Sophie Laurent, YuSMP Group
Sophie Laurent Legal & Compliance Lead, YuSMP Group · Advises US and EU teams on GDPR, the EU AI Act and cross-border data flows
Illustration of a machine-readable label badge and watermark motif over floating panels of AI-generated image, audio, video and text against a circle of stars, representing EU AI Act transparency marking of synthetic content

The short answer

On 2 August 2026, Article 50 of the EU AI Act — its transparency chapter — becomes legally binding across all 27 member states, and the European Commission's enforcement powers over general-purpose AI providers enter into application. Three duties go live: tell users when they are talking to an AI, label deepfakes as artificially generated, and embed machine-readable markings in AI-generated audio, images, video and text.

Fines reach up to €15 million or 3% of global annual turnover, whichever is higher. The rules are extraterritorial: a US company serving EU users is in scope. If your product includes a chatbot, an AI agent, or any generative feature, disclosure and content marking are now a live EU AI Act requirement you have to engineer, not a policy footnote.

What goes live on 2 August?

The EU AI Act is being switched on in waves, and 2 August 2026 is one of the load-bearing dates. Two things happen at once. First, the transparency obligations in Article 50 — the part of the law aimed at making sure people can tell when they are dealing with AI — stop being guidance and become enforceable. Second, the Commission's own enforcement powers over providers of general-purpose AI (GPAI) models enter into application, meaning the AI Office can request documentation, run technical evaluations, demand mitigation measures, restrict a model on the EU market, and issue fines.

This is not a distant, high-risk-systems deadline of the kind that was recently pushed toward 2027. Article 50 targets everyday product surfaces: the support chatbot on a SaaS dashboard, the AI agent inside an app, the image and video generators baked into marketing tools, and AI-written text published to inform the public. If you build or commission those features — including AI agents and assistants — the transparency layer is now part of shipping to Europe.

The obligations attach to two roles the Act defines carefully. Providers — those who develop and place an AI system on the market — carry the marking duties. Deployers — those who use an AI system in the course of their business — carry the disclosure duties for chatbots and deepfakes. Many companies are both at once, which is why a single feature can trigger several obligations simultaneously.

The three transparency duties

1. Tell users they are talking to an AI. Providers of AI systems designed to interact directly with people — chatbots, virtual assistants, autonomous agents — must ensure users are clearly informed they are communicating with an AI at the first point of contact. There is a narrow exemption where AI involvement is obvious to a reasonably well-informed person, but the Commission's draft guidelines read that exemption tightly: if it is not self-evident, you disclose. For teams building conversational AI, that means an explicit, accessible notice at the start of the interaction, not buried in a terms page.

2. Label deepfakes. Deployers of a system that generates or manipulates image, audio or video that constitutes a deepfake must disclose that the content is artificially generated or manipulated. Crucially, this applies even without any intent to deceive: content that looks or sounds like a real person, scene or event must be labelled, whether or not anyone was trying to mislead, and whether or not a real individual is depicted. Synthetic marketing footage, AI-voiced narration and generated product imagery all fall in scope.

3. Mark AI-generated output as machine-readable. Providers of generative AI must embed machine-readable markings in AI-produced audio, images, video and text so the content can be detected as artificially generated — think watermarks, metadata and provenance signals that survive downstream use, "as far as technically feasible." A related duty covers AI-generated text published to inform the public on matters of public interest: it must be disclosed as artificially generated unless it went through human editorial review. If you offer generative AI features, this marking has to be built into the output path, not stapled on afterward.

What is the Code of Practice, and why 22 July?

To help organisations meet the marking and disclosure duties, the European Commission published a voluntary Code of Practice on Transparency of AI-Generated Content on 10 June 2026. Signing it is not mandatory, but it buys something valuable: signatories gain, in the Commission's words, "predictability, legal certainty and trust across all Member States," and can demonstrate compliance without an individual, case-by-case assessment by national market surveillance authorities. Companies that choose a different technical route must instead prove the adequacy of their own approach, regulator by regulator.

Reporting around the rollout has pointed to 22 July 2026 as the practical window for organisations that want to be recognised signatories before the obligations bite on 2 August — giving them a presumption of conformity from day one rather than defending a bespoke method under scrutiny. Because the exact signatory mechanics and any grace periods can move, confirm the current position against the Commission's own guidance before you plan around a specific date. The strategic point holds regardless: aligning to the Code is the lower-risk path, and it standardises what "good" looks like across the bloc.

Does this reach US companies?

Yes. Like the rest of the AI Act, Article 50 is extraterritorial. Providers established outside the EU are in scope where they place an AI system on the EU market, or where the system's output is used in the EU. A US SaaS vendor whose chatbot answers European customers, a design tool whose image generator is used by EU teams, or a media platform serving AI-written articles to EU readers are all covered — regardless of where the company is incorporated or where its infrastructure runs.

That mirrors the reach US teams already know from the GDPR, and it converges with it: a generative feature can raise both a transparency duty under the AI Act and a data-protection question under the GDPR at the same time. The pragmatic reading for US-headquartered product teams is simple — "we're a US company" is not a carve-out. If EU users touch the output, the obligation touches you.

What it means for US & EU software teams

Strip away the legal framing and three engineering signals remain. First, this is an interface and pipeline problem, not a legal-department problem. Chatbot disclosure lives in the UI at first contact; deepfake labelling lives wherever synthetic media is rendered; machine-readable marking lives in the generation and export path. Retrofitting all three across a mature product under deadline is painful — which is why the teams moving now are adding a thin, reusable "AI transparency" layer rather than patching each surface by hand.

Second, regulated verticals carry extra weight. In FinTech, an AI assistant that discusses balances or products must clearly not pass as a human adviser; in HealthTech, synthetic media and AI-generated patient-facing text draw obvious scrutiny. For these domains, disclosure and provenance are not just AI Act items — they align with existing duties around fair dealing, consumer protection and clinical accuracy, so building them well pays back across multiple regimes.

Third, provenance is becoming table stakes beyond Europe. Machine-readable content marking overlaps with emerging content-authenticity standards and with platform policies on labelling synthetic media. A team that implements durable, interoperable markings for the EU is largely building the same capability the rest of the market is trending toward — so the compliance work doubles as product-quality and trust work, not dead-weight overhead. Match the feature to the duty, build the transparency layer once, and 2 August becomes a release note rather than a fire drill.

A practical readiness checklist

Nothing here requires reinventing your product — it is the work that turns a hard deadline into a routine review:

  1. Inventory your AI surfaces. List every place users meet AI: chatbots, agents, image/audio/video generators, AI-written text. You can only cover what you can see.
  2. Add first-contact chatbot disclosure. A clear, accessible "you're chatting with an AI" notice at the start of every conversational interaction reaching EU users.
  3. Label synthetic media. Wherever you generate or manipulate image, audio or video, attach a visible AI-generated label — independent of intent to deceive.
  4. Embed machine-readable markings. Build watermarks/metadata/provenance signals into the generation and export path so outputs are detectable as AI-made.
  5. Handle public-interest text. Where AI-written text informs the public, disclose it unless a human editor reviews it — and record that review step.
  6. Decide on the Code of Practice. Assess whether signing the Commission's Code (for a presumption of conformity) beats defending a bespoke method per member state.
  7. Document it. Keep a short record of which surfaces carry which controls, so an audit or a customer questionnaire is a lookup, not an investigation.

This is not legal advice, and the right approach depends on your product, your markets and your models. But the direction is unambiguous: from 2 August, in Europe, users get to know when content and conversations are machine-made — and the teams that will move fastest are the ones who treat that as a design input now.

Frequently asked questions

What changes under the EU AI Act on 2 August 2026?

On 2 August 2026 the Article 50 transparency obligations of the EU AI Act become legally binding across all 27 member states, and the European Commission's enforcement powers over general-purpose AI providers enter into application. In practice three duties go live: users must be told when they are interacting with an AI system, deepfakes must be labelled as artificially generated, and providers of generative AI must embed machine-readable markings in synthetic audio, image, video and text so it can be detected as AI-generated.

Do the transparency rules apply to US companies?

Yes, where the AI system is placed on the EU market or its output is used in the EU. Article 50 is extraterritorial in the same way as the rest of the AI Act: a US company that ships a chatbot, an image or video generator, or AI-written content to users in the EU is in scope regardless of where its servers or headquarters sit. Location of the provider does not determine the obligation; the EU touchpoint does.

What is the Code of Practice on Transparency of AI-Generated Content?

It is a voluntary framework the European Commission published on 10 June 2026 to help organisations meet the Article 50 marking and disclosure duties. Signatories gain predictability and a presumption of conformity across all member states, meaning they can demonstrate compliance without a case-by-case assessment by national market surveillance authorities. Companies that rely on an alternative method must prove its adequacy individually.

What are the penalties for breaching Article 50?

Non-compliance with the transparency obligations carries fines of up to 15 million euro or 3% of global annual turnover, whichever is higher, enforced by national market surveillance authorities in each member state. For general-purpose AI model providers, the Commission's own enforcement powers, including fines, also enter into application on 2 August 2026.

Is there a grace period for watermarking existing systems?

Reporting on the rollout indicates that generative AI systems already on the EU market before 2 August 2026 receive a short grace period for the machine-readable marking duty, with that obligation described as extending into December 2026. The disclosure duties for chatbots and deepfakes apply from 2 August. Because timelines and exemptions can shift, teams should confirm the current position against the primary Commission guidance before relying on any grace window.

Sources

European Commission — Code of Practice on Transparency of AI-Generated Content (published 10 June 2026)
European Commission — Regulatory framework on AI (AI Act application timeline)
EU Artificial Intelligence Act — Article 50: Transparency obligations for providers and deployers