Decode & Grow

Do You Need to Disclose AI-Generated Content? The EU AI Act Transparency Rule, Explained

Do You Need to Disclose AI-Generated Content? The EU AI Act Transparency Rule, Explained

If you've used ChatGPT to draft a client email, Gemini to write social captions, or Claude to put together a proposal, you've probably asked yourself some version of the same question: do I need to tell anyone?
It's a fair question, and it's gotten murkier rather than clearer over the past few months. In May 2026, the EU agreed to delay the headline AI Act deadline — the one covering "high-risk" systems like hiring tools and credit scoring — from August 2026 to December 2027. Cue a wave of "AI Act Delayed" headlines circulating on LinkedIn.
Here's the part most of those headlines left out: that delay doesn't touch the rule that actually applies to most SMEs. The transparency and labelling obligations under Article 50 of the AI Act are still landing on schedule, 2 August 2026. If your business uses generative AI anywhere near your customers — chatbots, marketing content, client-facing copy — this is the rule you actually need to understand.
This guide breaks down what Article 50 covers, who it applies to, and — because this is the part that actually matters day to day — ten concrete scenarios showing exactly when you need to disclose AI involvement and when you don't.

To see whether your business is compliant, use Decode & Grow’s AI Compliance Check.

What Is Article 50, Actually?

Article 50 of the EU AI Act is the transparency obligation. It's built on a simple principle: people should generally know when they're interacting with AI, or when something they're looking at was made by AI, so they can make informed decisions about how much to trust it.
It is not part of the high-risk system framework that just got delayed. High-risk obligations apply to a narrow set of systems used in things like recruitment screening, credit scoring, and law enforcement, and they come with heavy compliance machinery: conformity assessments, technical documentation, human oversight protocols. That's the part the EU postponed because the regulatory infrastructure (technical standards, notified bodies) wasn't ready in time.
Article 50 is much lighter and much broader. It doesn't care whether your AI use is "high-risk" — it applies the moment you fall into one of four specific situations, regardless of industry or company size. And because the underlying disclosure requirements are cheap to implement (a label, a notice, a line of text) rather than expensive compliance infrastructure, the EU saw no reason to delay them.

The Four Things Article 50 Covers

1. AI that talks to people directly (Article 50(1)) If you deploy a chatbot, voice assistant, or any system that interacts directly with a person, that person needs to know they're talking to AI — unless it's already obvious from context.
2. AI-generated synthetic content — the "machine-readable marking" rule (Article 50(2)) If your AI system generates audio, image, video, or text content, the provider of that system (think OpenAI, Google, Anthropic) has to ensure outputs are marked in a machine-readable format so they can be detected as AI-generated. This obligation sits mostly with the AI tool providers, not you as a user — though it's worth knowing it exists, since it's how watermarking and detection tools are meant to work under the hood.
3. Emotion recognition and biometric categorisation (Article 50(3)) If you use AI to read someone's emotional state or sort people into biometric categories, you need to tell them. Not relevant to most service businesses, but worth knowing if you're in retail analytics, HR tech, or similar.
**4. Deepfakes and AI-generated text on matters of public interest — the "deployer disclosure" rule (Article 50(4))**This is the one that actually matters for day-to-day content. If you (the deployer, meaning whoever is using the AI system, not necessarily who built it) publish a deepfake, or publish AI-generated text intended to inform the public on a matter of public interest, you have to disclose that it's artificially generated.
That fourth point is where almost all the real-world confusion lives, so it's worth slowing down on it.

The Two Phrases That Decide Everything

Two phrases in Article 50(4) do almost all the work in determining whether you need to disclose anything:
"Published with the purpose of informing the public on matters of public interest."
This is a narrow trigger. It's aimed at things like AI-written news articles, public health communications, and journalism — content whose entire function is to inform the public about something that matters to society. It is not aimed at client emails, internal memos, marketing copy, or product descriptions. As legal commentary on the Act puts it plainly: most internal documentation, marketing copy, and product literature simply falls outside this obligation altogether.
"Has undergone a process of human review or editorial control... where a natural or legal person holds editorial responsibility."
Even where the first condition is met, this carve-out swallows most everyday use cases. If a human reviews AI-generated content and takes responsibility for publishing it, the disclosure obligation doesn't apply. The logic is straightforward: human review meaningfully reduces the risk of misleading, unmonitored content reaching the public, so the law doesn't impose a labelling burden on top of it.
Put those two conditions together, and you get the practical rule that governs almost everything an SME does day to day: if a human is reading it over before it goes out, and it's not public-interest journalism or commentary, you don't need to disclose AI involvement.
That's genuinely good news for the vast majority of business AI use. But there's a second category worth understanding separately — deepfakes — because the rules there are stricter and the exemptions narrower.

Deepfakes Are a Different, Stricter Story

Article 50(4) treats audio/image/video deepfakes more strictly than AI-generated text. A deepfake is defined as AI-generated or manipulated content that resembles a real person, object, place, or event and would falsely appear authentic.
If you deploy a deepfake, you must disclose it — full stop, with only narrow exceptions (law enforcement use, or content that's evidently artistic, fictional, or satirical, where a lighter-touch disclosure still applies). There's no general "internal use" exemption for deepfakes the way there effectively is for text. The contexts where this lands hardest: advertising using synthetic depictions of real-looking people or places, influencer and brand-partnership content, corporate communications using AI-generated spokespeople, and any product demo that creates a "real-looking" but fabricated scenario.
If your business is producing AI avatars, synthetic voiceovers of real-sounding people, or AI-generated "customer testimonial" style content, that's the part of Article 50 to pay closest attention to — it's a different risk profile from drafting an email.

Ten Use Cases: When Disclosure Is Needed (and When It Isn't)

Here's where this gets concrete. These ten scenarios cover the situations SME founders and operators actually run into.

❌ Disclosure NOT needed

1. Drafting client emails with ChatGPT, Gemini, or Claude You write the brief, the AI drafts it, you read it over and hit send. This is internal-to-business correspondence, not public-interest publishing, and you've exercised editorial control. No disclosure required.
2. Internal memos, SOPs, and process documentation Purely internal documents that never reach the public sit outside Article 50(4) by definition. Even AI-assisted board papers or internal strategy documents are unaffected — provided they stay internal and don't feed directly into, say, an externally published statement.
3. Marketing copy, website content, and product descriptions Marketing copy and product literature are explicitly called out as falling outside the "informing the public on matters of public interest" trigger. A landing page written with AI assistance and reviewed by you before publishing doesn't need an AI disclosure badge.
4. Social media captions and LinkedIn posts (non-deepfake) Text-based social content drafted with AI and posted by a human after review falls under the same logic as marketing copy — it's not public-interest journalism, and human editorial control applies.
5. AI-assisted proposals, reports, and client deliverables If you use AI to help draft a client proposal or report and then review, edit, and take responsibility for what's sent, the human-review carve-out applies. This covers most of the AI-assisted document work consultancies and agencies do.
6. Standard photo editing or filters Article 50(2)'s marking obligation explicitly excludes AI that performs an assistive editing function or doesn't substantially alter the input's meaning. Adjusting lighting, cropping, or applying a filter isn't the kind of "synthetic content generation" the rule targets.
7. Using an AI chatbot where it's obvious you're talking to a bot Article 50(1)'s disclosure duty doesn't apply where the AI nature of an interaction is already obvious to a reasonably well-informed person. A clearly labelled "AI Assistant" widget with a robot icon generally satisfies this without extra disclosure language — though making it genuinely obvious is doing real work here, not a loophole to lean on.

✅ Disclosure IS needed

8. A customer-facing AI chatbot on your website If a system is designed to interact directly with people and it isn't obvious they're talking to AI, you need to inform them — typically a short, clear notice before or at the start of the interaction. This is the most common real obligation SMEs will face under Article 50, and it's a straightforward fix: a line like "You're chatting with our AI assistant" at the start of the conversation.
9. AI-generated or AI-manipulated video, audio, or images depicting real-seeming people, places, or events This is the deepfake rule. If you create a synthetic video of a "spokesperson," an AI voiceover designed to sound like a real identifiable person, or a fabricated "behind the scenes" image that looks authentic, you must disclose it as artificially generated — clearly, and at the point someone first encounters it. This applies even in advertising and influencer content.
10. AI-generated commentary or articles published to inform the public on a matter of public interest, without human editorial review If you publish AI-generated text on a genuinely public-interest topic (public health guidance, civic information, journalism-adjacent commentary) and skip human review and editorial sign-off, disclosure is required. The moment a named person or your business takes editorial responsibility for the content — actually reading and approving it before publication — you fall back into the exemption.

The Practical Takeaway

If you strip away the headline noise, Article 50 reduces to a short checklist for most service businesses:
  • Have a chatbot or AI assistant facing customers? Add a clear "you're talking to AI" notice at the start of the interaction.
  • Using AI to draft emails, proposals, internal docs, or marketing copy? Keep doing what you're already doing — reviewing before you send or publish — and you're covered.
  • Producing AI-generated video, audio, or images that look like real people or real events? Label them as AI-generated, every time, before someone is exposed to them.
  • Publishing AI-written content as public-interest information with no human sign-off? Either add a real editorial review step, or disclose the AI origin.
The compliance burden here is genuinely light compared to the high-risk system rules everyone's been talking about. There's no conformity assessment, no technical documentation file, no notified body. It's mostly a question of: is a human actually reviewing this before it goes out, and is it the kind of content the rule is built to catch?
For most founder-led SMEs, the honest answer is that you're probably already compliant simply by virtue of being a careful operator who reads things before sending them. The gaps tend to show up specifically around customer-facing chatbots (which need an explicit notice, not just careful habits) and any synthetic media that depicts real-seeming people — both worth a deliberate five-minute check rather than an assumption.
This article is provided for general informational purposes and does not constitute legal advice. The EU AI Act's implementing guidelines and Code of Practice are still being finalised, and specific situations may warrant a tailored legal assessment. If you'd like help mapping your business's actual AI use against these obligations, Decode & Grow's AI Compliance Check can walk through it with you.
Made on
Tilda