European Commissioner in charge of internal market Thierry Breton holds a press conference on artificial intelligence (AI) following the weekly meeting of the EU Commission in Brussels on April 21, 2021. POOL/AFP via Getty Images

Every business deploying consumer-facing AI in Europe faces two hard deadlines now running in parallel. On August 2, 2026 — 41 days from today — the EU AI Act's Article 50 transparency obligations become enforceable across all 27 member states, imposing binding disclosure requirements on chatbots, deepfakes, and AI-generated content for the first time in any G7 jurisdiction. Before that date arrives, companies that want the strongest legal protection available must act by July 22: the deadline to sign the EU AI Office's new Code of Practice on Transparency of AI-Generated Content and secure a presumption of regulatory conformity.

The distinction between those two dates matters more than most compliance teams realize, and the stakes of missing either are material. Non-compliance with Article 50 carries fines of up to €15 million or 3% of global annual turnover — whichever is greater — enforced by national market surveillance authorities in each member state. The Code of Practice, published June 10 after a seven-month drafting process involving 187 participants, is technically voluntary. But companies that do not sign it will face heavier scrutiny from regulators and a steeper evidentiary burden when trying to prove compliance through alternative means, according to the EU AI Office's signatory guidance.

What Article 50 Actually Requires

Article 50 imposes four distinct obligations that apply not just to high-risk AI systems but to any AI system falling into one of four defined transparency categories.

Chatbot disclosure. Providers of AI systems designed to interact directly with people — chatbots, virtual assistants, autonomous AI agents — must ensure users are clearly informed they are communicating with an AI at the first point of contact. Under Commission draft guidelines published May 8, the exemption for "obvious" AI interactions is narrow: only interactions where a reasonably well-informed, observant person would self-evidently recognize AI involvement are exempt. Most consumer-facing deployments will not qualify.

Machine-readable watermarking of AI-generated content. Providers of generative AI systems must embed machine-readable markings in AI-generated audio, images, video, and text outputs, making them detectable as artificially generated. This is the one obligation that received a targeted deferral under the May 2026 Digital Omnibus provisional agreement: for generative AI systems already on the EU market before August 2, the watermarking requirement is deferred to December 2, 2026. Systems launched on or after August 2 must comply from day one.

Deepfake labeling. Deployers — companies and individuals using AI systems to create or publish content — must visibly disclose when image, audio, or video constitutes a deepfake: AI-generated or manipulated material depicting real or realistic people, objects, or events in ways that could appear authentic. The obligation applies regardless of deceptive intent. A narrow carve-out exists for clearly artistic or satirical works, but the Commission's guidelines explicitly state it does not cover AI-generated deepfakes of celebrities used in commercial advertising.

Emotion recognition and biometric categorization notification. Deployers operating emotion-recognition or biometric categorization AI systems must inform individuals subjected to them. Limited exemptions apply for law enforcement uses authorized by law.

Why No Single Watermarking Technology Currently Meets the Law

The compliance paradox embedded in Article 50(2) is the part of this deadline that most product teams have not yet grappled with. The Act requires that machine-readable markings be effective, interoperable, robust, and reliable — four simultaneous technical criteria. The Code of Practice published on June 10 explicitly acknowledges that no single active marking technique currently meets all four at once, as confirmed by the EU AI Office's own Code documentation.

The result is a mandated multi-layer approach. Under the Code, providers must implement at minimum two active layers of machine-readable marking simultaneously.

The first layer is cryptographically signed metadata using the C2PA standard — the Coalition for Content Provenance and Authenticity, a specification backed by Adobe, Microsoft, OpenAI, and major camera manufacturers. C2PA embeds a tamper-evident, digitally signed provenance record into a file's metadata. The problem the Code itself identifies: metadata is easily stripped when content is shared via screenshots, social media uploads, or file format conversion.

The second layer is imperceptible watermarking — a signal embedded directly into pixels, audio samples, or text tokens rather than file metadata. Google DeepMind's SynthID is the most widely deployed implementation. Imperceptible watermarks survive some processing but degrade under compression, cropping, and adversarial manipulation.

Neither technique alone satisfies the statutory standard. Together, they come closer — but the Code's own language acknowledges that the interoperability requirement remains a work in progress, because no universal detection validator currently exists across all providers. Legal analysis firm Bird & Bird has described this as a "crucial reality check" for model and system providers: the search for a single technical silver bullet to satisfy Article 50(2) "may be over." Companies cannot rely on implementing any single product to achieve full compliance.

The Commission's draft guidelines add a further constraint: technical feasibility under Article 50(2) is an "objective notion" not dependent on individual providers' resources. A small company cannot argue exemption on cost grounds. Midjourney, the generative image platform, is among the most prominent AI tools that have not yet deployed C2PA in their outputs, leaving them with direct regulatory exposure under this obligation unless their approach changes before August 2.

The Code of Practice: Presumption of Conformity and the July 22 Deadline

The Code of Practice is formally voluntary, but it confers a significant legal benefit: signatories are presumed compliant with their Article 50(2) and Article 50(4) obligations, shifting the evidentiary burden toward regulators rather than companies. Non-signatories are not automatically in breach, but as law firm Gibson Dunn noted in its analysis of the regulatory landscape, August 2, 2026 remains a live compliance date and companies subject to these obligations should continue preparing for it.

The practical effect of not signing is substantial. Non-signatories within the scope of Article 50(2) and (4) should expect a higher volume of information requests from national market surveillance authorities and will bear the full evidentiary weight of demonstrating that their alternative approach is at least as effective as the Code's requirements.

To appear on the initial signatory list — which the AI Office will publish before August 2 — providers and deployers must submit their completed signatory forms to the EU AI Office by July 22, 2026 at 18:00 CEST. The AI Office is hosting an information session today, June 22, for organizations seeking to understand the signature process.

The Code introduces two standardized icons for labeling AI-generated content — "AI" in English, with localized equivalents including "KI" in German and "IA" in French — made available without attribution requirements. It specifies placement rules by modality: persistent on-screen labels for video, visible markings for images, audible disclaimers for audio. It also distinguishes between "fully AI-generated" and "AI-assisted" content, each with different disclosure treatments — a distinction that carries potential implications under European copyright law, since a "fully AI-generated" label may signal limited human creative contribution.

What the Omnibus Actually Changed — and Did Not Change

The May 2026 Digital Omnibus provisional agreement attracted significant attention for its 16-month deferral of high-risk AI obligations: Annex III systems covering hiring tools, credit scoring, and law enforcement AI now face a December 2, 2027 compliance deadline rather than August 2026. That deferral has created real confusion about whether Article 50 was similarly relaxed.

It was not, with one targeted exception. The core Article 50 obligations — chatbot disclosure under Article 50(1), emotion recognition notification under Article 50(3), and deepfake labeling under Article 50(4) — remain fully in force on August 2, 2026. The Omnibus introduced only the grandfathering window described above for the machine-readable marking obligations under Article 50(2) for systems already on market, pushing that specific requirement to December 2, 2026 for legacy deployments.

The Omnibus agreement, reached on May 7, also remains provisional. Formal adoption in the EU Official Journal is expected before August 2, 2026 — but until that publication occurs, the extended deadlines for high-risk systems are not yet legally binding. Companies should monitor the EU AI Act regulatory framework page for the formal adoption notice.

A Precedent Beyond Europe

Article 50's August 2 enforcement date is the first time a G7 jurisdiction has imposed binding, enforceable AI transparency obligations on consumer-facing AI products at scale — covering every chatbot, AI image generator, synthetic voice service, and AI-assisted publication operating in the EU single market of 450 million people. The IPTC's technical analysis of the June 10 Code notes that providers are expected to preserve any existing machine-readable marks when AI-generated content passes through their systems, extending the chain-of-custody requirement across the content supply chain.

For media organizations, marketing agencies, and any business whose external communications use generative AI tools, the practical implication is specific: audit your AI-generated content pipeline, determine which obligations under Article 50 apply to each system, decide whether to sign the Code of Practice by July 22, and ensure labeling processes are operational by August 2.

Forty-one days remain.

Frequently Asked Questions

Does Article 50 apply to my company if I am not based in the EU?

Yes. Article 50 applies to any AI system placed on the EU market or put into service in the EU, regardless of where the company developing or deploying it is headquartered. A US-based startup whose chatbot serves EU users falls within scope from August 2, 2026. The regulation's extraterritorial reach mirrors the approach established by the General Data Protection Regulation.

Does the labeling obligation apply to AI-generated text published on news websites?

Yes. Article 50(4) requires disclosure when AI-generated or AI-manipulated text is published on matters of public interest. Media organizations that use generative AI tools in their editorial workflows should assess whether their use cases require labeling. A narrow exemption exists where documented editorial review processes and identified responsible parties are in place, but that exemption is deliberately constrained and does not cover automated AI drafting without meaningful human editorial oversight.

No single AI watermarking technique meets all four legal criteria — so how can companies comply?

The Code of Practice mandates a multi-layer approach: at minimum, a combination of C2PA cryptographically signed metadata and imperceptible watermarking (such as Google SynthID) deployed simultaneously. Neither technique alone meets the statutory requirements of being effective, interoperable, robust, and reliable. The Code acknowledges the gap and treats compliance as a demonstrated effort toward the standard, not a binary pass/fail — but this does not eliminate the legal obligation from August 2 for new systems, and the Commission has clarified that technical difficulty does not constitute an exemption for companies with sufficient resources.

What is the difference between the July 22 and August 2 deadlines?

July 22, 2026 at 18:00 CEST is the deadline to submit a signatory form to the EU AI Office and appear on the initial list of Code of Practice signatories. Signing confers a presumption of regulatory conformity, reducing enforcement risk and evidentiary burden. August 2, 2026 is when Article 50 becomes legally enforceable — the date on which non-compliant chatbot disclosures, unlabeled deepfakes, and unmarked AI-generated content become subject to fines of up to €15 million or 3% of global annual turnover.