ARTICLE
29 May 2026

Article 50 EU AI Act – What The European Commission's Draft Transparency Guidelines Mean For Your Business

WS
Winston & Strawn LLP

Contributor

Winston & Strawn LLP logo
Winston & Strawn LLP is an international law firm with 15 offices located throughout North America, Asia, and Europe. More information about the firm is available at www.winston.com.
Explore Firm Details
The European Commission's draft Article 50 AI Act transparency guidelines are out for consultation. If your business provides or deploys AI systems, they clarify how to comply with Article 50 requirements.
United States Technology
Debbie Heywood

The European Commission's draft Article 50 AI Act transparency guidelines are out for consultation.  If your business provides or deploys AI systems, they clarify how to comply with Article 50 requirements.

The Article 50 transparency obligations apply from 2 August 2026 (with one narrow exception for watermarking under the AI Omnibus). On 8 May 2026, the European Commission published draft guidelines on the implementation of those obligations (guidelines), open for stakeholder consultation until 3 June 2026.

The guidelines (once final) are non-binding, and any authoritative interpretation of the AI Act may ultimately only be given by the CJEU. In practice, however, market surveillance authorities are expected to follow them closely, and businesses that diverge without good reason take a real regulatory risk.

What are the Article 50 requirements and who is in scope?

The purpose of the AI Act Article 50 transparency obligations is to reduce the risks of impersonation, deception, misinformation, manipulation, and fraud, and to mitigate potential adverse impacts on democratic processes and societal trust caused by AI-generated or manipulated content or interaction. They are not limited to the highest-risk AI systems; they apply to a distinct category of AI that poses what the Act calls a "transparency risk", regardless of how those systems are classified under the broader Act.

Transparency obligations can apply cumulatively to a single AI system, engaging the responsibility of different actors (providers or deployers). One operator may fulfil more than one role concurrently in relation to one AI system – a business can simultaneously be a provider and a deployer, with both sets of obligations applying at once.

If your role is limited to disseminating or transmitting AI-generated or manipulated content created by third-parties, or you receive or are exposed to such content without directly having authority over the use of the AI system, you are likely not a deployer within the meaning of the AI Act.

There are limited exclusions for Article 50 obligations, which are further narrowed by the guidelines.  Three in particular are clarified:

  • Personal/non-professional use: This applies only to deployer obligations of deployers. The system itself remains within scope regarding the obligations of providers placing the system on the market or putting it into service. It also does not apply to deep fakes made publicly available by a person that can have an impact on matters of public interest.

  • Scientific research: If those systems are put into service or their outputs are also used outside of the scientific research context, the relevant transparency obligations in Article 50 would still need to be complied with.

  • Free and open-source software: this exception is clarified not to be available where a system is in-scope of Article 50 (i.e. it poses a transparency risk).

Article 50(1) – transparency for interactive AI systems (providers only)

Providers of AI systems directly interacting with natural persons must design and develop those systems so that those individuals are informed they are interacting with an AI system, unless the AI nature of the interaction is obvious, or where the system is authorized by law for law enforcement purposes.

What the guidelines clarify

  • Systems that passively collect data and are not capable of engaging in exchange of information (although this is not defined) are not covered.

  • "Direct interaction" is typically real-time or near real-time.  Indirect or mediated interaction (where a user merely receives AI outputs) is excluded.

  • AI-enabled voice assistants, chatbots, humanoid robots or robopets, AI avatars, bots on social networks, coding agents and other agentic AI systems can be covered.  Traditional industrial systems in closed settings, algorithmic recommender systems, spam filters, and automated translation tools are examples of systems which would not be covered.

  • Where it is unclear whether an AI agent will interact directly with an individual, the agent should be instructed to disclose itself as AI in every situation where it is likely it would interact with a person.

  • One-time disclosure may not be adequate in sensitive contexts or where there is a risk of users forming an emotional attachment to the AI.

  • Disclosures solely in T&Cs, URLs, documentation or machine-readable markings which a user can't see at the point of interaction, or technical descriptions without explanations will not be compliant.

  • Providers are encouraged to use a variety of information methods including labels, banners, persistent badges, first-turn chatbot greetings, spoken statements on initial interaction, together with periodic reminders and icons or symbols to indicate AI.

  • For AI agents: where the provider cannot reliably determine whether an agent will interact with a natural person, the agent should be instructed to disclose itself as AI in every situation where such interaction is likely. This is a notable expansion as the AI Act itself does not mention agents.

  • There is an exception to Article 50(1) requirements where the provider can demonstrate that the artificial nature of the interaction will be obvious to the well-informed, observant and circumspect person taking into account the circumstances and context of use. So the target audience and the nature of the system must be considered when assessing whether or not the obviousness exception applies.

Article 50(2) – making and detection of AI-generated content (providers only)

Providers of AI systems generating or manipulating synthetic image, video, audio or text must ensure outputs are marked in machine-readable format and detectable as AI-generated, using technical solutions that are effective, interoperable, robust and reliable.

What the guidelines clarify

  • Each of the two elements of Article 50(2) must be fulfilled, i.e. marking in machine-readable format and making outputs detectable.

  • The scope is explicitly broad. Article 50(2) applies not only to generative AI systems with a narrow intended purpose but also to GPAI systems and agentic AI systems, so long as they generate synthetic audio, image, video or text content.  Content that is mixed with human-generated material qualifies as synthetic content and is therefore in scope if manipulated or generated in one of the relevant modalities.

  • Short sequences of numbers or symbols, source code, machine-to-machine outputs not intended to be perceived by humans, and outputs used only in closed-loop industrial environments that are not the final output are not in scope.

  • The meaning of "effective, interoperable, robust and reliable" is clarified:

    Effective - capable of detecting marks and enabling persons to distinguish AI-generated content

    Interoperable - capable of operating seamlessly across multiple systems, actors and contexts regardless of the marking technique

    Robust - maintaining performance under varying conditions and adversarial attacks

    Reliable - accurately identifying AI-generated content in nominal conditions.

  • A combination of detection solutions is recommended, and suitable example marking techniques include watermarks, metadata identifications, cryptographic methods, logging methods, and fingerprints.

  • There are limited exceptions including for assistive standard editing, where there is no substantial alteration of input, for law enforcement, for certain B2B strictly technical output intended for a pre-defined internal audience, and for real-time generative content in video games that is ephemeral and consumed immediately without being stored or disseminated provided a person will be aware the content is AI-generated.

Article 50(3) – emotion recognition and biometric categorization (deployers only)

Deployers of emotion recognition systems and biometric categorization systems must inform natural persons exposed to the system in question. The obligation applies regardless of whether the persons are exposed in real-time or the systems are operated ex post.

What the guidelines clarify

  • Article 3(39) AI Act defines an emotion recognition system as "an AI system for the purpose of identifying or inferring emotions or intentions of natural persons on the basis of their biometric data". Clarification on the precise scope is expected in upcoming Commission guidelines on high-risk classification.

  • Since all emotion recognition systems are also classified as high-risk the Article 50(3) obligation applies in conjunction with the other requirements applicable to high-risk AI systems, however, Article 50(3) will apply to all biometric categorization systems regardless of their risk classification.

  • Deployers are not required to provide people with an explanation of why they are using emotion recognition or a biometric categorization system but notification is required whether or not the system is used in real time.

  • The method for informing the user will depend on contextual elements including the place of deployment and the nature of the relationship, and may be given in writing, by standardized icons, orally or by a combination of methods.

Article 50(4) – deepfakes and AI-generated public interest text (deployers only)

Deployers generating deepfakes must disclose that the content has been artificially generated or manipulated.  Separately, deployers of AI systems generating or manipulating text published to inform the public on matters of public interest must do the same. The disclosure requirement for deepfakes is relaxed for evidently artistic/creative/satirical/fictional works. There is also an exception for text where human review and editorial control has been exercised.

What the guidelines clarify

  • A deepfake is content that bears appreciable resemblance to existing subjects, persons, objects, places, entities or events that would falsely appear to be authentic or truthful.  "Existing" doesn't mean that the content features real people – photorealistic stock is in scope – just that the subject "could" exist (so mythical creatures, or a human flying, would be out of scope).  The intention of the deployer is not relevant and must take into account the potentially diverse nature of the audience (especially where the audience may consist of vulnerable people or children).  Minor AI-supported manipulation may not bring content within the definition but this must be assessed on a case by case basis.

  • Labelling or disclosure methods need to be understandable and perceivable by people without requiring additional technical tools or dedicated actions.

  • There is a softening of the disclosure obligation for deepfakes forming part of evidently artistic, creative, satirical, fictional or analogous works or programs but disclosure is still required.  It does, however, allow for notifying without interrupting the storyline – in opening credits, for example.

  • The public interest disclosure requirement applies to content published for the purpose of informing the public about matters of public interest.  Private correspondence and internal documents are excluded. 

  • The exception in relation to content which is subject to human review and editorial control applies only where both human review (by people with relevant competence and professional judgment), and editorial control (someone with authority to approve, alter or reject text on substantive grounds including fact-checking), have been carried out.

What next?

Once published in final form (expected before 2 August 2026), the guidelines are intended to provide practical but non-binding guidance for providers and deployers of AI systems and competent authorities in complying with their Article 50 obligations.  There is an extended deadline of 2 December 2026, which applies only to Article 50(2) marking and detection obligations for legacy generative AI systems already on the market under the AI Omnibus

The guidelines will sit alongside a voluntary Code of Practice which will cover Articles 50(2) and (4). Those signing up to and adhering to the Code will be assumed to be in compliance although that will not be the only route to compliance – an assumption not possible by merely adhering to the guidelines.

If you provide or deploy AI systems with transparency risks, your immediate priority is to map them against the Article 50 obligations, using the catalog of examples in the guidelines. In particular, you should review your current transparency disclosures now we have more clarity.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Debbie Heywood
Debbie Heywood
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More