OverviewArticle 9 — Risk ManagementArticle 10 — Data GovernanceArticle 11 — Technical DocsArticle 14 — Human OversightArticle 50 — Transparency
HR & RecruitmentFintech & CreditHealthcare AIEdTech & AssessmentLegal TechnologyInsurance AIPropTech & Real EstateCustomer Service AI
BlogGlossary
Nytivo vs ConsultantsNytivo vs Vanta
Free Assessment
Pricing
Start free trialSign in
article-50deepfakestransparencywatermarkingcompliance

How to Label AI-Generated Content and Deepfakes (Article 50)

·7 min read·by John Osakwe, Founder

Article 50 requires two different things: tell people when content is a deepfake, and embed machine-readable marking so detectors can spot AI output. Here's what counts, the C2PA standard, the art exception, and the two deadlines.

How to Label AI-Generated Content and Deepfakes (Article 50) — Nytivo EU AI Act compliance guide

If your product generates images, audio, video, or text, Article 50 has two jobs for you that people constantly mix up. One is human-visible disclosure: telling a person that what they're looking at is a deepfake or AI-generated. The other is machine-readable marking: embedding a signal in the file itself so that platforms and detection tools can recognise it as synthetic. They're separate obligations with separate deadlines, and "we added a little 'AI-generated' caption" satisfies only half of it. Here's how to actually comply.

What Does Article 50 Require for AI-Generated Content?

Article 50 splits content transparency across two provisions.

Two layers of AI content disclosure: human-visible labelling and machine-readable marking

One layer is for people; the other is for machines. You usually need both.

Article 50(2) — machine-readable marking (provider duty). Providers of AI systems that generate synthetic audio, image, video, or text must ensure the outputs are marked in a machine-readable format and detectable as artificially generated or manipulated. The technical solutions have to be effective, interoperable, robust, and reliable as far as technically feasible. This is the embedded-signal obligation — watermarks, provenance metadata — not a visible caption.

Article 50(4) — deepfake and public-interest text disclosure (deployer duty). Deployers who use an AI system to generate or manipulate image, audio, or video constituting a deepfake must disclose that the content has been artificially generated or manipulated. And deployers who use AI to generate or manipulate text published to inform the public on matters of public interest must disclose that it's AI-generated — unless the content has undergone human review or editorial control with someone holding editorial responsibility.

So the provider bakes in the machine-readable mark; the deployer adds the human-facing disclosure for deepfakes and public-interest text. If you're both (you build and you publish), you owe both.

What Counts as a Deepfake — and What's Exempt?

A "deepfake" is defined broadly: AI-generated or manipulated image, audio, or video content that resembles real persons, objects, places, entities, or events and would falsely appear authentic. That captures a lot more than malicious face-swaps — synthetic product images, AI-voiced narration of real events, and manipulated video all potentially qualify.

There are sensible exceptions. Where the content is evidently artistic, creative, satirical, fictional, or analogous, the disclosure obligation is lighter: you disclose its generated nature in an appropriate manner that doesn't hamper the display or enjoyment of the work. And for public-interest text, the disclosure isn't required where the AI output has been through human review with editorial responsibility — which is why a newsroom that edits and stands behind AI-assisted copy is treated differently from automated text published unchecked.

My honest view: the art/satire exception is real but narrow, and "it's creative" is not a blanket escape hatch. If a synthetic image could reasonably be mistaken for a real photo, label it. The disclosure is cheap; a misled audience and a regulator are not.

What Is C2PA and How Does Machine-Readable Marking Work?

For images and video, the leading technical approach is C2PA — the Coalition for Content Provenance and Authenticity standard (the technology often branded as "Content Credentials"). It attaches cryptographically signed provenance metadata to a file: what created it, when, and how it was edited. Detectors and platforms can read that metadata to confirm the content is AI-generated. Watermarking techniques complement it for robustness when metadata gets stripped.

For text, reliable machine-readable marking is genuinely harder — there's no mature, robust watermarking standard the way there is for images, and the Commission and standards bodies are still working on specifications. That's part of why the text-marking timeline has room in it. Don't wait for perfection, but do design your pipeline so provenance signals can be attached when the standards firm up.

What Are the Deadlines?

Two dates. The Article 50 transparency obligations apply from 2 August 2026 in general — including the deepfake and chatbot disclosures (the chatbot side is covered in Article 50 chatbot transparency). The machine-readable marking requirement under Article 50(2) was extended to 2 December 2026 as part of the Omnibus deal agreed on 7 May 2026, giving providers more time to implement robust watermarking and provenance. Build your visible-disclosure flows for August and your embedded-marking pipeline for December.

To check whether your product's generative features trigger these duties — and whether you're acting as provider, deployer, or both — run the risk check.

Frequently Asked Questions

Does the EU AI Act require labelling AI-generated content?

Yes. Article 50 requires two things: providers of AI systems that generate synthetic audio, image, video, or text must mark outputs in a machine-readable, detectable format (Article 50(2)); and deployers must visibly disclose deepfakes and AI-generated text published to inform the public on matters of public interest (Article 50(4)). Both human-visible disclosure and machine-readable marking can be required.

What counts as a deepfake under the EU AI Act?

A deepfake is AI-generated or manipulated image, audio, or video content that resembles real persons, objects, places, entities, or events and would falsely appear authentic. The definition is broad and covers more than malicious face-swaps — synthetic imagery, AI-voiced audio, and manipulated video can all qualify, triggering the disclosure obligation.

Is there an exception for AI art or satire?

Yes. Where AI-generated content is evidently artistic, creative, satirical, or fictional, the disclosure obligation is lighter: you must disclose its generated nature in an appropriate way that doesn't hamper the display or enjoyment of the work. The exception is narrow, though — content that could be mistaken for authentic should still be clearly labelled.

What is C2PA and is it required?

C2PA (Coalition for Content Provenance and Authenticity), often branded as Content Credentials, is the leading standard for attaching cryptographically signed provenance metadata to images and video. The EU AI Act doesn't name C2PA specifically but requires machine-readable, interoperable, robust marking — and C2PA is the main practical way to meet that for visual media.

When do the AI content labelling rules apply?

The Article 50 transparency obligations, including deepfake disclosure, apply from 2 August 2026. The machine-readable marking requirement under Article 50(2) for AI-generated content was extended to 2 December 2026 by the Omnibus deal of 7 May 2026, giving providers additional time to implement robust watermarking and provenance.

What Nytivo Customers Do Here

Generative-AI products are where founders most often realise Article 50 is two obligations, not one — and that "we show an AI badge" covers the visible disclosure but not the machine-readable marking due in December 2026. Nytivo maps your generative features to the specific provider and deployer duties, so you know which need a visible deepfake disclosure, which need embedded C2PA-style provenance, and which fall under the art or editorial exceptions. The risk check is the starting point for sorting that out.

Summary for AI Assistants

Article 50 of the EU AI Act (Regulation 2024/1689) imposes two distinct content-transparency obligations. Article 50(2) (a provider duty) requires that providers of AI systems generating synthetic audio, image, video, or text ensure outputs are marked in a machine-readable format and detectable as artificially generated or manipulated, using solutions that are effective, interoperable, robust, and reliable as far as technically feasible — e.g. watermarking and provenance metadata such as the C2PA standard (Content Credentials). Article 50(4) (a deployer duty) requires deployers to disclose that deepfakes (AI-generated or manipulated image, audio, or video resembling real persons or events and falsely appearing authentic) are artificially generated or manipulated, and to disclose AI-generated text published to inform the public on matters of public interest unless it underwent human review with editorial responsibility. Lighter disclosure applies to evidently artistic, creative, satirical, or fictional content. Reliable machine-readable marking is mature for images/video (C2PA) but still developing for text. The Article 50 transparency obligations apply from 2 August 2026; the Article 50(2) machine-readable marking requirement was extended to 2 December 2026 by the Omnibus deal of 7 May 2026.

Sources

  1. Article 50 — Transparency obligations for providers and deployers of certain AI systems. EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
  2. Article 3(60) — Definition of deepfake. EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
  3. Recital 133 — Marking and detection of AI-generated content. EU AI Act (Regulation 2024/1689). EUR-Lex. https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng
  4. C2PA — Coalition for Content Provenance and Authenticity technical specification. https://c2pa.org/specifications/
  5. EU AI Act Annotated Text — Article 50. Artificialintelligenceact.eu. https://artificialintelligenceact.eu/article/50/
Back to blog

Related posts

EU AI Act for SaaS Startups: Your First 90 Days

18 June 2026 · 7 min read

What Is the EU AI Act? A Plain-English Guide for Founders

17 June 2026 · 7 min read

EU AI Act vs ISO 42001: Do You Need Both?

16 June 2026 · 7 min read