AI Act Article 50 Transparency: What Your Chatbots and Deepfakes Must Disclose

# Article 50 Is Already Binding

AI Act Article 50 transparency obligations entered into force on 2 August 2025, earlier than most of the Act's other deployer requirements. If your company runs a customer service chatbot, uses an AI voice agent, or publishes AI-generated images or video, these rules apply to you now. Not eventually. Now.

The rule is straightforward in principle: people interacting with an AI system have a right to know they are doing so. But the details of Article 50 matter enormously for how you design disclosures, draft policies, and train your team.

---

# What Article 50 Actually Says

Article 50 sets out four distinct transparency obligations. Each one targets a different scenario.

Obligation 1: Chatbot self-disclosure. Providers and deployers of AI systems that interact directly with natural persons must ensure those people are told they are communicating with an AI. This disclosure must happen at the start of the interaction, not buried in a terms-of-service page. A customer contacting your helpdesk via an AI-powered chat widget must be told upfront.

Obligation 2: Emotion recognition and biometric categorisation. If you use an AI system that infers emotions or categorises people by characteristics such as political opinion or sexual orientation, the individuals concerned must be informed. This is highly relevant for HR tools that claim to assess candidate engagement or sentiment.

Obligation 3: Deep fake and synthetic content labelling. AI-generated or AI-manipulated images, audio, and video that depict real or realistic-looking people, places, or events must carry a machine-readable label disclosing their artificial origin. This includes synthetic voice used in marketing calls, AI-generated photos of people in advertising, and video content created or edited by generative AI.

Obligation 4: AI-generated text on matters of public interest. Text generated by AI and published to inform people on topics such as elections, health, or financial matters must be labelled as AI-generated. News publishers, healthcare communicators, and financial services firms should pay close attention here.

---

# The Chatbot Disclosure in Practice

Picture a visitor landing on your website and starting a chat. Your AI customer service agent responds within milliseconds. Under Article 50, that first response, or an automated pre-chat message, must make it clear an AI is responding. The phrase does not have to be dramatic. Something as simple as "You are chatting with an AI assistant" is enough, as long as it is prominent and intelligible.

One important carve-out exists: if a human is obviously present in the conversation, disclosure is not required. But the threshold for "obvious" is high. A name and a profile picture are not enough on their own if the underlying system is automated.

Companies using tools like ChatGPT via API or similar large language models embedded in customer-facing workflows need to implement this disclosure at the deployer layer. The model provider does not do this for you. Your platform configuration, your responsibility.

---

# Deepfake Labelling: The Detail That Catches Companies Out

The synthetic content labelling requirement is where many SMEs underestimate their exposure. Consider a few scenarios that are already common across European businesses:

• A marketing team uses an AI image generator to create photos of diverse "customers" for a campaign.
• A training department produces AI-narrated video modules with a synthetic presenter.
• A financial services firm uses a personalised AI voice to call customers about account changes.

All three require a machine-readable label indicating the content is AI-generated. The Article 50 text requires this label to be embedded in a format detectable by automated systems, not just a written disclaimer added in post-production. For video and audio, this means technical watermarking or metadata standards. The European Commission is developing implementing acts to standardise the technical formats, but that process does not suspend your obligation to act now.

For AI-generated images, the C2PA (Coalition for Content Provenance and Authenticity) standard is emerging as the practical implementation route. Tools like Adobe Firefly already embed this metadata. If you are using other generators, check whether they offer equivalent tagging and, if not, apply your own metadata before publishing.

One explicit exemption: purely artistic or satirical content that is clearly presented as such does not require labelling under Article 50. However, the moment the content could reasonably mislead a viewer about its authenticity, the exemption falls away.

---

# Who Bears Responsibility: Providers vs. Deployers

This is the question most compliance officers ask first. The short answer: both, and the obligations are layered.

Providers of AI systems must build the technical capability for disclosure into their products. But Article 26 makes clear that deployers, the companies actually using these tools with end users, are responsible for ensuring those disclosures actually reach the people they are supposed to reach. If the provider supplies a chatbot platform that technically supports a disclosure banner and you switch it off to make the interface look cleaner, that is your liability.

For SMEs, this has a very practical implication. When you procure any AI customer service, HR, or communications tool, your vendor contract should confirm:

1. Which Article 50 disclosure functions are built into the platform.
2. What customisation you are responsible for configuring.
3. Whether the tool supports machine-readable labelling for synthetic content outputs.

If your vendor cannot answer those three questions, treat that as a compliance risk to document.

---

# Penalties for Non-Compliance

Under Article 99 of the AI Act, violations of transparency obligations attract fines of up to €15 million or 3% of total annual worldwide turnover, whichever is higher. For a company with €50 million in annual revenue, that means potential exposure of up to €1.5 million for a failure as simple as forgetting to label AI-generated marketing images.

National market surveillance authorities and data protection authorities share enforcement responsibility across Member States. In the Netherlands, the Autoriteit Persoonsgegevens is positioned to play a significant role, particularly where Article 50 violations intersect with GDPR processing obligations. In Belgium, the APD/GBA holds equivalent powers.

---

# A Practical Disclosure Checklist for Deployers

Here is what to review before your next audit or vendor onboarding:

• Map every AI touchpoint where your organisation communicates with customers, employees, or the public. Include chatbots, voice agents, email automation with generative text, and social content.
• Confirm chatbot disclosure timing. The disclosure must appear at or before the first AI-generated message, not after several exchanges.
• Audit synthetic content outputs. For every AI tool that produces images, video, or audio, confirm whether machine-readable labelling is enabled and what standard it uses.
• Review vendor contracts. Add Article 50 capability confirmations to your standard software procurement checklist.
• Train your content and customer service teams. Staff need to understand when a disclosure is required and how to escalate if a tool does not support labelling. This connects directly to the Article 4 AI literacy obligation that also came into force in August 2025.
• Document your decisions. If you determine that a specific use case falls under an exemption, write that reasoning down. If an authority questions your practices, documented decision-making is your strongest defence.

---

# The Single Most Urgent Action

Pull up your customer-facing AI tools today. Open each one and test whether a new user receives an AI disclosure before or at the moment of the first interaction. If the answer is no, or if you are unsure, that is your starting point.

Transparency under Article 50 does not require expensive system overhauls for most SMEs. It requires deliberate configuration, clear vendor conversations, and a written record of what you have done and why. The companies that will face enforcement action are not the ones who tried and fell short. They are the ones who did not check at all.

Run a free 2-minute compliance check at comply.khairos.ai to see where your organisation stands on Article 50 and the other deployer obligations that are already in force.