EU AI Act Article 50: What Marketers Must Do by August 2026

A marketing team in Frankfurt builds a product launch. The hero image came out of Midjourney. The localized voiceover was cloned in ElevenLabs. Two of the social captions were drafted by Claude and lightly edited. The brand testimonial video used a synthetic presenter who looks like a real person. None of this is unusual in 2026. What is new is that on 2 August 2026, a piece of EU law starts to govern most of it, and the team has almost certainly not mapped which parts.

That law is Article 50 of the EU AI Act. It is one of the shorter operative articles in the regulation, and one of the few that lands on the desk of a content team rather than a compliance lawyer. It does not ban AI-generated content or require you to stop using any tool. It asks for one thing: that synthetic and manipulated media be honest about being synthetic. That sounds simple. The detail is where the work is.

This is an explainer, not legal advice. If your output reaches EU audiences and you need a defensible position, get a qualified lawyer to read your workflow against the final text and the Commission guidelines. What follows is the working mental model a content team needs to ask the right questions.

Where the rule came from

The EU AI Act entered into force on 1 August 2024. It does not switch on all at once. The drafters staged it so the heaviest obligations arrive last and the public-protection rules arrive first. Bans on prohibited practices, things like social scoring and certain manipulative systems, applied from 2 February 2025. Rules for general-purpose AI models, the foundation models behind tools like ChatGPT and Gemini, applied from 2 August 2025. The full regime, including high-risk systems built into regulated products, runs out to 2 August 2027 and 2028.

Article 50 sits in the middle of that schedule. Its transparency obligations apply from 2 August 2026, two years after entry into force. Systems already on the market before that date get a short grace window, with a separate compliance deadline of 2 December 2026, so the runway is shorter than the headline date suggests. The European Commission published draft guidelines interpreting Article 50 on 8 May 2026, and a separate Code of Practice on marking and labelling of AI-generated content has been moving through draft stages: a first draft on 17 December 2025, a second on 5 March 2026, with a final version expected around June 2026. So the practical detail is being finalized in the same window that teams need to act, which is uncomfortable but not unusual for new EU regulation.

The shape of the rule follows from why it exists. The AI Act sorts most systems by risk: unacceptable, high, limited, minimal. Generative tools that write copy, make images, or clone voices are not high-risk in themselves. A product photo is not a credit-scoring algorithm. But at scale, synthetic media that passes as real erodes the ability of anyone to trust what they see, and the regulation could not ignore that. Article 50 is the answer: a disclosure regime, not a prohibition regime. The bet is that if synthetic content carries an honest signal, markets and people can handle the rest.

What the article actually says

Article 50 splits its duties between two roles, and getting the role right is the first thing a content team must do.

A provider is whoever develops an AI system, or has one developed, and puts it on the market under their own name. OpenAI, Google, Adobe, ElevenLabs, Midjourney: providers. A deployer is whoever uses an AI system in the course of their work. A marketing department, an agency, a brand: deployers. Most content teams are deployers. You can become a provider if you build and brand your own system, but using somebody else's tool does not make you one.

With that split in mind, the article carries four obligations.

First, AI interaction disclosure (a provider duty). Systems that interact directly with people, chatbots and conversational agents, must be designed so the person knows they are dealing with a machine. The exception is where it is obvious to a reasonably informed person anyway. The Commission guidelines note that context decides this: a professional developer tool might count as obvious, an AI companion likely does not.

Second, machine-readable marking of synthetic content (a provider duty). This one touches every image, audio, video, and text tool a content team uses. Providers of AI systems that generate synthetic audio, image, video, or text must ensure the output is marked in a machine-readable format and detectable as artificially generated or manipulated. The technical solution has to be effective, interoperable, robust, and reliable, as far as is technically feasible. This duty falls on the tool maker, not on you. But your exposure is real: if you use a tool that does not mark its output, you have a compliance gap in your supply chain.

Third, deepfake labelling (a deployer duty). This is the obligation aimed straight at marketers. A deployer who uses AI to generate or manipulate image, audio, or video content that is a deepfake must disclose that the content has been artificially generated or manipulated.

Fourth, AI-generated text on matters of public interest (a deployer duty). A deployer who publishes AI-generated or AI-manipulated text to inform the public on matters of public interest must disclose that it is AI-generated. There is an exemption where the content has gone through human editorial review with a person or organization holding editorial responsibility for it.

Across all of these, the disclosure to people must be clear and distinguishable, made at the latest at the time of first interaction or exposure, and must meet accessibility requirements. Buried in the terms and conditions does not count.

The word that decides your scope: deepfake

For marketers, the whole weight of Article 50 turns on one definition. The AI Act, in Article 3, defines a deepfake as AI-generated or manipulated image, audio, or video content that resembles existing persons, objects, places, entities, or events and would falsely appear to a person to be authentic.

Read that carefully, because it is broader than the popular sense of the word. A deepfake, in this law, is not only a face swap of a celebrity. A synthetic presenter who looks like a plausible real person is in scope. A product shot composited so a real-looking location appears that was never photographed is in scope. The Commission guidelines push further: intent to deceive is irrelevant, and content that mimics something that could have existed qualifies. A purely fantastical image, a dragon over a city, does not resemble an existing thing and falls outside.

The honest summary for a content team: a large share of polished, realistic AI marketing imagery and video is a deepfake under this definition, and therefore needs a label. The label is for your audience, in human-readable form. It is separate from the machine-readable marking the tool maker bakes in.

The exemptions, and how narrow they are

Article 50 carries exemptions. They are real, and they are narrower than a busy team would hope.

The assistive editing exemption removes the marking duty where an AI system performs an assistive function for standard editing, or does not substantially alter the input or its meaning. The Commission draft guidelines give the working line: grammar correction and color adjustment are assistive. Translation, summarization, and object removal substantially alter content and are not exempt. So spell-checking a press release is fine. Using AI to remove a person from a photo is not.

The artistic and satirical exemption does not switch the duty off. Where a deepfake is part of an evidently artistic, creative, satirical, or fictional work, the disclosure is attenuated, made so it does not hamper enjoyment of the work, but it is still required. The guidelines are explicit that a commercial deepfake cannot dress itself in the artistic exemption. A brand ad is not an art film.

The editorial review exemption for AI-generated public-interest text is read narrowly. It requires a deliberate, substantive examination by a competent professional who holds editorial responsibility. A cursory approval click is not editorial review.

There is also a law enforcement exemption that has no bearing on commercial marketing work.

The pattern is consistent. The exemptions protect light-touch tooling and genuine human authorship. They do not protect a team that generates realistic synthetic media and would rather not label it.

What non-compliance costs

Article 50 is enforced through the AI Act's penalty regime in Article 99. Transparency breaches sit in the middle tier. The fine is up to 15 million euros, or up to 3 percent of total worldwide annual turnover for the preceding financial year, whichever is higher. For small and medium enterprises, the rule flips to whichever is lower.

That ceiling is the legal maximum, not the expected fine for a missing label on one social post, and enforcement of a brand-new article takes time to find its feet. The more grounded reasons to act early are reputational and operational. A brand caught presenting synthetic media as real, after the law required honesty about it, takes a trust hit no fine schedule captures. And the operational fix, tagging assets as synthetic, is cheap to build into a workflow and expensive to retrofit across a back catalogue.

The marking problem nobody has fully solved

There is an honest limitation a content team should understand, because it shapes what compliance can realistically mean.

Machine-readable marking comes in two broad forms. Metadata-based provenance, the approach behind C2PA Content Credentials, attaches a cryptographically signed record to a file describing how it was made and changed, and is progressing toward an international standard as ISO/IEC 22144. The weakness is brittleness: a screenshot strips C2PA metadata entirely, and most major social platforms remove these manifests during upload processing. Watermarking, such as Google SynthID, embeds the signal into the pixels or audio waveform itself, so it survives screenshots, cropping, and re-encoding far better, though it carries its own limits on robustness and capacity.

This is why the EU's Code of Practice does not bless a single technique. The expectation is a layered approach: signed metadata plus imperceptible watermarking plus detection, so that when one layer is stripped another survives. For a content team the takeaway is twofold. The marking duty is the tool maker's, so prefer tools that already mark output. And do not assume the machine-readable mark survives a trip through Instagram. Your human-readable label, the one you control, is the part that does not get stripped on upload.

A compliance checklist for content teams

This is a practical starting point, not a legal sign-off. Adjust it to your jurisdiction and your final reading of the guidelines.

1. Inventory your AI tools. List every system that generates or substantially alters text, image, audio, or video in your pipeline. Note for each whether it already marks output in a machine-readable format. Tools that publish C2PA Content Credentials or an equivalent are the safer bet.

2. Tag synthetic assets at the source. In your asset library or DAM, mark AI-generated and AI-manipulated assets as such the moment they are created. Provenance you do not record at creation is provenance you cannot prove later.

3. Classify against the deepfake definition. For each realistic image, audio, or video asset, decide whether it resembles existing persons, objects, places, or events and would appear authentic. If yes, treat it as a deepfake that needs a human-readable label.

4. Decide your label format and placement. A label must be clear, distinguishable, and visible at first exposure. Plan where it lives for each channel: an on-asset mark, a caption line, an accessible description. One buried disclaimer does not cover everything.

5. Separate assistive edits from substantial ones. Write an internal line your team can apply: grammar and color tweaks are assistive, while translation, summarization, and object removal are substantial. The second group does not get the exemption.

6. Build a real editorial review step for public-interest text. If you publish AI-assisted text on matters of public interest, ensure a named, competent person genuinely reviews it and holds editorial responsibility. Document that this happens.

7. Push the duty up your supply chain. Add a contractual line to vendor and agency agreements requiring AI-generated deliverables to be marked and, where relevant, labelled. You are a deployer, and you cannot mark what a vendor delivered unmarked.

8. Track the final guidance. The Code of Practice is expected to be finalized around June 2026, with the Commission guidelines following the same window. Aligning with the Code is voluntary, but the guidelines signal that signatories get more favorable enforcement scrutiny while non-signatories may have to show a gap analysis. Treat the final documents as the real reference and revisit this checklist when they land.

Where this is heading

Article 50 should not be read as a one-off hurdle. It is the first piece of hard law to treat content provenance as a default rather than a nice-to-have. The technical stack is converging on cryptographic provenance combined with watermarking, with camera makers, model providers, and platforms wiring into it, the standards are formalizing through ISO/IEC 22144, and other jurisdictions are drafting their own synthetic-media rules. A content team that builds provenance in now is getting ahead of a shift where proving how a piece of content was made becomes a routine expectation, and where unmarked, unverifiable media starts to look less trustworthy by default.

The teams that will find August 2026 easy are the ones that already know which of their assets are synthetic. The teams that will find it hard are the ones that have never had to ask. The work between now and the deadline is building that knowledge into how content gets made, so that honesty about synthetic media is a property of the pipeline rather than a label someone remembers to add at the end.

Council summary

This post argues that EU AI Act Article 50 is a disclosure regime, not a ban, and that its 2 August 2026 transparency obligations land on content teams as deployers, mainly through the duty to label realistic synthetic media that meets the Article 3 deepfake definition. The council verified the core legal claims against EU sources: the application date, the Article 99 mid-tier penalty of up to 15 million euros or 3 percent of worldwide turnover (lower for SMEs), the Commission draft guidelines of 8 May 2026, and the Code of Practice drafts. The 2 December 2026 grace deadline for systems already on the market was added because the draft omitted it, and the draft dates were made precise. The reader takeaway: inventory your AI tools, tag synthetic assets at creation, label anything that would pass as authentic, and push the marking duty up your vendor contracts. This is an explainer, not legal advice, and a team with EU reach should have a qualified lawyer check its workflow against the final text.