of products artificially damaged for the sake of formal legal compliance.
▫️If AI creates a deepfake, it will be necessary to disclose that the content is artificial or has been modified
🗣 This is where I see the main risk: legal AI will become less convenient, more regulated, and more “noisy” for the user.
Illegal or grey-market AI, on the other hand, will start to look faster, cleaner, and more attractive: no labels, no warnings, no digital traces, and no questions.
In other words, regulation may accidentally create the perfect advertisement for the shadow AI industry.
The white market will explain, label, and document. The grey market will simply say: “Upload your file here. We will remove everything.”
▫️If AI-generated text is published to inform the public on a matter of public interest, it must be disclosed that the text was created or modified by AI. If the text has gone through human review or editorial control, disclosure may not be required
🗣 And this is where I see a hole the size of a truck.
The law says: if an AI-generated text concerns a matter of public interest, disclose the use of AI. Fine. But who decides what counts as a matter of public interest?
Brussels? A platform? An editor? A court? Or the person who yesterday searched Google to find out why their stomach hurt after seafood pasta?
For different people, “important” means completely different things.
And then there is the magical formula: “human review”. But if a person simply ticks a box, does not check the facts, and does not understand the meaning of the text, that is not control. That is a theatrical performance called “we comply with the law”.
The idea is right. The implementation may turn out to be very weak.
▫️The explanation that a product was made with AI must be clear, visible, accessible, and provided before the first interaction or at the first display
🗣Here it is: the cyberpunk of 2026.
The state says: “Label AI content.”
The market replies: “Fine, now let us build a tool that quietly removes all of that.”
As a result, instead of transparency, we may get a new game of hide-and-seek: legal companies will add labels, grey services will help bypass them, and the ordinary user will once again be left alone with the question: is this real or not?
▫️Violations of the transparency rules may result in fines of up to EUR 15 million or up to 3% of the company’s total worldwide annual turnover for the preceding financial year, whichever is higher. A more lenient cap applies to small businesses and start-ups
🗣 In my view, this rule shows the real danger of the whole structure.
We are told: “We are protecting people from deception and AI chaos.” That sounds right. But then you open the section on fines — up to EUR 15 million or 3% of global turnover — and you realise that this is also a powerful tool of pressure against companies.
Businesses are already dependent on AI. They have integrated it into advertising, customer support, texts, images, and products.
And now they are being told: “Here are the rules. It is almost impossible to comply with them perfectly, but if you make a mistake — you pay.”
I am not against regulating AI. I am against regulation that looks like a trap: first the market was accelerated, and then a turnstile with a very expensive ticket was placed at the entrance.
I have gone through all the key points of the new EU law on AI regulation. Keep reading if you are interested in the details of this adventure, as I will go through each new rule in detail.
🟩 Why 2026 Will Be a Turning Point for Every Business Using AI
Imagine an ordinary internet feed: a video of a politician, a customer review, a news story, a photo from the scene of an event, a voice message, an advertising banner, a post by an expert.
Today, each time, you ask yourself the same question: is this real, or was it made by AI?
This is exactly the question the EU Artificial Intelligence Act is trying to address.
For a long time, AI-generated content was discussed as a matter of trust, ethics, and platform rules:
❔Should AI-generated images be labelled
❔Should deepfakes be banned
❔Should it be disclosed when an article was written with the help of AI
❔Should watermarks be voluntary or mandatory
In 2026, this discussion moves into the legal field — although, in my view, into a rather crooked and bumpy one.
Article 50 of the EU AI Act introduces transparency rules for certain AI systems and for certain materials created or modified with the help of AI.
The European Commission explains these rules as a way to protect people from deception, manipulation, and threats to the information environment.
And this law is not only about political deepfakes before elections. It will affect the ordinary digital life of each of us:
an advertising video in which a person never actually said those words
a “real” review that never existed
a random Facebook news story without clear editorial responsibility
an image of an event that looks documentary, but was created by a machine
a voice, face, or text that we trust without understanding where it came from
The problem is not that AI creates content. The problem is that this content increasingly looks real.
This logic is directly reflected in Recital 133 of the EU AI Act. It states that AI systems can generate large volumes of synthetic content that is becoming increasingly difficult to distinguish from authentic content. This creates risks of disinformation, manipulation, fraud, impersonation, and consumer deception.
🗣 In simple terms: mass disinformation used to be an elite weapon. It was something governments, oligarchs, and large media businesses with huge budgets could afford. Now that weapon has become almost an everyday object. A smartphone, an AI service, a couple of prompts — and any schoolchild, activist, or anonymous account can create a video, text, or image that looks convincing. That is why regulators are so nervous: the factory of influence no longer costs millions. It fits in your pocket.
For this reason, providers of AI systems must implement technical solutions that make it possible to label and detect AI-generated or AI-modified content.
🔺When speaking about the new law, the expression “AI label” is too narrow.
This is not about a small notice saying “created by AI”. It is about an entire chain of transparency:
a person must understand when they are interacting with AI
content must carry a machine-readable technical signal — meaning that when you upload an AI-generated image directly to a social network, the platform should be able to understand and detect it
deepfakes and certain AI-generated texts on matters of public interest must be labelled for people
companies must be able to prove to the regulator that they have actually implemented a process, not just written a policy document — in my view, this is exactly where governments will start making money. But there is also good news: at these stages, companies will need to hire lawyers who understand this field, such as myself
platforms, metadata, standards, and detection tools must work together
🔺The bad news: every business will have to bear ongoing costs to monitor AI transparency.
This is no longer a task for one lawyer writing a compliance policy. The new rules will affect product teams, engineers, marketing departments, newsrooms, advertising agencies, brands, security teams, procurement departments, and everyone who works with content.
If an organisation creates, buys, publishes, or distributes AI-generated content, there will come a moment when AI transparency becomes part of normal operational work.
🟩 Article 50 of the EU AI Act: Transparency Obligations in Plain Language
Article 50 sets out transparency obligations for providers and users of certain AI systems. It is not limited only to “high-risk” AI systems, even though a large part of the EU AI Act is built around that category.
An AI system may not be considered high-risk, but it may still fall under Article 50. For example: a chatbot, an image generator, a synthetic voice tool, an AI marketing tool, or an AI-generated news summary.
In other words, if a system interacts with people or creates content, it may have transparency obligations even without being classified as high-risk.
The main groups of these obligations are:
🟢 AI Systems That Interact Directly with People
If an AI system interacts directly with a person, that person must immediately understand that they are dealing not with a human, but with AI. Providers of AI systems must think in advance about exactly how they will inform the user that they are interacting with AI.
There is only one possible exception: where it is already obvious from the context that the person is interacting with AI. In other words, an ordinary attentive user should be able to understand this without any additional explanation.
Such systems include, for example:
chatbots
voice AI assistants, where the assistant may briefly state by voice that it is an AI system
interactive AI avatars, where the avatar may have a visible label or on-screen notice
🗣 You probably already have this corporate character in your company: a chatbot with a human face, giving useless advice with a serious expression, failing to solve the problem, and protecting the user until the very end from the terrible danger of speaking to a real customer support agent.
Now, apparently, this needs to be made slightly more legal: remove the human avatar, replace it with Robocop, and honestly tell people that they are dealing with a machine. Please do not forget to do this — at least for the mental health of your customers.
What matters here is not how “smart” the system is or how human-like it appears. What matters is whether there is direct contact between a person and an AI system.
If such contact exists, the user must clearly understand that they are interacting with AI.
This information cannot be hidden somewhere in general terms of service or in a long privacy policy. The notice must be clear, visible, and accessible from the very first interaction.
A person should not have to guess who they are communicating with. They should immediately understand that they are interacting with an AI system.
🟢 Machine-Readable Labelling of AI Content
Providers of AI systems, including general-purpose AI systems, must ensure technical labelling of content if their systems generate synthetic text, images, audio, or video, so that such content can be technically identified as artificially created or modified.
This is the technical core of the AI labelling regime.
This is not only about a visible note saying “created by AI”. The law requires AI-generated content to be detectable by technical means. These solutions must be as effective, interoperable, robust, and reliable as technically feasible.
🗣 The key phrase is “as technically feasible”. And this is where the magic begins.
The law wants AI-generated content to be technically recognisable. But the digital world itself is built in such a way that a file can easily pass through dozens of transformations: uploading, compression, re-saving, format changes, publication, downloading, and reposting.
After all of that, the beautiful label may remain only as a memory in a lawyer’s report.
So the real question is not whether a label can be added. The question is whether it will survive contact with the real internet.
🔺Exceptions: this may not be required where the AI system performs only an assistive function for standard editing, does not substantially alter the input data, or does not change its meaning. There are also separate exceptions for the use of AI systems authorised by law for law enforcement purposes.
The same may apply to grammar checking, file compression, minor image cropping, or light colour correction, provided that the meaning of the content does not change.
But creating a synthetic product scene, replacing a face, generating artificial voice-over, or producing a fictional image of a real public figure will trigger the obligation to comply with this rule.
🟢 Emotion Recognition and Biometric Categorisation
If a company uses AI to understand a person’s emotions or to assign them to a particular group based on external characteristics, that person must be informed.
For example, if AI analyses a person’s face, voice, or behaviour and draws conclusions from it, the person must know that they are being analysed by an AI system. The company must also comply with personal data protection rules.
In short: if AI is doing something to a person invisibly, the person must know about it.
🟢 Deepfakes and AI-Generated Texts on Matters of Public Interest
The European Commission explains a deepfake as an image, audio, or video created or manipulated by AI that resembles existing persons, objects, places, events, or entities and could falsely appear to a person to be authentic.
If a user of an AI system creates or modifies an image, audio, or video in such a way that it becomes a deepfake, they must clearly disclose that the content has been artificially created or manipulated.
There is also a separate rule for AI-generated texts.
If AI-generated or AI-modified text is published for the purpose of informing the public on a matter of public interest, it must be disclosed that AI was used in its creation.
🗣 This is where I have serious doubts.
News organisations are unlikely to start massively and honestly writing: “AI assisted in the creation of this text.” Such a label immediately affects readers’ trust, the author’s reputation, and the perceived value of their work.
It is much more convenient to say: “The material underwent editorial review” — and close the issue.
Formally, everything looks fine. In reality, the reader may never know who wrote the text: a journalist, AI, or a journalist who simply clicked “improve style”.
🔺The good news: this does not apply to every AI-generated text.
A private letter, an internal draft, a product description, or an advertising text does not automatically fall under this rule. The key condition is that the text is published for a broad audience and concerns a matter of public interest.
Disclosure is also not required if the text has undergone human review or editorial control and a specific person or organisation takes responsibility for the publication.
🟩 EU AI Act 2026 Timeline: When Article 50 Transparency Rules Apply
The EU AI Act was published in the Official Journal of the European Union on 12 July 2024 and entered into force shortly afterwards. The Regulation generally starts applying from 2 August 2026. However, some provisions apply earlier or later.
For Article 50, the key date is 2 August 2026. This is when the transparency obligations generally start to apply.
▫️On 2 February 2025, the prohibitions on certain AI practices and AI literacy obligations started to apply
▫️On 2 August 2025, certain governance rules, sanctions, and obligations for general-purpose AI models started to apply
▫️On 2 August 2026, the transparency obligations under Article 50 start to apply
There is also another important transitional date.
For AI systems that were already placed on the market before this date, a transitional period applies until 2 December 2026.
🗣 Do not wait for the moment when someone from above finally explains everything in simple language. The key date is already known: 2 August 2026.
By that date, companies need to put their AI processes in order: where AI is used, who is responsible for it, where a label is required, where human review is needed, and what evidence must be preserved.
The problem is not whether you are allowed to use AI. The problem is whether you will be able to prove that you used it lawfully, transparently, and under control.
If you need a legal analysis of your processes for compliance with the new EU AI Act, you can contact me for a consultation. The earlier you do this, the fewer risks you will face later.
And subscribe to my newsletter, so you do not wake up one day in a world where AI is already regulated while your business is still living by the rules of 2023.
🟩 EU AI Act Fines: Up to €15 Million or 3% of Global Turnover for Transparency Violations
Article 99 of the EU AI Act sets out sanctions for violations of the transparency rules.
For non-compliance with Article 50, providers and users of AI systems may face administrative fines of up to EUR 15 million or up to 3% of the total worldwide annual turnover for the preceding financial year — whichever amount is higher.
For small and medium-sized enterprises, including start-ups, a more lenient rule applies: the lower of the two limits is used — either the percentage of turnover or the fixed amount.
But this does not make the obligation symbolic. Regulators may apply not only fines, but also warnings or other non-monetary measures.
🔺The fine is only part of the risk. The main problem for business is evidence.
If a company publishes AI-generated advertising, uses a synthetic voice in customer support, distributes AI-generated summaries on matters of public interest, or integrates a generative tool into its product, it may need to show:
which AI system was used
what content was created
what label was applied
what metadata was preserved
whether the AI-generated content could be technically detected
who reviewed and approved the publication
🗣 If the state grabs a company by the throat,
. It will be made in very real money.
I think many businesses will first become frightened and start banning AI inside their companies. This may look cautious, but it will be expensive: less speed, more manual work, more frustrated employees, and the feeling that everyone has suddenly been sent back to a pre-AI workflows.
Then comes the “denial phase”: “We do not use AI.”
Then the “bargaining phase”: “All right, where can we use it safely?”
And finally, the “acceptance phase”: “Without AI, we are losing money.”
And at that moment, you will need a lawyer who understands not only the law, but also the machine itself.
Get in touch. I can help you bring AI under control, build internal rules for your business, and reduce the risk of punishment by the state.
🔺What This Looks Like in Concrete Numbers:
Suppose a company violates the rules of Article 50 — for example, it launches an AI chatbot for customers but fails to inform users that they are interacting with an AI system.
Under Article 99 of the EU AI Act, such a violation may result in a fine of up to EUR 15 million or up to 3% of the total worldwide annual turnover for the preceding financial year — whichever amount is higher.
For small and medium-sized enterprises, including start-ups, a more lenient rule applies: the lower of the two limits is used.
🟢 Example 1. A Start-Up with Annual Turnover of EUR 1 Million
3% of EUR 1 million = EUR 30,000.
If the company qualifies as an SME or start-up, the maximum limit will not be EUR 15 million, but up to EUR 30,000.
🟢 Example 2. A Medium-Sized Company with Annual Turnover of EUR 20 Million
3% of EUR 20 million = EUR 600,000.
If the company falls within the SME definition, the maximum limit will be up to EUR 600,000, because this is lower than EUR 15 million.
🟢 Example 3. A Large Company with Annual Turnover of EUR 100 Million
3% of EUR 100 million = EUR 3 million.
For a large company, the higher amount applies. Between EUR 3 million and EUR 15 million, the higher amount is EUR 15 million. This means the maximum fine may reach up to EUR 15 million.
🟢 Example 4. A Large International Platform with Annual Turnover of EUR 1 Billion
3% of EUR 1 billion = EUR 30 million.
In this case, 3% of turnover is higher than the fixed amount of EUR 15 million. Therefore, the maximum fine may reach up to EUR 30 million.
In other words, the rule works as follows:
▫️for large businesses: EUR 15 million or 3% of worldwide turnover — whichever is higher
▫️for small and medium-sized enterprises, including start-ups: EUR 15 million or 3% of turnover — whichever is lower
❗️Important: this does not mean that the regulator will automatically impose the maximum fine. The specific amount will depend on the circumstances: the nature of the violation, its duration, scale, consequences, the size of the company, the degree of responsibility, cooperation with the regulator, and whether the company attempted to correct the violation.
🗣 This may become a very attractive revenue mechanism for public budgets: large companies, large turnovers, large fines.
But then the old game will begin in a new form. In the past, businesses looked for tax havens. Now they may start looking for AI havens — digital islands, jurisdictions, and services where AI can be used without European labels, reports, and fear of the regulator.
As a result, the law that was supposed to make AI more transparent may push part of the market into places where there will be no transparency at all.
🟩 Provider vs Deployer Under the EU AI Act: Who Is Responsible for AI Content Labelling
Article 50 distinguishes between the obligations of providers and deployers of AI systems.
▫️Provider: the person or company that develops an AI system, or has it developed, and then places it on the market or puts it into service under its own name or brand. The provider is responsible for the system itself: how it is designed, what technical labels it applies, and whether AI-generated content can be detected.
▫️Deployer: the person or company that uses an AI system under its own responsibility. The deployer is responsible for the specific use of the system: why it is used, what content is published, where that content is placed, and whether disclosure to people is required. *Personal, non-professional use does not fall into this category.
🔺But in real life, things are more complicated.
One company may be both a provider and a deployer at the same time. A brand may use a third-party image generator. An agency may create AI-generated advertising for a client. A platform may provide AI tools while also hosting the content created with them. A publisher may use a general-purpose AI model inside its editorial system.
That is why the key question is not only “who bought the tool”. The real question is who controls the system, the use case, and the publication of the result.
Article 50 does not apply only to companies registered in the EU. If AI-generated content is used in the European Union, non-European actors may also fall within the scope of these rules.
For example, an advertising company from a third country uses an AI system to create a deepfake of a celebrity for an advertisement shown in the EU. Such a company may be considered a deployer within the scope of the EU AI Act.
🟩 Code of Practice for AI-Generated Content: Why It Matters Even If It Is Voluntary
On 10 June 2026, the European Commission published the final Code of Practice on transparency for AI-generated content.
This is a practical guide for companies on how to properly inform people that a text, image, video, voice, or other type of content was created with the help of AI.
The Code was prepared by independent experts. The AI Office, the dedicated EU body dealing with AI-related matters, also participated in the process.
Signing up to this Code is voluntary. In theory, a company may say: “We will not sign the Code. We will do everything our own way.”
But Article 50 of the EU AI Act itself remains mandatory.
In other words: the Code is voluntary, but the law is not.
In practice, the Code serves one main purpose: it shows companies how they can comply with the requirements of Article 50.
The Code has two main parts.
🟢 The first part is for providers of AI systems: companies that create or provide AI tools. For example, services that generate text, images, video, voice, or other materials.
They must think about how to ensure that AI-generated content can be:
labelled
recognised
technically detected
🟢 The second part is for companies and organisations that use AI systems.
For example, if a company uses AI to create a deepfake, synthetic voice, AI-generated video, or text on a matter of public interest, it must clearly disclose that AI was used.
Companies that sign the Code will be able to use it as evidence:
“We comply with Article 50 not only in words, but according to clear rules.”
Companies that do not join the Code may still comply with the law in another way. But then they will have to prove themselves that their transparency system is sufficiently reliable.
That is why the Code of Practice may become a real market standard. If a company uses the Code, it will be easier to explain to the regulator that it tried to comply with the law. If a company does not use the Code, it needs to have its own strong, clear, and well-documented system.
Otherwise, the regulator’s question will be very simple:
“All right, you did not use the Code. Then show us exactly how you complied with Article 50.”
🗣 This is the illusion of choice in its purest form.
You are told: “No one is forcing you.”
And then a system is created in which not complying with the rules becomes too dangerous, too expensive, and too foolish.
Business finds itself in a beautiful position: it did not write the rules, it had no real control over their meaning, but it will be the one paying for mistakes.
Do you dislike this new legislative reality?
Then welcome back to the world of typewriters, goose feathers, and offices without AI.
🟩 AI-Generated Content Labels: Metadata, Watermarks, Detection Tools and EU Icons
Labelling is not one icon and not one phrase saying “created by AI”. It is a multi-layered system: metadata, watermarks, detection tools, and clear notices for people.
🟢 Metadata
The Code of Practice expects companies to record information in metadata about whether content was created or modified with the help of AI, where the file format supports metadata. This information should be protected by a digital signature. If the time of creation or modification is available, a protected timestamp should also be added.
Metadata helps transfer information about the origin of content between tools, platforms, and archives.
But metadata has a weak point: it is easily lost. For example, when content is uploaded to social media, compressed, converted into another format, or re-saved. That is why metadata alone is not enough.
🗣 I can already see this new industry appearing: “remove AI traces online”, “hide metadata”, “no registration and no loss of quality”. Everything as usual: the law creates a rule, the market creates a button to bypass the rule.
But I have only one question: why did no one panic this much earlier, when people spent years building their personal lives on Tinder using FaceApp, filters, retouching, and photos from five years ago? That was also artificial reality — just without a watermark and an EU regulation.
🟢 Watermarks
The Code also expects AI-generated or AI-modified content to contain a watermark.
Watermarks are useful because they may remain embedded inside an image, audio, video, or text even when ordinary metadata has been removed.
But they are not perfect either. They can be weakened by cropping, reformatting, re-recording, translation, paraphrasing, or deliberate attacks.
🗣 Again, this feels like an idea from the Stone Age: if we cannot truly control AI, let us at least make life harder for those who operate legally. Excellent plan.
The white market will receive labels, reports, checks, fines, and costs. The grey market will receive customers, money, and freedom from rules.
In the end, instead of controlling AI, we may create a new underground AI economy where no one labels anything, declares anything, or pays taxes.
🟢 Preserving Existing Labels
The Code expects companies to make efforts to preserve existing metadata and labels when an AI system uses content as input and then modifies it. Usage policies, terms of service, or documentation should also prohibit the intentional removal or damaging of such labels, except in lawful cases.
🟢 Detection Tools
The Code expects companies to provide detection tools so that users can check whether content was created or modified by a specific AI system.
This is because machine-readable labelling only makes sense if someone is actually able to read it.
🟢 EU Icons for AI-Generated Content
The European Commission has published specific icons for labelling AI-generated content.
In simple terms, these are small symbols that can be placed next to a text, image, video, or audio file so that a person immediately understands: artificial intelligence was used here.
These icons are not decorative. Their purpose is to help an ordinary person quickly understand that the content in front of them is not fully “human” content, but material that was created or modified with the help of AI.
The icons may be used in several situations:
when content was fully created by AI
when real content was partly modified by AI
when the content is a deepfake
when AI-generated text is published to inform the public on a matter of public interest
For example, if AI fully creates a video showing a fictional event, the “Fully AI-generated” icon may be used.
If there was a real photograph, but AI replaced a person’s face or changed an important part of the image, the “Partially AI-modified” icon may be used.
If a company publishes an AI-generated news summary or an explanation of a matter of public interest without proper human editorial review, this may also require disclosure.
🔺The EU icons are voluntary.
A company is not required to use these exact icons. It may create its own labelling, for example: “Created with AI”, “Image modified by AI”, or “You are viewing AI-generated content”.
But the obligations under Article 50 of the EU AI Act remain mandatory. In other words, a company may choose not to use the EU icon, but it cannot simply stay silent if the law requires disclosure.
The label must be clear, visible, and accessible. A person should see it at the moment of first contact with the content — not after they have already believed the video, read the text, or shared the post.
The icon should not be hidden by other interface elements. Where possible, it should remain attached to the content even if the content is downloaded or forwarded further.
This is a way of telling the person: “Be careful, this material was created or modified with the help of artificial intelligence.”
For businesses, this is also a matter of evidence. A company must be prepared to show not only the icon, but the entire logic behind it: where AI was used, what content was created, why this type of labelling was chosen, who checked it, and how the user could see it.
It is like a road sign on the road: the sign itself matters, but behind it there must be rules, markings, responsibility, and control.
🟩 AI Watermarking and C2PA: Metadata, Content Credentials and AI Content Detection
🗣 In simple terms, the law wants every piece of AI-generated content to have a passport: who created it, where it was modified, what happened to it afterwards, and whether this can be proven.
The problem is that, on the real internet, these “passports” are often lost faster than luggage on a cheap airline.
Article 50 of the EU AI Act requires AI-generated content to be not only understandable to people, but also technically detectable. In other words, if a text, image, video, or audio file was created or modified with the help of AI, the system must help make this recognisable.
But the law does not force everyone to use one specific technology. It says something simpler: the solution must be sufficiently reliable, effective, interoperable, and robust — as far as this is possible with current technology.
Different methods may be used, including:
watermarks
metadata
cryptographic signatures
activity logs
digital fingerprints
other methods for detecting AI-generated content
In practice, this works as several layers of protection.
▫️Metadata is technical information inside the file. It may show that the content was created by AI, which tool was used, and when it was created
▫️A cryptographic signature is like a digital seal. It helps verify whether the metadata was changed after the file was created
▫️A watermark is a visible or hidden signal inside the content. It helps determine whether a text, image, video, or audio file is connected to AI
▫️A digital fingerprint is a unique trace of a file. It helps recognise the content or modified versions of it
▫️Detection tools help platforms, users, and regulators check AI labelling
▫️Internal company logs show who created the content, who reviewed it, who approved it, and where it was published
The C2PA standard and related Content Credentials are especially important.
C2PA is an open standard that helps show the provenance of digital content: where a file came from, how it was changed, and whether AI was used in the process.
C2PA does not prove that the information is true. It shows where the file came from, what changes were made, and whether the provenance data can be trusted.
For example, if a photo has Content Credentials, a person can view the history of that photo. But this does not mean that the news story or caption attached to the photo is automatically true.
The European transparency Code places strong emphasis on digitally signed metadata, invisible watermarks, the preservation of labels, and information about content provenance.
There is no perfect solution yet. A 2025 study showed that only some AI image generators already use sufficiently developed practices for watermarking and labelling deepfakes.
Another study on watermarks for large language models points to a similar problem: there is still no single solution that perfectly meets all the requirements of the AI Act at once — reliability, interoperability, effectiveness, and robustness.
Businesses should not wait for the perfect technology. They need to start building a reasonable system now: using metadata, watermarks, C2PA, or other suitable solutions, documenting internal processes, and preserving evidence.
🗣 The main mistake is to think that it is enough to simply add a label saying “made with AI”. It is not.
A company must be ready to prove that AI was used lawfully, transparently, and under control.
This means that companies should already be thinking not about a beautiful five-page policy, but about a real system: who trains employees, who checks the processes, who preserves evidence, and who is responsible if the regulator asks questions.
And yes, it is better to look for a lawyer who understands AI regulation today. Tomorrow, everyone will be looking for one.
If you need an analysis of your AI processes for compliance with the new EU AI Act, you can contact me directly.
🟩 Deepfakes Under the EU AI Act: Where the Disclosure Line Is Drawn
Deepfakes are one of the most sensitive points under Article 50. The European Commission describes a deepfake as an image, audio, or video created or manipulated by AI that resembles existing persons, objects, places, events, or entities and may falsely appear to a person to be authentic.
In practice, difficult questions immediately arise:
❔ If only the background is replaced, is that already a deepfake
❔ If AI slightly improves a person’s face, is that a substantial modification
❔ If a synthetic voice is used with the actor’s consent, is a label required
❔ Should a historical reconstruction be labelled
❔ What should be done with a stylised image if it is based on a real person
❔ What if an advertising character is not a real person, but strongly resembles a well-known public figure
This is where the grey zone begins.
The EU AI Act leaves room for disputes: what counts as synthetic manipulation, where ordinary editing ends, and how significant a modification must be before a disclosure obligation arises.
For businesses, the safer approach is to be conservative.
If content creates the impression of a real face, place, event, or statement, but was actually created or modified by AI, the risk under Article 50 is high.
Particular care is needed with:
political communication
news and public-interest content
advertising using images of celebrities or realistic testimonials
synthetic voices
images of real people in fictional circumstances
videos that imitate real events
🗣 This is where the real legal circus will begin: is it enough to write once at the beginning of a video, “this is a deepfake”? Or should the warning remain visible throughout the entire video, like a sign saying “caution, wet floor”?
The main dispute will not be whether there was a label. The main dispute will be whether the viewer actually understood that they were being warned.
And then a completely different story begins: deepfakes as a tool of crime.
In my view, a simple principle should apply here: robbery with a toy gun is still robbery if the victim believes the gun is real. The same should apply to AI. If a fake face, voice, or video is used to deceive someone, it should not be treated as a technological trick. It should be treated as a real instrument of crime.
If a person could believe that something is real, even though it was created or modified by AI, it is safer to disclose the AI origin of the content.
🟩 AI-Generated Advertising and Marketing: The Most Tense Compliance Area
Advertising teams are already using generative AI for product images, backgrounds, models, voice-overs, banners, personalisation, creative testing, and localisation.
In June 2026, Reuters reported that a retail association had called for AI-generated advertising to be exempt from the EU transparency rules.
The industry’s argument is understandable: if every advertising material where AI was used even slightly has to be labelled, this will create costs, unnecessary friction, and confusion for consumers.
But Article 50 does not contain a general exemption for advertising.
The regulator’s logic is simple: advertising can also mislead people.
A synthetic model may look like a real customer
An AI-generated product image may show features the product does not actually have
A synthetic review may imitate a real buyer
A synthetic celebrity may create the false impression of endorsement
The analysis by Gleiss Lutz also emphasises that advertisers and advertising service providers need to prepare, because AI-generated product images, synthetic voice-overs, and AI-generated testimonials are already widely used in the industry.
The closer an advertisement is to a real person, a real event, an actual product feature, or a statement of public importance, the stronger the argument for clear labelling becomes.
🗣 Marketing will have to live in a world of rules that do not yet fully understand what they want to become.
Today, this looks like the draft of a new Bible of AI regulation: the general idea is already there, but the commandments will still be rewritten.
In two or three years, clearer practice will appear. In five years, we may perhaps see real legislation built on this foundation.
For now, businesses are being asked to pray, comply, and hope they have understood the text correctly.
🟩 Publishers and Media: AI-Generated Texts on Matters of Public Interest
Not every text written with the help of AI will automatically need to be labelled.
The rule applies to a specific situation: when an AI system has created or modified a text, and that text is published to inform people on a matter of public interest.
If the text may influence public opinion, people’s safety, elections, health, rights, money, or the understanding of laws, it should be treated with greater caution.
❔Who does this specifically concern:
news organisations
reviews of laws and political decisions
short AI-generated summaries of court decisions
health and safety materials
election-related information
financial and regulatory warnings
important public statements by companies
🔺Important: Article 50 does not prohibit journalists, newsrooms, or publishers from using AI.
For example, AI may be used for a draft, structure, translation, short summary, or editorial assistance.
The regulator’s main question will be this: was there real human control afterwards?
If a person reviewed the text, corrected errors, checked the facts, edited the material, and the newsroom took responsibility for the publication, disclosure of AI use may not be required.
If AI helped write a draft, this does not necessarily create a problem. But if AI wrote the text itself and it was immediately published for the public without disclosing that it was AI-generated, this may already be a violation.
Even if you checked everything and decided that labelling is not required, it is still better to preserve the full internal process of creating the material inside the newsroom:
❔which AI tool was used
❔who reviewed the text
❔which facts were checked
❔who bears editorial responsibility
❔how the process was documented
This way, if necessary, you can use this record to confirm that the text was reviewed and edited by a human.
🗣 Companies should not wait for panic. They should start building a protection system now: document AI use, record interactions with the media, train employees, review business processes, and look in advance for specialists in AI law.
Because when the regulator comes with questions, it will not be enough to say: “We tried.”
The regulator will want to see documents, processes, logs, responsible people, and evidence.
Preventive measures today are not bureaucracy. They are insurance against fines tomorrow.
🟩 EU AI Act Compliance Checklist: What Businesses Should Do Before 2 August 2026
Preparing for Article 50 is not about writing a beautiful document “about AI ethics” that sits in a folder and no one ever opens.
Ask yourself a simple question: where does our product, text, advertising, video, voice, or image come into contact with AI?
Businesses need a simple working system: where we use AI, what content it creates, who is responsible for it, where a label is required, and what evidence we preserve.
The goal is to make sure that, at every stage of working with AI, the company understands where a risk of violating the law may arise.
🟢 Create a Map of AI Content
First, you need to understand where your organisation uses AI. Record all places where AI creates, changes, or helps publish content:
• image generators
• video generators
• synthetic voice-over tools
• chatbots and virtual assistants
• AI avatars
• marketing AI tools
• editorial systems
• translation and localisation tools
• automatic summaries
Separately, check external contractors: agencies, designers, marketers, editors, and IT teams. If a contractor uses AI for your company, this must also be included in the map.
🟢 Separate the Roles: Who Is the Provider and Who Is the Deployer of AI
Determine what role your organisation plays. You may be:
• a provider of an AI system
• a deployer of an AI system
• both provider and deployer at the same time
This is important to record in contracts.
For example, the provider of an AI tool may be responsible for machine-readable labelling. But the company that publishes a deepfake, advertisement, or AI-generated text on a matter of public interest may still be responsible for clear disclosure to people.
You cannot shift everything onto “the service that generated the image”. If you publish the content, you may also have responsibility.
🟢 Divide Content into Categories
After mapping your AI use, you need to understand what type of AI content you have and divide it into categories:
• a person directly interacts with an AI system
• AI creates audio, images, video, or text
• AI only slightly edits content without changing its meaning
• there is a risk of a deepfake
• AI creates text on a matter of public interest
• the text is reviewed by a human and there is editorial responsibility
• the content is created for a specific lawful purpose, for example law enforcement
This will help you quickly understand where a label is needed, where disclosure is required, and where the risk is lower.
🟢 Choose Technical Measures
If you are the provider of an AI system, check the technical side:
❔what metadata is recorded
❔whether digital signatures are used
❔whether watermarks are applied
❔whether AI-generated content can be detected
❔whether labelling is preserved during export
❔what happens during compression, upload, or format conversion
❔how the user can verify the origin of the content
🗣 AI-generated content must be recognisable. A person must understand that what they are seeing is a synthetic image, video, or text — not just another “beautiful creative”.
And this is where a new race will begin.
Some companies will be able to integrate the requirements of Article 50 carefully: without ugly labels, without destroying trust, and without killing the product. They will remain in the white zone and continue making money.
Others will pretend to comply: formal labels, unclear signals, checkboxes for lawyers. That is the grey zone.
And some will simply move into the black zone and work without rules.
But the more mature AI regulation becomes, the less air there will be left in the grey zone.
🟢 Think About How Your Customer Will See That They Are Dealing with Synthetic Content
If an AI label or warning is required, it must be understandable:
not hidden at the bottom of the page
not buried in long terms of use
not written in grey text that no one reads
The information must be clear, visible, accessible, and shown no later than the first contact or first view.
Examples of how this should be implemented:
a chatbot must immediately say that it is an AI system
a deepfake must be labelled as artificially created or modified
an AI-generated text on a matter of public interest must include an explanation that it is generated text, but only if there is no human editorial control
🟢 Train Your Team to Work Transparently with AI
Even a good policy will not help if the team does not understand how to apply it. A marketer, designer, editor, product manager, or social media specialist must know exactly:
❔when to apply an AI label
❔when to go to the legal team
❔when to preserve metadata
❔when labelling must not be removed
❔when human review is required
❔how to record who approved the publication.
🗣 Training should not be about beautiful words. It should be about real working situations.
Your employees must understand: here AI can be used safely; here a label is required; here evidence must be preserved; and here it is better not to be a hero and to ask a lawyer immediately.
In my blog, I already explain these topics in simple language. This may be enough for an initial introduction to the AI Act. But if you want me to personally conduct a practical training session for your team, you can contact me.
🟢 Preserve Evidence
If the regulator asks you, “How did you comply with Article 50?”, it will not be enough to say: “We tried.” You will need to show documents and traces of the process to reduce the risk of a fine.
I recommend creating and preserving records of the following:
an AI content policy
creation and publication logs
records of the labelling applied
evidence of human review
contracts with providers and contractors
results of detection tool testing
records of team training
assessments of exceptions
incident response procedures
Preparing for Article 50 is not one document. It is a system.
🔺If you cannot prove that you did everything correctly, then for the regulator it may look as if you did not do it at all.
To build an effective system that helps protect you from risks, it should answer the following questions:
where AI is used in your business processes
what content is created with the help of AI
who is responsible for creating AI-generated content
where a “made with AI” label is required
where human review of the product is required
what evidence of AI product review is preserved
🗣 An AI label should not become a fire drill right before publication. It should become a normal part of content production.
This is a new reality, and businesses will no longer be able to simply ignore it.
It was the same with cigarettes. First, there was beautiful packaging, advertising, lifestyle branding, and no panic. Then came warnings, restrictions, and new rules of the game.
AI will follow a similar path: at first, everyone will think that labels damage the product. Then the market will get used to living with them.
🟩 Open Questions: AI Watermarking, Metadata Loss and the Grey Zone
The EU transparency regime looks strong and logical. But in practice, it still leaves many questions unanswered.
🔺The Technology Is Not Fully Ready Yet.
The law requires labelling methods to be effective, interoperable, robust, and reliable. But technical standards are still developing.
For example, C2PA can help confirm the provenance of content. But this standard is not yet used everywhere. In addition, metadata can disappear when content is uploaded, compressed, edited, or published on social media.
🗣 My 12-year-old daughter can almost instantly recognise AI-generated videos, AI images, and even AI music. My mother, on the other hand, may send me a touching video of “real” little beavers, and I have to choose whether to explain to her that it is AI or simply not ruin her mood.
And this is the whole problem. One generation already sees synthetic content almost instinctively. Another still perceives it as reality.
But if a child is able to notice these signs, then there are recurring patterns in the content. And if there are patterns, sooner or later technologies will appear that can recognise them better than humans.
🔺Watermarks Are Not Always Reliable
Watermarks in images can degrade after processing, cropping, or format conversion. Watermarks in text are, frankly, almost absurd.
Research on watermarks for large language models still does not offer an adequate solution.
🔺Content Passes Through Too Many Hands
The same file can go through a long chain:
the AI system provider applies a label
the user adds a watermark
the platform compresses or changes the file
another person downloads it
a third party reposts it
Who is responsible, and what evidence remains?
🔺It Is Not Always Clear Where Simple Editing Ends and AI Manipulation Begins.
Sometimes AI simply helps: it corrects a text, improves the quality of an image, or translates material.
But sometimes AI seriously changes the meaning: it creates a new face, voice, scene, event, or statement.
The line between “ordinary AI assistance” and “substantial AI manipulation” is not always obvious. That is why businesses need their own internal rules now, without waiting for the first court decisions and fines.
🔺AI Advertising Will Remain a Disputed Area.
Marketing and retail will insist that not every AI-generated advertisement should be labelled. Their argument is understandable: if every banner, image, or background carries a label, this may overload the user and make them think that all visual information is synthetic fiction.
Supporters of AI transparency will argue the opposite: advertising can also mislead people, especially when it uses synthetic people, voices, reviews, products, or celebrities.
For this reason, AI advertising will most likely become one of the most disputed areas.
🗣 And this is where designers and photographers may suddenly regain their market.
While everyone argues about how to label AI-generated content correctly, manual work may become expensive again. The absence of a “made with AI” label may become a mark of quality.
Companies used to be proud of using new technologies. Now they may start being proud of the opposite: “This was made by a human.” And people may start paying for that again.
🔺The Code of Practice Is Voluntary, but Ignoring It Is Risky.
The Code of Practice is formally voluntary. An organisation may choose not to sign it and still comply with the law in other ways.
But there is an important nuance: the Code may become a practical reference point for the market and regulators. If a company follows the Code, it will be easier to show that it tried to comply with the rules. Later, this may also make it easier to win new contracts and develop in the market.
If a company does not follow the Code, it will have to work harder to prove that its own measures were sufficient. That may not sound very convincing to clients and investors.
The law is already moving faster than ordinary business processes. That is why it is better to build a system in advance, rather than search for explanations after the regulator asks the first question.
🟩 Main Conclusion: The AI Label Is the Beginning of AI Compliance
The AI label coming in 2026 is not simply a notice saying “made with AI”. It is a new system of control.
Businesses will need not only to apply a label, but also to prove:
❔where AI was used
❔what content it created or modified
❔who reviewed it
❔where the user saw the warning
❔what evidence the company preserved
For providers of AI systems, the main work will be technical. They will need to build metadata, watermarks, machine-readable labelling, and AI content detection tools into their products.
For deployers of AI systems, the main work will be organisational. They need to understand in advance when content may qualify as a deepfake, when a text concerns a matter of public interest, when an AI label is required, and when human review may be sufficient.
For marketers, publishers, and newsrooms, the main lesson is simple: AI transparency must be considered before publication, not after.
If a video has already spread across social media, an advertisement has already been launched, or a text has already been read by thousands of people, it may be too late to remember the label. The original file, metadata, and review history may already have been lost.
For platforms and AI tools, the main challenge is preserving technical signals. If the label disappears during upload, compression, editing, or reposting, the entire system loses its meaning.
The EU wants to make AI-generated content understandable both to people and to machines. The idea is right. But the technology is not yet perfect, businesses are not ready, and people will still look for ways to bypass inconvenient rules.
The market will split into three zones:
▫️The white zone — companies that honestly integrate AI transparency into their processes. They will spend money on lawyers, engineers, team training, and evidence systems.
▫️The grey zone — companies that apply labels only formally. On paper, everything will look fine, but in practice no one will understand who created the content, where the metadata is, or why the label disappeared.
▫️The black zone — services and users that remove labels, bypass the rules, and operate outside normal regulation.
🗣 That is why I do not think this law will completely stop the chaos around AI.
It will not tame the beast. It will simply build an expensive fence around it, put up a sign saying “Caution: AI”, and hire lawyers to check whether the sign is hanging correctly.
And the beast, as usual, will find a hole in the fence.
More likely, the law will create a new and expensive infrastructure around AI.
Some will pay for compliance
Some will make money from compliance
Some will bypass compliance
And some will pay fines
But for businesses, the main question is already clear.
Not: “Can we use AI?”
The real question is this:
“Can we prove that we used AI transparently, lawfully, and under control?”
The companies in the strongest position will not be those that add a “created with AI” note at the last moment.
The strongest position will belong to those that understand in advance:
where AI is used
who is responsible for it
where a label is required
where human review is required
what evidence must be preserved
what to do if the regulator asks questions
The AI label is not the end of the work.
It is the beginning of a new reality: AI can still be used, but it is no longer possible to pretend that no one needs to understand where exactly it was used.
💬 EU AI Act 2026 FAQ: AI Labels, Watermarking, Fines and Article 50
❔When Do the Rules for AI-Generated Content Start Applying
The main date is 2 August 2026. From this date, the transparency obligations under Article 50 of the EU AI Act start to apply.
For some AI systems that were already on the market before 2 August 2026, a transitional period applies until 2 December 2026.
❔Does Every AI-Generated Text Need to Be Labelled
No. Not every AI-generated text needs to be labelled.
The rule applies to texts that are:
created or modified by AI
published for a broad audience
intended to inform people on a matter of public interest
For example: news, elections, health, laws, people’s rights, safety, and finance.
An ordinary email, draft, product description, or internal document does not automatically fall under this rule.
If the text was reviewed by a human, edited by a newsroom, and responsibility for the publication was taken by a person or organisation, labelling may not be required.
❔Are the EU Icons Mandatory
No. The EU icons are not mandatory.
But the obligation to disclose AI-generated content remains mandatory where Article 50 applies. In other words, a company may choose not to use the specific EU icon, but it cannot remain silent if the law requires that a person be informed.
Important: the icon itself does not prove that a company complies with the law.
❔Is C2PA Mandatory
No. The law does not require the use of one specific standard.
C2PA is useful because it helps show the provenance of a file: who created it, how it was changed, and whether AI was used.
But Article 50 does not require a specific technology. It requires a result: AI-generated content must be understandable to people and technically recognisable.
❔Does AI-Generated Advertising Need to Be Labelled
Not always, but the risk is often high. The law does not contain a general exemption for advertising.
Labelling may be required if the advertisement:
uses a deepfake
shows a synthetic person
uses an AI-generated voice
imitates a real customer or celebrity
shows a product in a way that may make people believe in false features
concerns a matter of public interest
If AI-generated advertising may look like an authentic scene and mislead a person, it should be treated with caution.
❔What Fines Are Possible
For violating the transparency obligations under Article 50, the fine may be:
up to EUR 15 million
or up to 3% of the company’s annual turnover
The higher amount applies. For small and medium-sized enterprises, including start-ups, a more lenient rule applies.
The key point is this: companies are not fined simply for using AI.
The risk arises when a company uses AI but does not explain this to people, does not preserve evidence, and cannot show that it acted transparently.
If you have read this far, thank you.
AI regulation may look technical, but in reality it is about trust: who created what, who checked it, who is responsible, and whether people can still understand what is real.
I will continue writing about this in plain language.
See you in the next piece.
Cheers,








