10 July 2026 · 7 min read · Regulation · EU AI Act

The EU’s AI-content labeling rules arrive on 2 August. Here’s what marketing teams actually have to do.

In three weeks, disclosing realistic AI-generated imagery stops being a courtesy in the EU and becomes a legal obligation — one that lands on the advertiser, not the AI vendor.

On 2 August 2026, the transparency chapter of the EU AI Act — Article 50 — becomes applicable. Most of the coverage has focused on chatbots and deepfake politics. The provision that should worry marketing teams is quieter: if you publish AI-generated imagery that looks real, you must say so, clearly, from the first moment anyone sees it. The fine for getting it wrong runs to €15 million or 3% of worldwide turnover. And unlike most AI-Act duties, this one does not sit with OpenAI or Adobe. It sits with you.

Two obligations, two different owners

Article 50 splits responsibility in a way that trips people up. Article 50(2) is for providers — the companies that build generative systems. They must ensure outputs are "marked in a machine-readable format and detectable as artificially generated or manipulated". That is the invisible, technical layer: metadata, watermarks, provenance signatures baked into the file by the tool.

Article 50(4) is for deployers — any business using an AI system under its own authority. If the system generates or manipulates image, audio or video content that constitutes a "deep fake", the deployer must disclose that the content has been artificially generated or manipulated. Under Article 50(5), that disclosure has to be "clear and distinguishable" and delivered "at the latest at the time of the first interaction or exposure" — on the asset itself or immediately with it, not buried in a terms page.

A marketing team publishing AI-generated campaign imagery is a deployer. The tool vendor handles the metadata; the disclosure duty on the published ad is yours.

Diagram comparing Article 50(2) provider obligations (machine-readable marking, delayed to 2 December 2026 for existing systems) with Article 50(4) deployer obligations (clear disclosure of realistic AI imagery, applying from 2 August 2026)
The vendor marks the file; the business that publishes it owes the visible disclosure.

Is a product shot really a “deepfake”?

The word suggests face-swapped politicians, but the Act’s definition is broader: AI-generated or manipulated content resembling real persons, objects, places or events that could falsely appear authentic. A legal analysis of the Commission’s draft guidelines by Lausen Rechtsanwälte reaches the conclusion most agencies have been avoiding: photorealistic AI-generated product images trigger the labeling duty "regardless of the marketing context", and "intent to deceive is not a prerequisite". The same analysis notes the guidelines expressly name marketing and communications departments as covered deployers.

The boundary runs along realism, not subject matter. The Commission’s draft guidance indicates that clearly fantastical or physically impossible content falls outside the deepfake definition, because nothing about it "falsely appears authentic". A floating island in a brand color is fine unlabeled; an AI-generated lifestyle shot of a model wearing your product in a kitchen that never existed is exactly what the rule is aimed at.

For ad copy the picture is looser: the AI-text limb of Article 50(4) applies to text published to inform the public on matters of public interest, and the Lausen analysis concludes pure product advertising generally is not that. The caveat is native advertising dressed up as editorial — that can fall back into scope.

The deadline is firm. The rulebook around it is not.

The compliance machinery is arriving out of order. The Commission published draft transparency guidelines on 8 May 2026 and consulted until 3 June — they are not yet final. The Code of Practice on marking and labelling AI-generated content, foreseen by Article 50(7), was published on 10 June 2026 and is still undergoing its adequacy assessment. Teams are expected to comply from August against guidance that is still settling.

One genuine reprieve exists, and it is narrower than the headlines suggested: the AI Omnibus provisional agreement of 7 May 2026 delays the provider-side machine-readable marking duty to 2 December 2026 — and only for generative systems already on the market before 2 August. The deployer disclosure duty on published deepfake-style content still applies from 2 August 2026. In other words: the part that applies to advertisers was not delayed.

Non-compliance sits in the middle tier of the Act’s penalty ladder: Article 99(4) allows fines up to €15 million or 3% of total worldwide annual turnover, whichever is higher.

Timeline of 2026 EU AI Act transparency milestones: draft guidelines 8 May, Code of Practice 10 June, Article 50 deployer duty applies 2 August, delayed provider marking deadline 2 December
The deployer duty on published ads was never delayed — only the provider-side marking for pre-August systems.

The machine-readable layer already exists — and already leaks

The marking infrastructure regulators are counting on is C2PA Content Credentials, and adoption is real: OpenAI has embedded Content Credentials in DALL·E images since February 2024, Adobe Firefly attaches them automatically to fully AI-generated assets, TikTok has read and honored them since May 2024, and Google shipped the Pixel 10 with Content Credentials built into the camera in September 2025. A formal conformance program has been operational since October 2025, and the C2PA counts more than 6,000 members and affiliates.

But there is a catch the compliance plan cannot ignore, and OpenAI itself said it plainly: the metadata is easily removed. Screenshots strip it. Many upload pipelines and social platforms strip it. An asset that left the generator correctly marked can arrive at the publish step naked. If your disclosure process assumes the marking survives the journey through export, retouch, CDN and ad platform, it will fail quietly — and the deployer duty is on what you actually published.

That is why the reliable control point is the last one before publishing: inspect the file you are actually shipping — does it still carry credentials, and does the visible disclosure your process requires actually appear? Chekr reads Content Credentials on every uploaded creative and shows a provenance badge with the declared generator, precisely because the pipeline upstream cannot be trusted to preserve it.

Compliance is a workflow property, not a policy document

The teams that will sail through August already treat AI-creative review as a gate, not a vibe. The ones at risk are running the workflow this regulation implicitly bans: generate, glance, publish. A written policy that says "we label AI content" means nothing if nobody can say, for a given shipped asset, whether it was AI-generated, whether it looked authentic, and whether the label made it to the placement.

The good news: the same gate that catches garbled text and anatomy errors before they embarrass the brand is the natural place to hang the compliance check. One review step, per creative, before publish — with a record of what was checked. If you are building that process from scratch, our AI image QA checklist is a reasonable skeleton to start from.

What to do about it

  • Inventory where AI-generated imagery enters your output — including agencies and freelancers. The disclosure duty follows the published asset, not the tool license.
  • Classify honestly: photorealistic AI content that could pass for a real photo needs a clear, immediate disclosure from 2 August 2026; clearly stylized or fantastical content generally does not.
  • Do not rely on tool-side metadata surviving to publish — verify Content Credentials on the final file, at the last step before it ships.
  • Put the disclosure decision inside your existing creative-QA gate so every asset gets exactly one accountable check — try a scan on one of yours to see what that gate can look like.
  • Watch the final Article 50 guidelines and the Code of Practice adequacy decision — the details of “clear and distinguishable” are still being settled.

Sources

  1. Article 50: Transparency obligations for providers and deployers of certain AI systems — European Commission, AI Act Service Desk
  2. Consultation on the draft guidelines on transparency obligations under the AI Act — European Commission
  3. Code of Practice on marking and labelling of AI-generated content — European Commission
  4. Section 50(4) of the AI Act: what organisations must label as AI content from August 2026 — Lausen Rechtsanwälte
  5. EU AI Act transparency obligations: preparing for compliance by 2 August 2026 — Sidley Austin
  6. Article 99: Penalties — artificialintelligenceact.eu (Future of Life Institute)
  7. Transparency rules under Article 50 — artificialintelligenceact.eu (Future of Life Institute)
  8. OpenAI adopts C2PA standard for DALL·E 3 image metadata — Maginative
  9. Content Credentials in Adobe Firefly — Adobe
  10. Partnering with our industry to advance AI transparency and literacy — TikTok
  11. Pixel and Android: trusted images with C2PA Content Credentials — Google Security Blog
  12. Raising the bar for trust: introducing the C2PA Conformance Program — Content Authenticity Initiative