Skip to main content
GrN.dk

Main navigation

  • Articles
  • Contact
  • Your Digital Project Manager
  • About Greg Nowak
  • Services
  • Portfolio
  • Container
    • Excel Freelancer
    • Kubuntu - tips and tricks
    • Linux Apache MySQL and PHP
    • News
    • Image Gallery
User account menu
  • Log in

Breadcrumb

  1. Home

The EU’s August AI Deadline Reaches Bots and Synthetic Content

Illustrated infographic summarizing: The EU’s August AI Deadline Reaches Bots and Synthetic Content

By Greg Nowak. Last updated 2026-07-16.

The EU AI Act’s next transparency deadline is not just a concern for model developers. From 2 August 2026, Article 50 applies to customer-facing bots, synthetic text and media, deepfakes, certain public-interest publications, emotion recognition, and biometric categorisation.

There is no single label that solves all of this. Article 50 gives providers and deployers different duties in different situations. Some concern the information a person sees. Others require a machine-readable mark embedded in an output. The available exceptions depend on the system, the content, and the way it is used.

For most businesses, the immediate job is operational: find every relevant AI touchpoint, decide who owns it, and work out whether the required control belongs in a website, chat widget, API, content-management system, media pipeline, or publishing process.

Article 50 sets out several separate duties

Providers of AI systems designed to interact directly with people must ensure that users are informed they are dealing with AI. That disclosure is not required when the AI involvement would already be obvious to a reasonably well-informed, observant, and circumspect person, given the circumstances and context.

Providers also have obligations for AI systems, including general-purpose AI systems, that generate synthetic audio, images, video, or text. Outputs must be marked in a machine-readable format and remain detectable as artificially generated or manipulated. As far as technically feasible, the method must be effective, interoperable, robust, and reliable. Article 50 also allows for content limitations, implementation costs, and the generally acknowledged state of the art.

Deployers face a different set of questions. People exposed to emotion-recognition or biometric-categorisation systems must be informed about their operation. Deployers must disclose artificially generated or manipulated image, audio, or video content that constitutes a deepfake. They must also disclose AI-generated or manipulated text published to inform the public about matters of public interest, unless the content has undergone human review or editorial control and an identifiable person or organisation holds editorial responsibility.

Where Article 50 paragraphs 1 to 4 require information, it must be clear, distinguishable, accessible, and available no later than the first interaction or exposure. That makes compliance an interface, content-design, and release-management issue as much as a legal one.

AI touchpoint Decision to make Control to check Likely owners
Website or support bot Is the user told that they are interacting with AI, or is it already obvious in context? Accessible disclosure at the first interaction Product, web, accessibility, legal
Synthetic text, audio, image, or video Who is the provider, and how are outputs made machine-detectable? Provider marking capability and end-to-end testing Vendor management, engineering, publishing
Deepfake used by the business Does the deployer need to disclose that the content was generated or manipulated? Disclosure suited to the medium and shown at exposure Communications, content, legal
AI-generated public-interest text Does the text qualify, and are the review and editorial-responsibility conditions met? Disclosure or a documented exception assessment Editorial, compliance, CMS owner
Emotion recognition or biometric categorisation Who is exposed to the system, and how will they be informed? Accessible notice and applicable data-protection controls Privacy, security, system owner
A practical starting point for an AI-touchpoint inventory. The organisation’s adviser should confirm legal classifications and exceptions.

Inventory touchpoints, not just vendors

A software register might show that the company licenses one generative-AI service. It may not show that the same service powers a customer bot, an internal drafting assistant, a CMS integration, automated image production, an API, and a social-publishing workflow. Each use can involve a different audience, output, responsibility, and exception.

The inventory therefore needs to connect each underlying system with what people actually encounter. For every touchpoint, record whether someone communicates directly with AI; whether the system produces text, audio, images, or video; whether the output is generated or manipulated; whether published text concerns a matter of public interest; and whether human review, editorial control, and identifiable editorial responsibility are present.

Ownership matters too. Record who controls the interface, content template, technical integration, and route to publication. These details give the organisation’s legal adviser something concrete to classify. A note saying that “the vendor handles compliance” does not explain what happens once an output enters the company’s own workflow.

Follow the output through the full workflow

The voluntary Code of Practice on Transparency of AI-Generated Content has two sections. Its provider section covers machine-readable marking and the detection of generated or manipulated content. Its deployer section covers the labelling of deepfakes and certain generated or manipulated text.

On 8 July 2026, the Commission concluded that the code adequately covers the obligations in Article 50(2), (4), and (5). The associated Commission opinion was published on 9 July, and the AI Board adopted its adequacy assessment the following day. The Commission presents the code as a voluntary, EU-wide way to demonstrate compliance, while stressing that signing it is not conclusive evidence of compliance.

The scope is important. The code concentrates on generated content. The direct-interaction duty for bots under Article 50(1), along with the emotion-recognition and biometric-categorisation duty in Article 50(3), remains a separate part of the work. A project focused only on synthetic-content labels could leave other affected uses untouched.

It is also worth testing the published result, not merely the provider’s original output. A provider may support a marking technique, but the file or text can then pass through editing, optimisation, conversion, a CMS, and several distribution channels. End-to-end testing shows whether the machine-readable signal is still detectable in the version the public receives. If it disappears, both the workflow and the legal implications need review.

Make disclosure work at first contact

The timing and accessibility requirements should shape the implementation. A chatbot may need an introductory message or interface element that remains perceivable on desktop, mobile, and embedded versions. Generated media may need a disclosure shown with the content. Public-interest text may be better handled through a structured CMS field and publication rule than by asking each editor to improvise the wording.

Exceptions need the same discipline. Whether an AI interaction is obvious depends on context. The exception for public-interest text requires the relevant human review or editorial control, plus an identifiable person or organisation with editorial responsibility. For evidently artistic, creative, satirical, fictional, or analogous works, deepfake disclosure is limited to an appropriate form that does not hamper display or enjoyment.

Documenting these decisions makes them usable. Product and publishing teams need a repeatable rule, not a fresh interpretation every time content goes live.

Connect the GDPR work without merging it

Article 50 does not replace data-protection obligations. This is especially relevant when an AI initiative uses web scraping for development or training. The EDPB states that the GDPR applies when scraping involves operations on personal data, including collection, storage, organisation, and retrieval.

The EDPB’s July 2026 material highlights legal basis, special-category data, purpose limitation, transparency, accuracy, and data minimisation. It also recommends measures such as using reliable sources, recording timestamps, and validating scraped data before training. An AI notice on a website or a mark on generated output does not settle those questions.

The sensible connection point is the evidence. An AI inventory can flag systems that involve scraping or personal-data processing, so privacy specialists can assess those flows alongside the Article 50 work while keeping the two legal analyses distinct.

What to do before 2 August

Start with externally visible and higher-impact uses: public bots, synthetic media, automated publication, public-interest content, deepfakes, and emotion-recognition or biometric-categorisation systems. Give every touchpoint a business owner and a technical owner. Record its provisional provider-deployer classification, current disclosure status, marking capability, exception assessment, and remediation decision.

Then put the agreed controls where they will actually operate: chat components, CMS fields and templates, media pipelines, API contracts, editorial checklists, and release tests. Keep evidence of vendor capabilities, legal decisions, accessibility checks, and representative end-to-end tests.

This work tends to cross several organisational boundaries. A digital project manager can keep legal advisers, vendors, designers, developers, privacy specialists, and publishing teams working from the same inventory and decisions. Greg can lead that coordination and turn the agreed requirements into a delivery plan across the relevant digital touchpoints.

The useful outcome is a traceable process: the right disclosure or technical measure reaches the right interaction or piece of content at the required time.

Related on GrN.dk

  • AI images need a media-library audit before they reach clients
  • Background AI Tasks Need Queues, Not Just Longer API Calls
  • AI disclosure rules belong in the CMS, not a spreadsheet

Need help with this kind of work?

Map your AI touchpoints before August Get in touch with Greg.

Sources

  • Article 50: Transparency obligations
  • Code of Practice on Transparency of AI-Generated Content
  • Commission assessment of the transparency code
  • Draft Article 50 guidelines consultation
  • EDPB guidance on AI, scraping, and transparency
Last modified
2026-07-16

Tags

  • EU AI Act
  • Article 50
  • AI governance
  • chatbots
  • synthetic content

Review Greg on Google

Greg Nowak Google Reviews

 

Illustrated infographic summarizing: The EU’s August AI Deadline Reaches Bots and Synthetic Content
The EU’s August AI Deadline Reaches Bots and Synthetic Content
2026-07-16

Article 50 applies from 2 August 2026. Businesses need to map AI touchpoints, clarify ownership, and put workable transparency controls in place.

Illustrated infographic summarizing: A Voice Agent Is Only Ready When the Human Handoff Works
A Voice Agent Is Only Ready When the Human Handoff Works
2026-07-15

A practical guide to voice agents that recognise failure, pass useful context to staff, protect customer data, and improve resolution after launch.

Illustrated infographic summarizing: If the Facts Need JavaScript, AI Search May Miss the Full Page
If the Facts Need JavaScript, AI Search May Miss the Full Page
2026-07-14

A practical guide to finding and fixing JavaScript rendering gaps that can hide services, prices, contact details and metadata from AI search crawlers.

Illustrated infographic summarizing: Search Console Can See Social Posts—Your Reports Need a New Map
Search Console Can See Social Posts—Your Reports Need a New Map
2026-07-13

Search Console now reports how social posts perform across Google. Here’s a practical way to manage properties, permissions, baselines and exports.

Illustrated infographic summarizing: WordPress 7.0 Has an AI Client. Plugins Need Their Own Guardrails
WordPress 7.0 Has an AI Client. Plugins Need Their Own Guardrails
2026-07-12

WordPress 7.0 standardizes how plugins call AI providers, while leaving developers responsible for access control, cost limits, capability checks and graceful failures.

Illustrated infographic summarizing: Google’s AI Search toggle needs a test plan, not a gut decision
Google’s AI Search toggle needs a test plan, not a gut decision
2026-07-11

Google’s AI Search control creates a measurable publishing choice. Test visibility, traffic and leads before changing the setting across your site.

Illustrated infographic summarizing: OpenAI Is Retiring Agent Builder: Save the Workflow, Not Just Prompts
OpenAI Is Retiring Agent Builder: Save the Workflow, Not Just Prompts
2026-07-10

OpenAI retires Agent Builder on November 30, 2026. Here is what teams need to preserve, how to choose a migration path, and how to cut over safely.

Illustrated infographic summarizing: AI agents need a browser policy before they start clicking around
AI agents need a browser policy before they start clicking around
2026-07-09

Browser-using AI agents can save time, but they need clear rules before they enter CRMs, CMSs, portals, or admin tools and start taking action.

Illustrated infographic summarizing: When AI writes JSON, one bad field can break the workflow
When AI writes JSON, one bad field can break the workflow
2026-07-08

Structured AI output is useful in real workflows, but teams need schemas, validation, retries, and logs before JSON reaches production systems.

Illustrated infographic summarizing: AI search is eating the click: measure the queries before rewriting pages
AI search is eating the click: measure the queries before rewriting pages
2026-07-07

AI summaries are cutting into search clicks. Start with a practical dashboard that shows query risk, bot purpose, page value, and crawler policy.

More articles
RSS feed

GrN.dk web platforms, web optimization, data analysis, data handling and logistics.