EU AI Act Transparency Obligations (Art. 50) — Chatbots, Deepfakes & Synthetic Content

Most AI systems are not high-risk — they fall under Art. 50 transparency obligations. If you deploy a chatbot, generate synthetic images, or use emotion recognition, here is exactly what you must disclose and mark.

Who Falls Under Art. 50 (Not High-Risk)

The EU AI Act establishes a tiered risk framework. Most AI systems deployed today do not qualify as high-risk under Annex III or Annex I — they fall into one of two lighter categories:

Transparency obligations only (Art. 50): chatbots, deepfake generators, synthetic content systems, emotion recognition systems, and biometric categorisation tools
Minimal risk: spam filters, AI in games, recommendation systems — subject only to voluntary codes of conduct

The critical distinction from Annex III high-risk systems is that transparency-only systems require disclosure, not conformity assessment, technical documentation, or CE marking. The burden is substantially lower, but non-compliance is still a sanctionable offence with fines reaching €7.5 million.

Understanding which tier your system occupies is the first compliance step. The AI risk classifier tool can help you determine which obligations apply.

Art. 50(1) — Conversational AI and Chatbots

Any AI system designed to interact directly with natural persons must notify the user that they are interacting with an AI system. The disclosure must be:

Timely — made at the start of the interaction, before meaningful exchange begins
Clear and distinguishable — not buried in terms of service or small-print footers
Intelligible — adapted to the context so the person actually understands it

Scope: Customer service bots, virtual assistants, AI phone agents, conversational AI embedded in social media, and AI-powered support chat on websites. If a human-facing interface uses a language model to conduct dialogue, Art. 50(1) applies.

Exemption 1: Where the AI nature is obvious from context — for instance, a clearly branded AI assistant with a robot avatar in a product interface — the disclosure obligation may be considered met. But "obvious" is a high bar; implicit UI cues alone are unlikely to suffice where users could reasonably believe they are speaking to a human.

Exemption 2: Systems authorised by national law for law enforcement purposes (e.g. covert investigation tools used by competent authorities).

Compliance deadline: 2 August 2026 (extended by the 2026 Digital Omnibus from the original 2 August 2025 date). Systems deployed before this deadline must be brought into conformity — not grandfathered.

Art. 50(2) — Emotion Recognition Disclosure

Providers and deployers of emotion recognition systems must inform the natural persons whose emotional or psychological state is being inferred. This includes systems that detect, classify, or score emotions such as happiness, anger, distress, engagement, or deception from facial expressions, voice tone, physiological signals, or behavioural cues.

Scope: HR interview analysis tools that score candidate engagement or stress; customer sentiment systems monitoring call-centre interactions; security screening tools claiming to detect deceptive intent; retail systems tracking emotional response to products.

Not covered: AI systems that detect physiological states purely for safety purposes — for example, drowsy driver detection systems that monitor eye movement and trigger an alert but do not infer or record emotional states for other uses. The safety-purpose carve-out is narrow; systems repurposed for profiling lose the exemption.

Where the emotion recognition system is also a high-risk system under Annex III (e.g. employment screening), the full high-risk obligations apply on top of Art. 50(2) disclosure.

Art. 50(3) — Biometric Categorisation Disclosure

AI systems that infer sensitive personal attributes — including racial or ethnic origin, political opinions, trade union membership, religious or philosophical beliefs, or sexual orientation — from biometric data must inform the persons exposed to the system.

This obligation applies to systems that categorise individuals based on biometric inputs, regardless of whether the categorisation is the primary purpose or a downstream inference. A system that uses facial recognition to infer likely demographic attributes triggers Art. 50(3) even if its stated purpose is something else.

Important boundary with Art. 5: Real-time remote biometric identification in publicly accessible spaces by law enforcement is outright prohibited under Art. 5, not merely subject to disclosure. Where a system is prohibited, transparency obligations are irrelevant — it cannot lawfully be deployed at all. See prohibited practices under Art. 5 for the full list of banned systems.

Art. 50(4) — AI-Generated and Synthetic Content Marking

Providers of AI systems that generate or manipulate synthetic audio, image, video, or text at scale must technically mark the output in a machine-readable format. The mark must:

Be detectable and interoperable across platforms and verification tools
Persist when the content is shared, re-encoded, or redistributed
Comply with the technical standard being developed by the European AI Office (the AI-generated content provenance standard, sometimes referred to as ATMF)

Scope: Text-to-image generators (Midjourney, Stable Diffusion, DALL-E equivalents); video synthesis and deepfake video tools; voice cloning systems; AI writing assistants producing large-scale output (e.g. automated news generation, marketing copy at scale without editorial review).

Exemption: AI systems generating content that has undergone human editorial review for which a human takes editorial responsibility. A journalist using an AI drafting tool, reviewing and substantially editing the output before publication, falls outside the marking obligation for that specific use. The same system deployed without editorial oversight does not.

Providers should implement technical marking at the infrastructure level — watermarking, cryptographic provenance metadata, or standards-compliant content credentials — not as an optional feature, but as a default output behaviour.

Art. 50(5) — Deployer Obligation for Deepfake Disclosure

Where a deployer uses an AI system to produce deepfake content — synthetic or manipulated images, audio, or video of real persons — the deployer must clearly label the content as AI-generated or manipulated. The label must be:

Visible in the case of image or video content
Audible in the case of audio content
Placed in a way that is apparent to the audience, not only embedded in metadata

Exemptions: Content produced for satire, parody, or artistic expression where the AI-generated nature is obvious to the audience. Creators working in clearly parodic or satirical formats should nonetheless document their intent, as enforcement authorities will assess whether the AI nature was genuinely obvious in context.

This obligation falls on the deployer — the organisation or individual who puts the content into use — not only on the system provider. A marketing agency using a third-party deepfake video tool is the deployer and bears the labelling obligation.

Practical Compliance Steps by System Type

System type	Obligation	Responsible party
Chatbot / virtual assistant	Disclose AI interaction at start of session	Provider + Deployer
Emotion recognition	Inform persons whose emotions are analysed	Provider + Deployer
Biometric categorisation (non-prohibited)	Inform exposed persons	Provider + Deployer
Deepfake video / audio / image generator	Machine-readable AI mark on all outputs	Provider
Deepfake content deployed publicly	Visible or audible "AI-generated" label	Deployer
AI text writer (large-scale, no editorial review)	Machine-readable mark on output	Provider

Deployers who use third-party AI systems bear transparency obligations independently of whether the provider has met theirs. A deployer cannot rely on the provider's disclosure as a substitute for their own.

Relationship with GDPR

Art. 50 transparency obligations are legally independent of GDPR Art. 22 (automated individual decision-making). The same system can trigger both frameworks simultaneously.

Example: A chatbot used as the first stage of a loan application process must:

Disclose it is an AI system at the start of the conversation (Art. 50(1))
If the chatbot makes or meaningfully contributes to a solely automated decision with legal or similarly significant effects, the deployer must also provide GDPR Art. 22 rights — the right not to be subject to the automated decision, the right to human review, and the right to an explanation

Organisations deploying AI in regulated sectors (financial services, insurance, HR) should map both Art. 50 obligations and GDPR Art. 22 applicability as part of the same compliance review. The frameworks are complementary, not mutually exclusive.

Fines for Non-Compliance

Violations of Art. 50 transparency obligations carry fines of up to €7.5 million or 1.5% of total worldwide annual turnover for the preceding financial year, whichever is higher. For SMEs and start-ups, the percentage cap generally produces a lower figure; for large enterprises, the absolute cap is more likely to apply.

Enforcement authority rests with national market surveillance authorities designated under Art. 74, and with the EU AI Office for GPAI model providers. Supervisory actions may include formal investigations, interim measures, orders to suspend deployment, and public disclosure of findings.

Non-compliance with the labelling and marking obligations is expected to be among the first enforcement priorities given the high public salience of synthetic media and deepfakes — regulators in several Member States have already signalled intent to act on unlabelled AI-generated content before broader high-risk enforcement is operationalised.

Next Steps

Use the AI risk classifier to determine whether your system is transparency-only or high-risk
Review prohibited practices under Art. 5 to confirm your system does not fall into a banned category before assessing transparency obligations
Monitor the European AI Office's publication of the AI-generated content provenance standard for Art. 50(4) technical marking requirements

Official AI Act Compliance Deadline Calendar

Updated 2026-06-19 · Sources: Regulation (EU) 2024/1689 and the 2026 Digital Omnibus on AI.

Obligation	Applies to	Original date	New date	Status	Countdown	Legal basis
Prohibited Practices (Art. 5)	All providers and deployers	2 February 2025	2 February 2025	active	—	AI Act Art. 5
GPAI Rules (Chapter 5)	GPAI model providers	2 August 2025	2 August 2025	active	—	AI Act Art. 51-56
High-risk AI — Annex III (standalone)	Providers of standalone Annex III systems	2 August 2026	2 December 2027	deferred	—	AI Omnibus 2026 Art. 6(2)
High-risk AI — Annex I (embedded)	AI embedded in Annex I regulated products	2 August 2026	2 August 2028	deferred	—	AI Omnibus 2026 Art. 6(1)
AI-Generated Content Marking	Providers of generative GPAI systems	2 August 2025	2 August 2025	active	—	AI Act Art. 50(2)
Regulatory Sandboxes	National competent authorities	2 August 2026	2 August 2026	active	—	AI Act Art. 57

⬇ Download JSON · CC BY 4.0

AI Act meets DORA and NIS2

Is your organisation subject to both the AI Act and DORA? The two regulations intersect on the operational resilience of financial AI systems. Our sister site regulation-dora.eu covers DORA in depth.

Explore regulation-dora.eu ↗

Frequently Asked Questions

Does every AI chatbot need to disclose it is an AI?

Yes, under Art. 50(1), any AI system that interacts with natural persons must clearly disclose it is an AI system in a timely manner — before or at the start of the interaction. This applies even to voice assistants, virtual agents, and AI in customer service. Exemptions exist for systems authorised for law enforcement purposes and for cases where the AI nature is obvious from context.

What is the ATMF and who must use it?

The AI-generated content and manipulated media marking obligation under Art. 50(4) requires providers of AI systems generating synthetic audio, image, video, or text content to technically mark outputs with an interoperable, machine-readable format. The European AI Office is developing a common technical standard for this marking, known as the AI-generated content provenance standard.

Does Art. 50 apply to AI systems that generate text for humans to review before publishing?

No. Art. 50(4) explicitly exempts AI systems generating content that has undergone human editorial review and for which the human takes editorial responsibility. However, the system must still be capable of marking outputs if later deployed without editorial oversight.

Are emotion recognition systems subject to transparency obligations?

Yes. Art. 50(3) requires providers and deployers of emotion recognition or biometric categorisation systems to inform the exposed natural persons. This applies regardless of risk level. Exceptions exist for systems used to detect fatigue or distress for safety purposes (e.g. drowsy driver detection) where the purpose is protective.

Stay ahead of AI Act changes

Get compliance alerts when deadlines or obligations change.

No spam. One-click unsubscribe.