SELINA.ai
Sign in

August 2, 2026: What EU AI Act Article 50 Actually Requires of Chatbots and AI Products, and Why Privacy Architecture Matters More Than You Think

You have less than two months. On August 2, 2026, the EU AI Act's Article 50 transparency obligations become enforceable, and the compliance surface is wider than most founders realize. If your product involves a chatbot, a voice assistant, an agentic workflow, emotion recognition, biometric categorization, or any AI-generated content (text, image, audio, video), you are likely in scope. The privacy implications run deeper than a disclosure banner. The fines run up to €15 million or 3% of global annual turnover, whichever is higher. This post walks through what the rules actually say, what the European Commission's draft guidance clarifies, and what you should be doing right now.

Key Takeaways

What are the four transparency obligations under Article 50?

Article 50 contains four numbered paragraphs, each imposing a different obligation on a different set of actors. They are not interchangeable, and they do not all apply to the same products. Here is the breakdown.

Article 50(1): Interactive AI disclosure

If your AI system is designed to interact directly with people (chatbots, voice assistants, agentic systems that email or message humans), you must ensure those people know they are interacting with an AI, not a human. This is the "tell them it's a bot" rule. The obligation falls on both providers and deployers. The draft Guidelines confirm that agentic AI systems fall squarely under this paragraph.

Article 50(2): Machine-readable marking of AI-generated content

Providers of AI systems that generate synthetic audio, image, video, or text must ensure their outputs are marked in a machine-readable format as artificially generated. This is the watermarking/metadata obligation. It applies at the point of generation, not at the point of distribution.

Article 50(3): Emotion recognition and biometric categorization

If you deploy an emotion recognition system or a biometric categorization system, you must inform the people being subjected to it. Plain language, before or at the time of exposure. This one is comparatively narrow in scope but brutal in its privacy implications.

Article 50(4): Deepfake labeling

Deployers who publish AI-generated or AI-manipulated content that constitutes a deepfake (image, audio, video that "appreciably resembles" real persons, objects, places, or events and would falsely appear authentic) must disclose that the content was artificially generated or manipulated. The Commission's guidance specifies standardized EU icons and text labels for this purpose.

Which obligations have a grace period, and which do not?

Only one has a grace period. On May 7, 2026, EU co-legislators agreed to a grandfathering rule for Article 50(2) specifically: generative AI systems already on the market before August 2, 2026 have until December 2, 2026 to comply with the machine-readable marking duty. The other three obligations (50(1), 50(3), and 50(4)) take effect August 2, 2026 with no extension. If your chatbot is live and serving EU users on August 3 without a proper disclosure mechanism, you are already non-compliant.

What does "clear and distinguishable" disclosure actually mean?

The Commission's draft Guidelines set a specific bar: a disclosure only counts as "clear and distinguishable" if it is noticeable, easy to understand, and separable from surrounding content. A few implications follow directly from that standard.

Disclosure buried in terms and conditions does not satisfy the obligation. The Guidelines say this explicitly. If your only AI-interaction notice lives in a TOS page that users click through once and never revisit, you are non-compliant.

The Guidelines give concrete examples of in-scope interactive systems: chatbot agents, social-network bots, and AI voice assistants. For voice interactions, the disclosure must be audible and timely, not just textual.

There is an exemption for "obvious AI" scenarios, where a reasonably informed user would clearly recognize the system's AI nature without being told. Think: a clearly labeled creative image generator with a stylized UI. But the Guidelines treat this exemption narrowly. If there is any ambiguity about whether a reasonable person would know they are dealing with an AI, you disclose. In practice, most chatbot deployments will not qualify for this exemption, especially agentic ones that initiate contact or handle tasks autonomously.

How do the rules apply to agentic AI?

This is where the Guidelines get architecturally interesting. Agentic AI systems, the ones that can take actions, send messages, or interact with third parties on a user's behalf, fall under Article 50(1). The Commission's draft explicitly states that where a provider cannot reliably predict whether its agent will interact with a human, the agent must be built to disclose its AI nature in every likely-interaction scenario.

Read that again. "Built to disclose." Not "configured to disclose" or "prompted to disclose." The framing is about how the system is constructed. This is a design-time obligation, not a deployment-time configuration toggle. If your agent sends emails, responds to support tickets, posts on social media, or places phone calls, and it might plausibly reach a human on the other end, the agent itself must carry the disclosure capability. You cannot rely on downstream deployers to handle it if you are the provider.

For founders building agentic products, this means the disclosure logic needs to live in the system's interaction layer, not in a wrapper that a customer can remove or override. That is an architecture decision.

What about AI-generated content marking? How does Article 50(2) work?

Article 50(2) requires providers to ensure that outputs of AI systems generating synthetic audio, image, video, or text are marked in a machine-readable format as AI-generated. The draft Guidelines encourage (but, for non-Code signatories, do not strictly require) general-purpose AI model providers to implement marking measures at the model level, treating it as a "strongly suggested best practice."

The technical reality is that no single marking technology currently satisfies all of Article 50's requirements. Watermarking schemes exist for images and audio but remain fragile against transformations. Text watermarking is even less mature. Forensic detection tools are not yet considered reliable by the Commission, and common evaluation benchmarks do not exist yet. Significant uncertainty remains about how market surveillance authorities will actually assess compliance.

This is not a solved problem. If you are a provider, you should be implementing the best available marking measures (C2PA metadata, steganographic watermarks for images, content provenance manifests) while documenting that you are tracking the state of the art. The grandfathering extension to December 2, 2026 for systems already on the market gives some breathing room, but only for this specific obligation.

What is the Code of Practice, and should you sign it?

On June 10, 2026, the European Commission published a Code of Practice on Transparency of AI-Generated Content. It is voluntary. It is also strategically significant.

The Code covers the marking and labeling duties under Articles 50(2), 50(4), and 50(5). It specifies standardized icons, text labels, and machine-readable marking approaches for deepfakes and other AI-generated content. For Code signatories, marking at the model level is treated as a binding commitment, not just a best practice.

Here is the enforcement dynamic that matters: the Commission has indicated that regulators will focus supervisory attention on whether entities have adhered to the Code, and signatories will receive "increased trust" during enforcement. Non-signatories will need to independently demonstrate compliance via a gap analysis. This creates a two-tier system. Signing the Code is not required, but not signing means you carry a heavier burden of proof when a regulator comes knocking.

The Commission is encouraging stakeholders to submit signatory forms by July 22, 2026, 18:00 CET, to be included in the initial published list before the August 2 effective date.

If you serve EU customers and your product generates content that could be mistaken for human-produced, signing the Code is a pragmatic move. Think of it as analogous to a SOC 2 report: technically voluntary, practically expected by enterprise buyers and regulators.

Who bears the obligation: providers, deployers, or both?

Both. And this is where the vendor supply chain creates what you might call a silent liability.

Under the AI Act's definitions, a "provider" is the entity that develops or places an AI system on the market. A "deployer" is the entity that uses it under its own authority. For a SaaS chatbot product, the SaaS company is typically the provider. The customer deploying that chatbot on their website is the deployer. Both have distinct transparency obligations, and the lines between them can blur.

The Guidelines clarify that platforms merely disseminating third-party AI content (without generating it) are not "deployers" under the Act, though they are encouraged to preserve upstream marks and inform exposed users. But if you are building on top of a frontier model provider's API and serving outputs to end users, you are a provider or deployer (possibly both, depending on how much you transform the outputs), and you carry your own Article 50 obligations regardless of what your upstream model provider does or does not do.

The practical implication: review your vendor contracts. Make sure disclosure, labeling, and compliance-monitoring responsibilities are clearly allocated between you and any upstream AI providers. If your contract with a model provider is silent on who handles Article 50(2) marking, you own it by default. And if the provider's outputs lack machine-readable provenance metadata, that is now your problem to solve at the application layer.

Does any of this apply retroactively to content already generated?

No. The Guidelines clarify that AI-generated content already circulating before August 2, 2026 does not need retroactive marking or labeling. Deployers are encouraged to voluntarily label such content, but there is no legal obligation to go back and watermark every image your system has ever produced. Going forward, though, everything generated after the effective date must comply.

Why is transparency compliance actually an architecture problem?

Most compliance commentary treats Article 50 disclosure as a UI copy problem. Add a banner. Show a label. Done. This undersells the challenge by an order of magnitude.

Consider what the Guidelines imply for chatbot products specifically. The disclosure must be "clear and distinguishable." It must not be buried in terms and conditions. For systems where users may express emotional distress or form emotional attachment (think: mental health chatbots, companion apps, customer service agents handling complaints), the Commission's guidance suggests that a first-turn disclosure alone is unlikely to be sufficient. Disclosure may need to be periodic and context-aware.

That means your system needs to track session state to know when to re-disclose. It needs to detect or anticipate interaction contexts where a user might forget or lose awareness that they are talking to an AI. This is not a banner; it is a feature of the session architecture. It touches prompt design, turn management, and potentially the model's system instructions.

For products that care about privacy, this creates a tension. Periodic re-disclosure requires the system to monitor interaction context, which requires some awareness of what the user is saying or feeling. If you are building a privacy-first product, you need to figure out how to implement context-aware transparency without building an emotion-surveillance system. That balance is subtle, and it has to be thought through at the architecture level.

We build Selina with this kind of constraint in mind. Our memory is encrypted at rest, though we are clear that memory is NOT end-to-end encrypted (a slice of each request reaches a frontier provider at inference). Files and transfers via SelinaSEND are zero-knowledge encrypted. Operational metadata is kept for a short retention window. We are deliberate about what we do and do not claim, because privacy architecture and transparency architecture have to coexist. You cannot bolt either one onto a system that was not designed for it.

What should you actually be doing between now and August 2?

Here is a concrete checklist. None of this is legal advice (talk to your EU regulatory counsel), but it reflects the technical work a product team needs to scope.

  1. Classify your system under Article 50's four paragraphs. Which obligations apply to you? If you run a chatbot, 50(1) is almost certainly in scope. If you generate images, audio, or video, 50(2) applies. If you do emotion recognition or biometric categorization, 50(3). If you or your users publish deepfakes, 50(4). You may be covered by multiple paragraphs.
  2. Audit your current disclosure mechanisms. Is your AI-interaction disclosure "clear and distinguishable" under the Guidelines' standard? Is it in the first turn of every conversation? Is it separable from surrounding content? Would it survive a regulator asking "where does the user learn this is an AI?"
  3. Design periodic re-disclosure for sensitive contexts. If your chatbot handles emotional, medical, financial, or other sensitive interactions, a single first-turn notice may not suffice. Build the logic for context-aware re-disclosure into your session management.
  4. Implement machine-readable marking for generated content. If you generate text, images, audio, or video, implement the best available provenance marking (C2PA, watermarks, metadata). Document your approach and its known limitations. You have until December 2, 2026 if your system was on the market before August 2, but starting now avoids a crunch.
  5. Review vendor and model-provider contracts. Ensure Article 50 obligations are explicitly allocated. If your upstream provider does not mark outputs, determine how you will handle marking at the application layer.
  6. Consider signing the Code of Practice. The signatory deadline is July 22, 2026. Signing is voluntary but creates a presumption of good faith with regulators. If you are not signing, prepare your independent compliance documentation.
  7. For agentic systems: build disclosure into the agent itself. Do not rely on deployers to add disclosure. The obligation is on the provider to ensure the system is capable of disclosing in every likely-interaction scenario.
  8. Document everything. Regulators will look for evidence of process, not just the end result. Keep records of your compliance assessment, your disclosure design decisions, your marking technology choices, and your vendor allocation agreements.

What remains uncertain?

Plenty. The draft Guidelines were open for consultation until June 3, 2026, and the final version may differ in ways that matter. The marking technology landscape is immature, and the Commission acknowledges this. No common evaluation benchmarks exist for assessing whether machine-readable marking is "effective." Market surveillance authorities have not yet published enforcement guidance or inspection protocols. The "obvious AI" exemption will inevitably be tested through enforcement actions and litigation before its boundaries become clear.

The consultation process may refine some of these ambiguities. But waiting for perfect clarity is not an option if you are shipping a product to EU users in August. The prudent approach is to over-comply on the obligations that are clear (interactive disclosure, deepfake labeling) and document your good-faith approach on the obligations where the technical standard is still evolving (machine-readable marking).

Why does this matter beyond compliance?

Because your EU enterprise customers are going to ask. Procurement teams at regulated European companies will start requiring Article 50 compliance evidence from their AI vendors, the same way they require DPAs and GDPR documentation today. If you can show a rigorous transparency architecture, documented compliance process, and (ideally) Code of Practice signatory status, you have a procurement advantage. If you cannot, you are a risk your customer's legal team will flag.

For privacy-focused products specifically, Article 50 is an opportunity to make a point that is often lost in compliance theater: transparency and privacy are not in tension. They are complementary architectural commitments. A system that is honest about what it is (an AI, not a human) and honest about what it does with your data (encrypted at rest, short retention window, zero-knowledge file transfers) is a system that earns trust through specificity rather than marketing language.

That is what we are building toward. We do not claim perfection. We claim specificity.

If you want to see what a privacy-first AI assistant looks like in practice, start a free 7-day trial, no card required.

Frequently Asked Questions

What are the four transparency obligations under Article 50?

Article 50(1) requires disclosure that people are interacting with an AI system, Article 50(2) requires machine-readable marking of AI-generated audio, image, video, or text, Article 50(3) requires notice to people subjected to emotion recognition or biometric categorization, and Article 50(4) requires labeling of deepfake content as artificially generated or manipulated.

Which Article 50 obligations have a grace period before enforcement?

Only Article 50(2), the machine-readable marking duty, has a grace period: generative AI systems already on the market before August 2, 2026 have until December 2, 2026 to comply. Articles 50(1), 50(3), and 50(4) take effect August 2, 2026 with no extension.

Is disclosing AI interaction in the terms and conditions enough to comply?

No. The Commission's draft Guidelines explicitly state that disclosure buried in terms and conditions does not satisfy the obligation; it must be clear, distinguishable, noticeable, easy to understand, and separable from surrounding content.

How does Article 50 apply to agentic AI systems?

Agentic AI systems that take actions or interact with third parties fall under Article 50(1), and if a provider cannot reliably predict whether the agent will interact with a human, the agent must be built (at the design level) to disclose its AI nature in every likely-interaction scenario, not merely configured to do so at deployment.

What is the Code of Practice on AI-generated content, and does it matter if it's voluntary?

Published by the European Commission on June 10, 2026, the Code of Practice covers marking and labeling duties under Articles 50(2), 50(4), and 50(5) and is voluntary, but signatories get treated as making binding commitments and receive 'increased trust' from regulators, while non-signatories must independently demonstrate compliance.

Sources & References

Michael C.

Michael C.

Founder & Principal Engineer, Selina Labs

Michael builds Selina, a privacy-first AI that remembers you across conversations. He ships security-sensitive AI in production — real attacks, real fixes, measured in minutes and dollars — and writes about privacy, security, and LLMs from that seat. Top Rated Plus and expert-verified on Upwork.

Learn more about Selina.ai