EU AI Act Article 50: the disclosure UX that actually satisfies the 2 August 2026 transparency obligation

Bottom line. Article 50 of the EU AI Act takes effect 2 August 2026 and creates four distinct transparency obligations: chatbot interaction disclosure (Article 50(1)), generative AI output marking (Article 50(2)), biometric categorisation and emotion recognition disclosure (Article 50(3)), and deepfake disclosure (Article 50(4)). Most enterprises have absorbed the legal text without designing the disclosure UX it requires. The deadline does not allow for retrofit, and the supervisory authority enforcement posture in the first 12 months will turn on whether a defensible UX implementation is visible at deployment time.

If you run AI deployment for a mid-market or enterprise organisation in 2026 and your products touch end users in the EU, the question that should be on your procurement and product roadmap is not whether Article 50 applies to your deployment but whether your disclosure UX satisfies it on 2 August 2026. The legal text is published, the obligations are clear, and the supervisory authority enforcement window opens roughly 90 days from this piece’s publication date.

This is the operational read on Article 50, the four obligations it creates, the UX patterns that satisfy each, the patterns that fail, the procurement language enterprises should require from vendors, and the audit substrate the disclosure layer has to produce as part of the broader Article 12 documentation requirement.

The publication tracks this on a 60-day Holding-up cadence pegged to the regulatory deadline, with the next review immediately after the 2 August 2026 enforcement window opens.

What Article 50 actually requires

The EU AI Act Article 50 creates four transparency obligations that take effect 2 August 2026. The four obligations land on different actors in the AI value chain and require different UX implementations.

Article 50(1): chatbot and AI-interaction disclosure. Providers must ensure AI systems intended to interact directly with natural persons are designed so the natural person is informed they are interacting with an AI system, unless this is obvious to a reasonably well-informed person taking the circumstances and use context into account. The obligation falls on the provider (the entity that develops or sells the AI system) and propagates contractually to deployers through the system documentation and instructions for use.

Article 50(2): generative AI output marking. Providers of AI systems generating synthetic audio, image, video, or text content must mark the output as artificially generated or manipulated in a machine-readable format detectable as artificial. The obligation applies regardless of whether the synthetic content is for entertainment, commercial, or operational purposes.

Article 50(3): emotion recognition and biometric categorisation disclosure. Deployers of emotion recognition systems or biometric categorisation systems must inform the natural persons exposed to the operation of the system. The obligation falls on the deployer (the entity using the AI system in their operations) and applies to the data-processing surface, not the interaction surface.

Article 50(4): deepfake disclosure. Deployers of AI systems that generate or manipulate image, audio, or video content constituting a deepfake must disclose that the content has been artificially generated or manipulated. The obligation has an exception for content that forms part of an evidently artistic, creative, satirical, fictional, or analogous work or programme.

The four obligations together cover the surface where a natural person could be misled about whether they are interacting with AI, whether they are receiving AI-generated content, or whether their biometric data is being used in ways they would not expect. Each obligation creates a distinct UX implementation requirement.

Article 50(1): chatbot interaction disclosure UX

The defensible UX patterns share four elements that the EU Commission’s AI Office guidance and the early supervisory-authority commentary converge on.

First-interaction visibility. The disclosure must appear when the user first interacts with the AI, not buried in a settings panel, a terms-of-service link, or a privacy policy. The defensible pattern is a chat-window header that displays “AI assistant” or equivalent language, plus a first-message disclosure (“Hi, I’m an AI assistant. How can I help?”) that the user actively reads before composing their first message.

Plain language. The disclosure language must be recognisable to a reasonably well-informed person without specialist training. “AI assistant” works; “powered by GPT-5” arguably does not (it requires the user to know what GPT-5 is). The procurement-defensible language uses common terms — “AI”, “automated”, “chatbot”, rather than vendor-specific or technical jargon.

Persistence and recurrence. The disclosure persists across the session (visible in the chat header throughout the interaction) and recurs when the conversation is resumed after a session break. Patterns that fail typically use a single welcome message that scrolls out of view as the conversation progresses; by message 30 of a long support conversation, the user may not remember whether they are talking to a human or an AI.

Mode-appropriate disclosure. Voice interfaces require an audible disclosure (“You are connected with an AI assistant”). Video interfaces require visual disclosure (badge, watermark, or on-screen text). Multimodal interfaces require disclosure across each modality. The defensible posture is that the disclosure is detectable in whichever modality the user is consuming, not just in the modality that is easiest to implement.

The reasonable-person exception. The Article 50(1) obligation exempts cases where AI interaction is “obvious to a reasonably well-informed person taking the circumstances and the use context into account.” The exception applies in narrow cases, interactions explicitly badged as AI demos, explicitly framed AI tutoring environments, or self-service assistants with prominent AI branding. The exception does not apply to customer service deployments designed to feel human, to chatbots that adopt human personas with names and avatars, or to AI systems integrated into communication tools where the user’s default expectation is human counterparts.

The procurement-defensible read is that most chatbot deployments do not fit the exception and require explicit disclosure. The cost of over-disclosure is low; the cost of under-disclosure is supervisory-authority action.

Article 50(2): generative AI output marking

The machine-readable marking requirement is technically more demanding than the chatbot disclosure obligation because it requires the synthetic content itself to carry detectable provenance signals.

Image and video marking. The reference implementations are C2PA Content Credentials, Google’s SynthID, and the Adobe Content Authenticity Initiative. C2PA is the cross-industry standard with the broadest vendor adoption; SynthID is Google’s approach for content generated by Google models; CAI is the Adobe-led implementation that integrates with Photoshop and the Creative Cloud surface. All three produce cryptographic watermarks that survive most common transformations (compression, resizing, modest editing) and that are detectable by aware downstream tools.

Audio marking. Synthetic speech and audio carry fingerprints similar to the SynthID-Audio approach Google has documented. The technical maturity is lower than for images, and the detection robustness against transformations is uneven. The procurement-defensible posture is to require provider documentation of the marking method and the detection robustness, with explicit acknowledgement of the modalities and transformations the marking does and does not survive.

Text marking. Text-based generative AI marking is the least technically mature. Watermarking approaches embed statistical signals in the token distribution that are detectable by tools with the model’s secret key but not robust to paraphrasing, summarisation, or adversarial editing. The published research includes Google’s text-watermarking work and academic alternatives, but no industry standard has emerged. The first 12 months of enforcement under Article 50(2) for text content will test what counts as good-faith implementation; the regulatory expectation is that providers implement available techniques rather than that detection is perfect.

The procurement implication. AI MSAs in 2026 should include explicit clauses naming the marking standard the provider implements, the modalities it covers, and the customer’s right to documentation of the technical specification. Procurement teams that accept “we implement industry-standard watermarking” without naming the standard are accepting a vendor commitment that may not satisfy supervisory authority inquiries.

Article 50(3): biometric categorisation and emotion recognition disclosure

Article 50(3) addresses the data-processing dimension rather than the interaction surface. The disclosure obligation differs from Article 50(1) in two operational respects.

Pre-processing notification. The disclosure must occur before the processing operates on the natural person’s data, not concurrent with it. A retail surveillance system that categorises customer demographics or infers emotional state must inform customers entering the store before the data capture begins. A workplace monitoring system that infers stress or productivity must notify employees before the monitoring runs. The pattern that fails is post-hoc disclosure in privacy notices the user does not read until after the data has been collected.

Purpose disclosure. The disclosure must include the purpose of the processing, not just its existence. “We are using AI to analyse your image” does not satisfy Article 50(3); “We are using AI to categorise visitor demographics for security risk assessment” does. The purpose disclosure is what allows the natural person to evaluate whether the processing is consistent with their reasonable expectations and to opt out where the legal basis allows opt-out.

The consent record. The defensible UX captures the user’s acknowledgement (and where applicable, consent) and retains the record as part of the EU AI Act Article 12 audit substrate (claim AM-046). Supervisory-authority inquiries about Article 50(3) compliance will ask for the consent record alongside the technical documentation of the system.

The retail and workplace deployments are the highest-risk surfaces under Article 50(3) because the natural person typically has limited ability to refuse the processing without leaving the premises or losing the employment context. Procurement teams scoping such deployments should treat the disclosure UX as a load-bearing legal artefact, not as a privacy-policy update.

Article 50(4): deepfake disclosure and the artistic-work exception

Deepfake disclosure under Article 50(4) is the obligation with the most contested boundary. The text exempts content that forms “part of an evidently artistic, creative, satirical, fictional, or analogous work or programme.” The threshold question is what counts as “evidently” within the presentation context.

Clear-case disclosure required. Deepfake celebrity endorsements in advertisements. AI-generated political content distributed without artistic framing. Deepfake customer-service avatars deployed without disclosure. AI-generated synthetic audio in news contexts. Each requires explicit disclosure under Article 50(4).

Clear-case exception applies. Films with explicitly deepfaked actors as part of the production. AI-generated content within evidently satirical television formats. AI-rendered historical reenactments within documentary or educational frames where the artificiality is part of the production design. Each falls within the artistic-or-creative exception.

Grey-zone cases. Political satire presented in a news-shaped format. Parody shared on social media without the original context. AI-generated “historical” footage used in marketing or educational contexts. The defensibility of the exception turns on the presentation: is the artificiality obvious to the reasonable viewer at the point of consumption, or only after the viewer follows a contextual link or reads accompanying text?

The procurement-defensible posture is to assume disclosure is required unless the editorial or creative framing makes the artificiality obvious. The burden of proof for the artistic-exception sits with the deployer, not the regulator. Deployments that depend on the exception should document the editorial framing, the platform context, and the intended audience as part of the deployment’s compliance file.

What disclosure UX should look like in production

Across the four obligations, the procurement-defensible UX has six properties that supervisory authorities are likely to examine in the first 12 months of enforcement.

1. Visible at the right moment. First interaction for chatbots; pre-processing for biometric and emotion systems; at the point of consumption for deepfakes.
2. In appropriate language. Plain, recognisable, mode-appropriate.
3. Persistent or recurrent. Especially for long-running interactions or repeat sessions.
4. Linked to a substantive disclosure surface. A clickable “more about this AI” link that resolves to a real explanation, not a generic terms-of-service page.
5. Auditable. The disclosure event itself is logged in the EU AI Act Article 12 audit substrate, with timestamp, user identifier (where lawful), and the version of the disclosure that was shown.
6. Updateable. The disclosure UX has its own change-control process tied to the deployment’s broader update workflow, because regulator guidance will shift in the first 12 months and the disclosure language will need to update with it.

UX patterns that fail typically miss one or more of these properties. Single first-message disclosures that disappear into the scroll. Disclosures buried in privacy policies. Generic “AI-powered” labels that do not name the artificiality of the specific output. Disclosure events that are not logged. UX implementations that lock at deployment and cannot be updated as guidance evolves.

What changes in 2026 procurement language

Three additions to the AI MSA red-team checklist are now procurement-defensible asks for AI-deploying enterprises in the EU.

Article 50 compliance documentation. The vendor commits to providing technical documentation of the disclosure UX at deployment time and on each material update, including the language used, the visibility patterns, and the audit substrate the disclosure produces.

Article 50(2) marking technical specification. The vendor names the watermarking standard implemented (C2PA, SynthID, CAI, or named alternative), the modalities covered, and the detection robustness against named transformations. The clause includes the customer’s right to verification testing on representative outputs.

Article 50 update commitment. The vendor commits to updating the disclosure UX in response to AI Office or national supervisory authority guidance issued after deployment, with a defined update window (typically 30-60 days from regulator publication).

The three additions together produce a procurement substrate that survives Article 50 supervisory-authority inquiries. They are not anti-vendor positions; they are the procurement-defensible posture for any enterprise running EU-facing AI deployments in 2026.

What this piece does not claim

This piece does not claim that the published Article 50 guidance is final. The AI Office and national supervisory authorities will continue to publish operational guidance through 2026 and 2027, and specific implementation requirements will refine. The publication tracks the regulatory surface on a 60-day cadence and will update this analysis as the guidance evolves.

This piece does not claim that any specific UX pattern is universally compliant. Compliance turns on the deployment context, the user population, and the supervisory authority’s interpretation. The UX patterns described here are the procurement-defensible defaults, not safe-harbour designs.

This piece does not claim that the artistic-or-creative-work exception under Article 50(4) is narrow or broad in any specific case. The boundary is contested and will be tested in early enforcement actions. The procurement-defensible posture is to assume disclosure is required unless the editorial framing makes the artificiality obvious.

What changes this read

Three triggers would shift the analysis. AI Office publication of detailed Article 50 implementing guidance with named UX patterns endorsed or rejected. National supervisory authority enforcement actions in the first 12 months that establish precedent on what passes and fails. Industry standards convergence on Article 50(2) marking, particularly for text-based generative AI where the technical maturity is lowest.

We will re-test against the EU AI Act text, the AI Office publications, and named supervisory authority enforcement decisions on or before 4 Aug 2026 — immediately after the enforcement window opens.

The companion procurement reading is the 60-question agentic AI RFP (claim AM-026) and the EU AI Act Article 12 audit-evidence template (claim AM-046) where the Article 50 disclosure substrate sits as a required input. The MSA red-team companion is at AM-138 where the post-enforcement procurement-language additions are walked alongside the Article 50 specifics covered here.