By Greg Nowak. Last updated 2026-06-26.
AI disclosure has moved out of the policy document and into the publishing workflow. In June 2026, the European Commission published its final Code of Practice on marking and labelling AI-generated content. The code is voluntary, but it is designed to support AI Act transparency obligations that apply from 2 August 2026. Google, meanwhile, is still taking a practical line: AI use is not automatically a search problem. Low-quality, unoriginal, ranking-first publishing is.
That distinction matters for agencies, publishers, ecommerce teams, public institutions, and B2B companies already using AI for drafts, summaries, translations, product descriptions, FAQ expansion, or editorial repackaging. Most teams do not fail because nobody wrote a policy. They fail because the CMS does not record what happened before a page goes live.
A spreadsheet can capture intent. A CMS workflow can change behaviour. When the disclosure decision, source notes, review state, author accountability, and duplicate-content checks sit inside WordPress or Drupal, editors are not asked to remember a separate compliance ritual at the end of a busy production cycle. The evidence stays with the page.
Disclosure is a publishing state, not a legal footnote
The Commission's June 2026 notice makes clear that the Code of Practice is voluntary, while also placing it in the context of transparency obligations. It points to cases where clear labelling matters: deepfakes, AI-generated or AI-manipulated text on matters of public interest, and interactive AI systems such as chatbots.
That does not mean every harmless AI-assisted edit needs the same treatment. It does mean public-facing teams need a repeatable way to decide, record, and apply labels when readers would reasonably expect them.
The useful question is not simply: did we use AI? It is more specific: what role did AI play, what type of content is this, who reviewed it, and what should the reader be told? Those answers are content metadata. They belong near the title, author, status, category, excerpt, canonical settings, and publication date.
Google's AI content guidance points in the same direction. Search does not reject content just because automation helped produce it. Google says its focus is quality rather than production method, and it advises creators to produce original, people-first content that demonstrates expertise, experience, authoritativeness, and trustworthiness. It also says AI or automation disclosures are useful where readers would reasonably wonder how something was created.
So the CMS should not treat AI assistance as a confession. It should treat it as production context that can be reviewed.
Why spreadsheets break down
Spreadsheets are attractive because they are fast. A team can add columns for AI used, checked by, disclosure needed, and notes. For a small pilot, that may be enough. For a real publishing operation, the weaknesses show up quickly.
The sheet sits outside the approval flow. It is not automatically required before publication. It does not stop a draft being scheduled while disclosure is undecided. It does not appear in the editor's normal queue. It can be duplicated, filtered badly, forgotten, or updated after the page has changed. Most importantly, it separates the evidence from the content that needs the evidence.
WordPress already gives editors a familiar operational surface. The Posts screen lets teams edit, delete, view, filter, and search posts. It supports bulk edits for fields such as author and status, provides Quick Edit for common values, and includes filters for published, scheduled, pending review, draft, and private content. That is exactly where AI governance should appear: as visible columns, filters, states, and checks editors already understand.
| Publishing need | Spreadsheet workaround | CMS workflow |
|---|---|---|
| Record whether AI assisted the content | A manual column maintained away from the page | A required field attached to the post or page |
| Decide whether disclosure is needed | A reviewer has to remember to update the sheet | The disclosure decision sits inside editorial approval |
| Check source and originality notes | Free-text notes live outside the content record | Structured notes are visible during review |
| Stop accidental publishing | No reliable enforcement | Validation blocks publication until required fields are complete |
| Audit previous decisions | Exports depend on spreadsheet discipline | Filtered CMS views show AI role, disclosure status, reviewer, and date |
The SEO risk is unmanaged scale
Google's spam policies make the commercial risk sharper. Scaled content abuse is described as generating many pages mainly to manipulate rankings rather than help users, often with large amounts of unoriginal content that provides little or no value. Google's site reputation abuse policy also warns against publishing third-party content primarily to take advantage of a host site's ranking signals.
Those policies are not an argument against useful automation. They are an argument against blind throughput. AI makes it easier to produce more drafts, variants, summaries, and pages. Without workflow controls, teams can mistake volume for progress and publish pages that are thin, repetitive, weakly sourced, or confusing for the site's audience.
A good CMS setup should therefore check more than disclosure. It should help editors ask whether the page earns its place. Is the content original enough to publish? Is it written for the user's task, not just a keyword gap? Is the author or reviewer clear where readers would expect accountability? Is the content substantially similar to existing pages? Is the site using its reputation responsibly?
These are editorial and search-quality questions. They are easier to manage when they become fields, checklists, and review states instead of informal reminders.
What to build into WordPress or Drupal
A sensible implementation starts small. The aim is not to make editors complete a compliance obstacle course. It is to create a durable record of the decisions that should already be happening.
Start with an AI role field. Useful values might distinguish no AI involvement, idea generation, outline support, draft generation, summarisation, translation support, image generation, or substantial AI rewriting. That distinction matters because a lightly edited headline suggestion does not need the same review as an AI-generated public-interest explainer.
Then add a disclosure decision field. Keep the options plain: not needed, needed and added, needs review, or not applicable. If disclosure is required, the CMS should store the disclosure text or confirm that it has been inserted in the right template area. For sites with multiple content types, the label should be handled consistently rather than improvised by each author.
Source notes should live in the content record as well. This does not have to mean a long bibliography for every page. A short structured note can record the key source material used by the human reviewer, especially when AI helped summarise or transform information. The point is simple: the editor should be able to see the basis for the content before approving it.
Review states connect that data to behaviour. Draft can mean the content is still being prepared. Pending review can mean human editorial review is required. A dedicated AI disclosure check can sit before scheduling when the AI role or content type makes it necessary. Published should mean the required fields were completed and the content passed the right review.
Finally, create audit views. Editors and owners should be able to filter public content by AI role, disclosure status, reviewer, content type, publication date, and review state. That makes governance visible. It also gives agencies a clearer handover artefact: not a vague promise that the work was checked, but an exportable view of what was checked.
The workflow should keep humans responsible
AI governance is not only a technical problem, and it is not only a legal problem. For publishing teams, it is a responsibility problem. The CMS should make it clear who reviewed the content, what AI did, whether a reader-facing disclosure was considered, and why the page is useful enough to publish.
That keeps the process commercially realistic. Editors should not be slowed down on routine pieces where AI only helped with structure or internal drafting. They should be stopped when a higher-risk content type is missing a decision, when a public-interest article has no disclosure review, or when a batch of near-duplicate pages is being prepared mainly for search coverage.
Greg can help agencies and site owners turn that operating model into practical CMS changes: custom fields, editorial statuses, source-note conventions, disclosure checks, duplicate-content checks, dashboard columns, filtered admin views, and exportable audit reports. In WordPress, this can build on the native Posts screen and the editorial habits teams already use. For Drupal projects, the same governance brief can be implemented around the site's content model and approval flow.
The useful outcome is not a heavier publishing process. It is a cleaner one. When AI assistance is recorded at the point of publication, disclosure is no longer dependent on memory, and SEO quality is no longer separated from editorial accountability. The CMS becomes the place where policy leaves an evidence trail.
Related on GrN.dk
- Bing’s AI Search Push Makes Sitemap and IndexNow Freshness a Real Ops Problem
- The 2026 WordPress Plugin Exploit Drumbeat Makes Plugin Inventory and Incident Response Paid Work
- Web Search and Citation Controls Turn AI Research Assistants Into a Source-Governance Project
Need help with this kind of work?
Build AI disclosure checks into your CMS workflow Get in touch with Greg.