T-minus … to EU AI Act Article 50 enforcement · 2 Aug 2026 · fines up to €15M or 3% of turnover
EU AI Act · Article 50 · applies 2 Aug 2026

EU AI Act Article 50, explained

The AI transparency rulesApply from 2 Aug 2026Fines up to €15M / 3% turnoverLast reviewed July 2026

Article 50 is the EU AI Act's transparency rulebook. While the Act's high-risk regime made the headlines (and had its deadlines moved), Article 50 is the part most websites will actually meet first: it decides when you must tell people they're dealing with AI — a chatbot, an AI-generated image, an AI-written article — and it applies from 2 August 2026, with enforcement powers active the same day.

This guide covers what the article requires, who it binds, what changed (and didn't) with the Digital Omnibus, the penalties, and how to check a live site the way a regulator would.

On this page The four disclosure duties Who Article 50 binds — providers, deployers, and non-EU companies The timeline: 2 August 2026, and the one carve-out What the Digital Omnibus delayed — and what it didn't Penalties and enforcement The EU labels and the Code of Practice How to check your own site Common questions Sources and further reading

The four disclosure duties

Article 50(1) — chatbots must say they're AI

Any AI system that interacts directly with people — a support chatbot, a voice assistant — must make that clear no later than the first interaction, in a clear and distinguishable way. A line in your terms of service doesn't satisfy it, and neither does a robot icon on a human-sounding bot. There is a narrow exception where it's already obvious to a reasonably well-informed person, but a natural-language customer-service bot doesn't qualify just because it's named "Assistant."

This is a duty you most likely meet through configuration: most major chat widgets already support an AI disclosure, and the gap is usually that it's switched off, worded too weakly, or hidden until someone clicks. Our per-vendor guides show where the setting lives in Intercom, Zendesk, HubSpot, and 17 other widgets.

Article 50(2) — synthetic media needs machine-readable marking

AI-generated or AI-edited audio, image, video, and text must be marked in a machine-readable format so it's detectable as artificially generated — think C2PA Content Credentials or IPTC provenance metadata, embedded in the file itself. This is a provider-side duty on the generative system, but it fails quietly in practice: image pipelines and CDNs routinely strip metadata on optimization, so content that left the generator marked can arrive on your site unmarked.

Article 50(3) — emotion recognition and biometric categorisation need notice

People exposed to emotion-recognition or biometric-categorisation systems must be informed the system is in operation. This one usually isn't visible on a website at all — it's an operational disclosure — which is why it can't be verified by an external crawl and needs an internal record instead.

Article 50(4) — deepfakes and AI-written public-interest text need labels

Deepfakes must be visibly disclosed as artificially generated or manipulated. AI-generated text published to inform the public on matters of public interest — news-style content — must be disclosed too, with a carve-out where a human exercised editorial control and someone holds editorial responsibility. If you publish with AI in the loop, this is your duty as the deployer.

Who Article 50 binds — providers, deployers, and non-EU companies

The Act splits duties between providers (who build the AI system) and deployers (who put it in front of users). Running a third-party chat widget on your site makes the vendor the provider — but how the widget is configured and presented on your site, under your brand, is your deployment. "The vendor handles it" is worth confirming rather than assuming.

Geography doesn't exempt you either: Article 50 follows your users, not your headquarters. The Act expressly covers providers and deployers outside the EU whenever the system's output is used in the Union — a US or UK company with EU traffic is in scope. There is also no general small-business exemption: SMEs get lighter supporting measures and a lower fine cap, not a pass on transparency.

The timeline: 2 August 2026, and the one carve-out

What the Digital Omnibus delayed — and what it didn't

The Digital Omnibus, the EU's simplification package for the AI Act, pushed the high-risk regime's deadlines out to 2027–2028 — and a lot of headlines compressed that into "the AI Act is delayed." Article 50 was deliberately left in place. The transparency duties still apply from 2 August 2026, with the single Art. 50(2) carve-out described above. If your compliance plan is waiting on the delay, it's waiting on the wrong article.

Penalties and enforcement

Non-compliance with Article 50's operator obligations carries fines up to €15 million or 3% of worldwide annual turnover, whichever is higher (for SMEs and start-ups, whichever is lower). Enforcement sits with national market-surveillance authorities.

What makes Article 50 unusual is how easy it is to check: a regulator — or a competitor drafting a complaint — doesn't need your code or your paperwork. They open your site, start a chat, look at your published content. And the burden of showing the disclosure was there sits with you: authorities expect documented evidence — screenshots, configurations, timestamps — not verbal assurance. That asymmetry is why keeping dated evidence matters as much as the disclosure itself.

The EU labels and the Code of Practice

On 10 June 2026 the European Commission published the final Code of Practice on Transparency of AI-Generated Content, which includes a uniform set of EU icons and text labels for marking AI content and deepfakes. Draft Commission guidelines on Article 50 were published in May 2026. Using the official label set isn't the only way to disclose, but it's the clearest signal of good faith available — and it's what our scanner looks for on article-like pages, alongside other visible disclosure patterns.

How to check your own site

The manual version takes a few minutes per page and is worth doing once:

The automated version is what DisclosureProof does: it loads your homepage in a real browser (desktop and mobile), opens your chat widget the way a visitor would, samples your media for machine-readable marking, checks article-like pages for labels, and seals what it saw into a timestamped, hash-verified evidence record. The homepage scan is free, with no signup.

One thing to expect from any honest checker: a scan reports what was detected, not detected, or couldn't be verified — it can't declare you compliant, because parts of Article 50 (like whether an image is actually AI-generated, or Art. 50(3) systems) aren't externally observable. Anyone promising a green "compliant" badge from a crawl alone is overclaiming.

Common questions

What is Article 50 of the EU AI Act?

Article 50 is the EU AI Act's transparency rulebook. It sets four disclosure duties: AI systems that interact with people must reveal they are AI; AI-generated image, audio, video, and text must be machine-readable as synthetic; anyone put in front of emotion-recognition or biometric-categorisation systems must be told; and deepfakes and AI-written public-interest text must be labeled. It binds both the provider that builds the AI and the deployer that puts it in front of users, and it applies from 2 August 2026.

Does the EU AI Act apply to my company if we're outside the EU — a UK or US business, say?

Yes, it can. Article 50 follows your users, not your headquarters — being a UK or US company is not an exemption. If your website, chatbot, or AI-generated content reaches people in the EU, the transparency duties can apply no matter where your company is registered, because the Act expressly covers providers and deployers outside the EU whenever the system's output is used in the Union. That is why US and UK businesses with any EU traffic are in scope.

When does Article 50 take effect — and did the 2025 “Digital Omnibus” delay it?

It takes effect on 2 August 2026 — and no, the 2025 “Digital Omnibus” did not move that date. The Omnibus, the EU's package to simplify the AI Act, pushed the high-risk system deadlines out to 2027–2028, and a lot of headlines shortened that to “the AI Act is delayed.” The Article 50 transparency duties were deliberately left in place: they still apply from 2 August 2026, and the power to issue fines starts the same day. The only part with a later date is machine-readable marking of AI content for generative systems already on the market before 2 August 2026, which has until 2 December 2026.

What are the penalties for a missing AI disclosure?

Up to €15 million or 3% of worldwide annual turnover — whichever is higher. Fines are issued by national market-surveillance authorities and can be levied from 2 August 2026; there is no separate enforcement grace period. Small businesses and start-ups are capped at the lower of those two figures rather than the higher, but the exposure is still real — and because Article 50 is not part of the high-risk regime, there is no conformity paperwork involved. The duty is simply to disclose, and to be able to show that you did.

How do I disclose an AI chatbot — and what actually counts as enough?

The user has to be told they are dealing with AI clearly and at the first interaction — not buried in your terms, not in a cookie banner, and not merely implied by a name like “Assistant.” In practice that means something visible in the conversation itself: an opening line such as “You're chatting with an AI assistant,” ideally alongside a persistent “AI” label on the chat window. There is a narrow exception when it is already obvious to a reasonable person — but a human-sounding support bot does not qualify. Whatever your chat actually shows on screen is what a regulator would judge.

We use a third-party chat widget — isn't disclosure the vendor's problem?

Partly the vendor's, but not entirely. The Act divides duties between providers, who build the AI, and deployers, who put it in front of users — and how the widget is configured on your site, under your brand, is a deployer responsibility that sits with you. Most major widgets already support an AI disclosure; it is often just switched off, worded too weakly, or hidden until someone clicks. “The vendor handles it” is worth confirming rather than assuming — which is exactly what a scan does.

Do small businesses and startups have to comply?

Yes. Article 50 has no general small-business exemption — a two-person company running an AI chatbot for EU visitors carries the same disclosure duty as a large enterprise. The AI Act gives SMEs lighter supporting measures, such as priority access to regulatory sandboxes, and a lower maximum fine, but not a pass on transparency itself. Small teams are often more exposed, because the disclosure is missing for the simple reason that nobody turned it on.

Which AI-generated content has to be labeled?

Two separate duties. Article 50(2) covers synthetic media — AI-generated or AI-edited image, audio, video, and text — which must carry a machine-readable marking a detector can read. Article 50(4) covers what a person sees: deepfakes, and AI-generated text published to inform the public on matters of public interest, must be clearly labeled as artificial. An AI image, an AI voiceover, or an AI-written news explainer can each trigger these; a private draft you never publish generally does not.

How would anyone find out — and what proof would I need?

Article 50 is unusually easy to check — a regulator or a competitor does not need your code, only your live site, and user or competitor complaints are a common trigger. Enforcement sits with national market-surveillance authorities, and the burden is on you to show you complied: authorities expect documented evidence — screenshots, configurations, timestamps — not verbal assurance. That is the gap DisclosureProof fills: it records what your site actually displayed, and when, so “the notice was there” is something you can prove rather than assert.

Is a DisclosureProof scan legal advice or a compliance guarantee?

No. DisclosureProof is an informational scanning and evidence tool — not a law firm — and a scan is not a certification or a guarantee of compliance. It is built to surface disclosure gaps and preserve timestamped proof of what your site displayed; for how the law applies to your specific circumstances, use qualified counsel.

Sources and further reading

This page summarises the rules for orientation — it is not legal advice, and the statute text linked above is the authority. Where your situation is non-obvious, involve qualified counsel.

Read enough — check the real thing.

One URL in, Article 50 findings out: your chat widget's first interaction, your media marking, your labels — with sealed evidence either way. Free.

Scan your site free