Jun 242026

EU AI Act Transparency Obligations: Preparing for Compliance by 2 August 2026

Francesca Blythe and Eleanor Dodding
, , , ,

From 2 August 2026, organisations will become subject to the transparency obligations set out in Article 50 of the EU AI Act (Regulation (EU) 2024/1689).

Article 50 introduces transparency requirements for providers and deployers in relation to certain AI system functionalities and use cases that may create transparency risks for individuals. Whilst much of the EU AI Act focusses on obligations on high-risk AI systems, Article 50 obligations may also apply to certain limited-risk systems. As a result, many organisations will need to implement governance, disclosure and content-labelling measures to ensure users are appropriately informed about the use of certain AI systems and AI-generated content.

Importantly, these obligations are generally not affected by the proposed implementation delays contained in the EU Digital Omnibus Proposal, except for the marking obligations contained in Article 50(2) of the EU AI Act, i.e. relating to AI systems that generate synthetic audio, image, video or text content and that were placed on the market before 2 August 2026. Per the provisional agreement reached between the European Council and European Parliament on 7 May 2026 (available here), the introduction of these obligations will be delayed until 2 December 2026.

Organisations should continue their compliance preparations notwithstanding the broader discussions regarding the timing of other EU AI Act requirements, albeit remain mindful of the impact of the phased implementation dates.

Article 50 Transparency Obligations

The principal transparency obligations under Article 50 are summarised below alongside non-exhaustive examples of use cases from the Commission’s draft Guidelines on the implementation of the transparency obligations for certain AI systems under Article 50 of the AI Act (“Guidelines”).

Entity Relevant Use Case Examples Transparency Requirement Exemption
Provider AI systems intended to interact directly with individuals. In-scope:
AI-enabled voice assistants and chatbots.
Not in-scope: spam filters and automated translation tools.		 Inform users that they are interacting with an AI system, unless this is already obvious in the relevant context. Does not apply to AI systems authorised by law to detect, prevent, investigate or prosecute criminal offences (“Law Enforcement Exemption”), unless the system is available to the public to report a criminal offence.
Provider
Implementation potentially delayed to 2 December 2026 where AI systems placed on the market before 2 August 2026		 AI systems generating synthetic audio, image, video or text content. In-scope:
AI-generated translations or summaries of text.
Not in-scope: grammar correction and spellchecking.		 Ensure outputs are machine-readable and detectable as artificially generated or manipulated. The content-labelling obligation does not apply where: (i) the AI system performs an assistive function for standard editing; (ii) does not substantially alter the input data or its meaning; or (iii) Law Enforcement Exemption.
Deployer Emotion-recognition and biometric-categorisation systems. In-scope: the recording of a player’s face during a computer game to capture emotion.
Not in-scope: finger-print-based access control system for entering a building.		 Inform affected individuals that the systems are in operation and ensure compliance with applicable EU data protection laws. Law Enforcement Exemption, subject to appropriate safeguards.
Deployer AI systems generating or manipulating image, audio or video content constituting a deepfake. In-scope:
an AI-generated depiction of a celebrity influencer in an advertisement.
Not in-scope: an AI-generated image of a scene involving a sphinx flying over the Eiffel Tower.		 Clearly disclose that the content has been artificially generated or manipulated. Where content is clearly artistic, creative, satirical fictional (or analogous), the disclosure may be provided in a manner that does not unnecessarily interfere with the enjoyment of the work.
Deployer AI-generated or AI-manipulated text published with the purpose of informing the public on matters of public interest. In-scope:
AI-manipulated corporate reports published on a listed company’s website containing investor information.
Not in-scope: AI-manipulated text that is part of a company’s advertisement (not including any claims related to e.g. health, consumer safety or sustainability).		 Clearly disclose that the content has been artificially generated or manipulated. Does not apply: (i) where the content has been subject to human review or editorial control; or (ii) Law Enforcement Exemption.

Practical Challenges: Content Labelling and Disclosure

While the obligations under Article 50 are relatively straightforward, implementing the required disclosure and content-labelling measures may present practical challenges. Organisations will need to determine how AI-generated content is identified and how disclosures are incorporated into user interactions and content publication workflows.

Providers: Compliance is likely to require technical solutions capable of embedding machine-readable indicators into AI-generated content. Depending on the use case, this may include metadata tagging, watermarking, cryptographic provenance mechanisms or machine-readable audit logs.

Deployers: The European Commission has published a set of voluntary transparency icons designed to support compliance with Article 50(4) (i.e. the rules around disclosing the use of AI to create or manipulate deepfakes or public interest text). These are supplemented by detailed implementation guidance in the Code of Practice on Transparency of AI-Generated Content (which, at the date of writing, remains subject to an adequacy assessment by the European Commission and The AI Board).

Compliance is not limited to implementing technical content-labelling measures. Organisations must also ensure disclosures are clear, accessible and provided at the appropriate point in the user journey. This may require updates to onboarding processes, user interfaces and content publication workflows, as well as consideration of how Article 50 disclosures interact with existing transparency obligations under the GDPR and other regulatory regimes. In many cases, integrating AI-related disclosures into existing notices and transparency frameworks may be preferable to introducing standalone AI-specific statements.

Organisations should also consider where responsibility for compliance sits. Providers and deployers may each have distinct transparency obligations in relation to the same AI-enabled product or service, making it important to review contractual arrangements with AI vendors and service providers to ensure responsibilities for disclosures, content labelling and compliance monitoring are appropriately allocated.

Key Takeaways from the Draft Guidelines

The draft Guidelines provide valuable insight into how regulators are likely to interpret Article 50 in practice, although the final text may evolve following the consultation process. Key considerations include:

  1. The Guidelines clarify that disclosure is not required where interaction with an AI system is sufficiently obvious. Whether this exemption applies is highly context-specific and depends on the characteristics and expectations of the relevant audience. Organisations should therefore exercise caution before concluding that disclosure is unnecessary and document the basis for any reliance on the exemption.
  2. Accessibility is a key consideration. Disclosures should be clear, understandable and appropriately tailored to vulnerable individuals, including children.
  3. Transparency measures should be built into the design of AI systems. Providers are expected to incorporate disclosure mechanisms into the way AI systems interact with users.
  4. The Guidelines take a broad view of the content-labelling obligations. Content requiring marking may include AI-generated or AI-manipulated translations, summaries, image alterations and other modifications that materially affect the meaning or appearance of content.
  5. The Commission adopts a broad interpretation of deepfakes. Organisations should not assume the obligation is limited to sophisticated impersonation content, as AI-generated or AI-manipulated content may fall within scope where it closely resembles a real person, object, place or event and has the potential to mislead.
  6. The Guidelines confirm that agentic AI systems may fall within scope where their actions generate outputs intended to be directly perceived by users.

Recommendations for Organisations

The draft Guidelines suggest that regulators will focus not only on whether disclosures are provided, but also on whether they are clear, accessible and effective in the relevant context. Organisations should therefore approach Article 50 as both a technical and operational compliance exercise.

With the application date approaching, organisations should consider taking the following steps:

  • Map relevant AI use cases: Identify AI systems that are provided, deployed or embedded within business processes and assess whether Article 50 transparency obligations are triggered.
  • Review user interactions: Determine where users interact with AI systems and whether existing disclosures are sufficient.
  • Assess content-generation workflows: Identify AI-generated or AI-manipulated outputs and evaluate whether marking and disclosure mechanisms are required.
  • Develop labelling standards: Establish organisation-wide standards for AI disclosures, content labelling and user notifications.
  • Update governance frameworks: Ensure AI governance policies, procurement processes and deployment reviews include Article 50 assessments.
  • Document exemption analyses: Where relying on an exemption (such as the “obviousness” exemption), maintain records supporting that assessment.
  • Review vendor arrangements: Ensure responsibility for Article 50 compliance is appropriately allocated between providers and deployers, particularly where third-party AI tools are used.

Conclusion

With less than two months until the majority of the transparency obligations take effect, organisations should ensure they understand which AI use cases fall within the scope of Article 50 and whether existing disclosure and content-labelling practices are sufficient. Early action may be important where technical, operational or contractual changes are needed to support compliance.

Trainee Solicitor Jennifer Petch also contributed to this blog post.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.

Francesca Blythe

London

fblythe@sidley.com

Eleanor Dodding

London

edodding@sidley.com

You might also like
EU Lawmakers Reach Provisional Agreement to Delay Key EU AI Act Obligations

Background

On 7 May 2026, following extensive negotiations, the European Council and European Parliament reached a provisional agreement on the EU Digital Omnibus on AI (AI Omnibus) which proposes targeted amendments to the EU Artificial Intelligence Act (AI Act). On 16 June 2026, the European Parliament voted to adopt the provisional agreement — although, formal adoption remains subject to European Council approval.

The EU AI Act is the EU’s flagship framework for governing the development, deployment, and use of certain AI systems in the EU. Although adopted in 2024, the regime was designed to apply on a staggered time line beginning in August 2025, with most obligations due to take effect on 2 August 2026. This included the core obligations for certain “high-risk” AI systems.

Given repeated concerns raised by industry and other stakeholders regarding, among other things, delays in the publication of standards and the associated compliance costs, the European Commission published the AI Omnibus on 19 November 2025. Through this proposal, the Commission aimed to introduce “simplification measures to ensure timely, smooth, and proportionate implementation of certain of the AI Act’s provisions.” Central to the proposal was a delay to the implementation timetable for “high-risk” AI systems.

Cyber Strategy at the AI Frontier: President Trump Releases Executive Order to Promote Advanced Artificial Intelligence Innovation and Security

On June 2, 2026, President Trump issued the Executive Order, Promoting Advanced Artificial Intelligence Innovation and Security. The Executive Order carries forward several priorities included in President Trump’s Cyber Strategy for America, released in March 2026.[1] The Executive Order declares, “It is the policy of the United States to promote AI innovation and security by working collaboratively with the private sector to modernize government and private sector information systems and harden them against external threats; to protect American ingenuity and intellectual property from exploitation and theft by adversaries; and to cultivate America’s advanced AI-enabled capabilities.”

New York Department of Financial Services Issues Coordinated Guidance on Frontier AI Cybersecurity Risks

On May 21, 2026, the New York State Department of Financial Services (“DFS”) issued two coordinated Industry Letters: a letter on Heightened Cybersecurity Risks Associated with Frontier AI Models (the “AI Advisory”) and accompanying Guidance on Measures Regulated Entities Should Consider in a Heightened Cybersecurity Threat Environment (the “Guidance,” and together, the “May 2026 Publications”). The AI Advisory builds on DFS’s October 2024 guidance on cybersecurity risks arising from AI, but is narrower in focus. Specifically, it addresses frontier models that may materially increase the speed and effectiveness of vulnerability discovery and exploitation.