EU AI Act Article 50: What Still Applies on 2 August 2026

sSystm Team5 min read
TL;DR

The Digital Omnibus on AI deferred the AI Act's high-risk obligations (Annex III) to 2 December 2027 — but Article 50's transparency rules were untouched. From 2 August 2026, anyone deploying an AI chatbot facing EU users, or publishing AI-generated content, still has disclosure and labelling duties. Content with genuine human review and a named editorial owner is exempt from labelling — everything else is not.

The EU AI Act’s headline deadline of 2 August 2026 is not cancelled — it was only partly deferred, and the part that survives is the part most agencies are least prepared for. The Digital Omnibus on AI, agreed by the European Parliament on 16 June 2026 and given final Council approval on 29 June 2026, pushed the AI Act’s high-risk system obligations back by sixteen months. It left Article 50 — the transparency rules covering AI chatbots and AI-generated content — exactly where it was. If your agency runs an AI-facing tool for clients or publishes AI-assisted content into the EU, that deadline is still nineteen days away.

This is not general legal advice, and the AI Act’s own guidance and codes of practice are still being finalised. It is a plain reading of what changed and what didn’t, for agencies that need to make a decision before August.

What actually got delayed?

The Digital Omnibus on AI amends Regulation (EU) 2024/1689 to defer two specific sets of obligations:

  • Annex III high-risk systems (use-based — recruitment tools, credit scoring, biometric categorisation and similar): obligations deferred from 2 August 2026 to 2 December 2027.
  • Annex I high-risk systems (product-regulated — AI embedded in machinery, medical devices, lifts): obligations deferred from 2 August 2027 to 2 August 2028.

The reasoning cited by the Council and Commission is that the standards, conformity-assessment infrastructure and national market surveillance authorities that high-risk compliance depends on weren’t ready in time — not that the underlying requirements were dropped.

What the Omnibus did not touch is Article 50. Multiple independent legal trackers confirm this explicitly: the general transparency obligations — telling people they’re talking to an AI, and labelling synthetic content — remain effective from 2 August 2026 on the original timeline. If you’ve seen a headline saying “the AI Act deadline moved,” check whether it’s talking about Annex III. For transparency duties, it didn’t move.

What does Article 50 actually require?

Article 50 sets out five distinct duties, split between the company that builds an AI system (the provider) and the company or agency that puts it to use (the deployer). Most agencies sit on the deployer side of most of these.

50(1) — Disclosure for direct AI interaction. Providers of AI systems intended to interact directly with people must design them so it’s clear the user is talking to an AI, unless that’s obvious from the circumstances. If your agency builds or configures a client-facing chatbot, this duty attaches to whoever is deploying it, not just whoever built the underlying model.

50(2) — Machine-readable marking of synthetic output. Providers of AI systems that generate synthetic audio, image, video or text content must ensure outputs are marked in a machine-readable format as artificially generated or manipulated, technical limitations permitting. This is the provision most agencies underestimate, because “machine-readable” means metadata a system can detect — not a visible watermark a person happens to notice. There is no single mandated technical standard yet; Article 50(7) tasks the EU AI Office with encouraging codes of practice for this, and industry approaches like C2PA Content Credentials are the closest thing to an emerging norm. Until a harmonised standard lands, how you implement the marking is a product decision, not a checkbox.

50(3) — Emotion recognition and biometric categorisation. Deployers of these systems must inform the people they’re used on and comply with data protection law. Most agencies won’t run into this one directly.

50(4) — Deepfakes and AI-generated public-interest text. This is the one with the exemption that matters most for agency work. Deployers of AI systems generating or manipulating image, audio or video content that constitutes a deepfake must disclose that the content is artificially generated or manipulated. Deployers publishing AI-generated text intended to inform the public on matters of public interest must disclose that the text was artificially generated — unless the content has undergone a process of human review or editorial control, and a named natural or legal person holds editorial responsibility for its publication.

That exemption is doing a lot of work, and it’s worth reading closely rather than assuming it covers you.

50(5) — How the disclosure is delivered. Information must be provided clearly and distinguishably, at the latest at the time of first interaction or exposure, and in a way that meets accessibility requirements.

Does this actually apply to a small agency?

Yes, if the agency’s AI output reaches an EU audience without the review-and-responsibility structure Article 50(4) requires. Three common scenarios:

  1. A chatbot on a client’s website answering visitor questions. Covered by 50(1) — the visitor needs to be able to tell it’s an AI, unless that’s already obvious.
  2. AI-drafted blog posts, social copy or marketing images published for a client, unedited. Covered by 50(2) and 50(4) — the output needs machine-readable marking, and if it’s text meant to inform the public, it needs disclosure unless a named person genuinely reviewed and takes editorial responsibility for it.
  3. AI-assisted drafts that a human editor rewrites, checks and approves before publication, under a named byline or editorial owner. This is the case Article 50(4)’s exemption is built for. The distinction the law draws isn’t “did AI touch this” — it’s “did a person meaningfully stand behind the result.”

The practical read: a disclaimer buried in a footer is not editorial responsibility. A person who actually reviewed the specific output and would be accountable for it — a named editor, not “our team” — is.

What are the penalties, and who enforces them?

Article 50 violations fall under Article 99 of the AI Act, which sets fines of up to €15 million or 3% of an undertaking’s total worldwide annual turnover for the preceding financial year, whichever is higher, for non-compliance with obligations including transparency. That’s a distinct, lower tier than the fines reserved for prohibited practices under Article 5, which reach up to €35 million or 7%. Enforcement runs through the national market surveillance authority in each member state, several of which are still being formally designated — a fact the Digital Omnibus’s own reasoning cites as part of why the high-risk timeline needed more runway. Article 50’s obligations weren’t given that same runway.

The honest summary

The 2 August 2026 news cycle is going to be dominated by “AI Act deadline delayed” coverage, and most of it will be talking about Annex III high-risk systems — a category most agencies were never in. Article 50 is a narrower, more mechanical set of obligations: say when it’s an AI, mark synthetic output so machines can detect it, and if you’re publishing AI-assisted text to inform the public, either disclose it or make sure a named person actually reviewed it first. None of that requires new infrastructure. It requires deciding, before 2 August, which of your AI-touched outputs have a real editor behind them and which don’t.

sSystm’s own AI is built around exactly that distinction — every AI-drafted change is visibly attributed, and nothing an AI writes reaches a client’s live work without a human approving it first. Read more about how that works in how AI and humans share the workspace and in our security architecture.

Frequently asked questions

Did the EU delay the AI Act's 2 August 2026 deadline?

Partly. The Digital Omnibus on AI, finalised by the Council on 29 June 2026 and entering into force in July 2026, deferred the high-risk system obligations under Annex III from 2 August 2026 to 2 December 2027. It did not defer Article 50's transparency obligations, which apply on schedule from 2 August 2026.

Who has to comply with Article 50 — providers or deployers?

Both, for different duties. Providers of AI systems that generate synthetic audio, image, video or text must ensure the output is marked as artificially generated in a machine-readable format (Article 50(2)). Deployers — anyone putting an AI system into use, including agencies running it for a client — carry the disclosure duties in Article 50(1), 50(3) and 50(4).

Does a small agency using AI internally need to comply?

It depends what the AI touches, not whether the agency is small. Internal drafting that a human reviews and takes editorial responsibility for before it reaches an EU audience falls under the Article 50(4) exemption. AI text, image, audio or video published to an EU audience without that human review and named editorial responsibility does not — regardless of the agency's size.

What counts as the 'human review' exemption under Article 50(4)?

Article 50(4)'s second subparagraph exempts AI-generated text intended to inform the public where the content 'has undergone a process of human review or editorial control and where a natural or legal person holds editorial responsibility for the publication of the content.' A named person or organisation has to actually stand behind the output — a disclaimer alone does not satisfy this.

What are the penalties for breaching Article 50?

Article 50 breaches fall under Article 99 of the AI Act, which sets fines of up to €15 million or 3% of total worldwide annual turnover for that financial year, whichever is higher, for non-compliance with obligations including transparency. That is a separate, lower tier than the fines for prohibited AI practices under Article 5.

aicomplianceeu-ai-actgdpragency-operations

sSystm is the first BYOC agency OS — your clients, your code and your cloud on your own Cloudflare account, with your AI working the whole workspace over MCP.

Join the waitlist