Article 50 Transparency Notices: Ready-to-Use Disclosure Wording for EU AI Act Compliance
Copy-adaptable Article 50 disclosure wording for chatbots, deepfakes, synthetic content, emotion recognition, and AI-generated text. Applies 2 August 2026.
Article 50 of Regulation (EU) 2024/1689 applies from 2 August 2026. It does not require a risk assessment, a conformity procedure, or registration in the EU database. It requires one thing: that the people interacting with your AI system, or exposed to its outputs, know they are dealing with AI. The obligation is simple. Getting the wording wrong — or missing it entirely — still carries a fine of up to €15,000,000 or 3% of worldwide turnover under Article 99(4).
This page gives you concrete, copy-adaptable notice wording for each of the five Article 50 scenarios, explains who owes the obligation, and covers the timing and accessibility rules that make or break compliance.
Disclaimer: The examples below are starting points, not legal advice. Tailor them to your specific context and have legal counsel review before you publish.
What Article 50 Covers
Article 50 sits in the limited-risk tier — the third of the four risk tiers in the EU AI Act. It targets four interaction scenarios where a person could be misled about the nature of what they are dealing with:
- Article 50(1): AI systems that interact with natural persons — chatbots, virtual assistants, conversational interfaces.
- Article 50(2): AI systems that generate synthetic audio, image, video, or text content — including AI-generated text not in the deepfake category.
- Article 50(3): AI systems that perform emotion recognition or biometric categorisation in relation to natural persons.
- Article 50(4): AI-generated or manipulated content that depicts real people or real events (deepfakes), and AI-generated text on matters of public interest published by operators of online platforms.
Article 50(5) sets the timing rule: disclosures must be made at the latest at the moment of first interaction or exposure, and they must be delivered in a clear manner that is accessible to the exposed person. Format it so someone can understand it before they engage — not buried in terms and conditions three screens down.
Article 50(6) is a without-prejudice clause: Article 50 does not override the GDPR, sector-specific law, or other EU transparency obligations. Where GDPR Article 22 also applies (solely automated decisions with legal effects), you need both.
Who Owes Each Obligation
Article 50 splits responsibility between providers and deployers depending on the scenario.
| Scenario | Who owes the obligation |
|---|---|
| Chatbot / conversational AI (Art 50(1)) | Deployer — must inform persons they are interacting with an AI system |
| Synthetic content labelling (Art 50(2)) | Provider — must ensure outputs are marked machine-readably as AI-generated |
| Emotion recognition / biometric categorisation (Art 50(3)) | Deployer — must inform exposed persons |
| Deepfakes (Art 50(4)) | Person who generates or disseminates; platform operator obligations for public-interest text |
The deployer's chatbot and emotion-recognition obligations are operational: you control the interface, so you control the notice. The provider's synthetic-content obligation is technical: your system must embed machine-readable markers in outputs. These are not the same kind of task.
One important boundary: Article 50(1) does not apply where the AI system is authorised by law for law enforcement, criminal investigation, or related purposes, nor where the AI interaction is obvious from context (e.g., a clearly branded virtual assistant in a consumer app that no reasonable person would mistake for a human). The law-enforcement carve-out is narrow; the "obvious from context" exception is fact-specific and should not be stretched.
Scenario 1: Chatbot and Conversational AI (Article 50(1))
Who must disclose: The deployer — the organisation using the chatbot or virtual assistant in a professional context.
When: Before or at the very first message exchange — not after the person has already engaged.
Example notice wording
Minimal disclosure (suitable for prominent placement):
You are chatting with an AI assistant. This conversation is not handled by a human.
Extended disclosure (for regulated sectors or where users may be vulnerable):
This is an automated AI assistant. You are not speaking with a human. The responses you receive are generated by an AI system and may not reflect individual professional advice. If you need to speak with a person, [contact link / phone number].
In-context label (for chat interfaces, displayed persistently in the UI):
AI assistant · Not a human
Notes on implementation
The disclosure must be clear and distinguishable — a label in 8pt grey text that disappears after two seconds does not meet the standard. Persistent UI indicators (a badge, a system-message at conversation open, a header label) are defensible. Pure pre-conversation terms-of-service placement is not.
If your chatbot can escalate to a human agent mid-conversation, the transition in both directions requires its own disclosure: tell the user when they move from AI to human and vice versa. Article 50(1) covers the AI interaction; Article 50(5) requires ongoing accessibility of that fact.
Scenario 2: AI-Generated Synthetic Content (Article 50(2))
Who must disclose: The provider of the AI system, who must ensure outputs carry a machine-readable mark.
When: Built into every output at generation time. The deployer then has its own obligation to ensure the mark remains intact and that a human-readable disclosure is accessible.
What machine-readable marking means in practice
The Act requires marking in a "machine-readable format." Accepted approaches include:
- C2PA (Coalition for Content Provenance and Authenticity) content credentials — a cryptographic manifest attached to an image, audio, or video file that declares AI generation and the tool used.
- Watermarking embedded in synthetic audio or video that survives typical compression and reformatting.
- Metadata tags (e.g.,
<iptc:DigitalSourceType>trainedAlgorithmicMedia</iptc:DigitalSourceType>in image metadata) — note these are easily stripped, so a more durable method is preferable.
The technical standard for machine-readable marking is still evolving. The EU AI Office is expected to publish guidelines. C2PA is the most widely adopted framework as of mid-2026.
Example visible disclosure wording (human-readable layer)
For AI-generated images published on a website or platform:
[AI-generated image] This image was created using AI tools and does not depict a real event, person, or location.
For AI-generated audio content:
This audio content was produced using AI voice synthesis. It does not represent a real person's voice or a real recording.
For AI-generated video:
This video contains AI-generated content. The scenes, people, or events depicted are not real.
The text exception
Article 50(2) has a carve-out: the obligation does not apply to AI-generated text that has undergone human editorial review by a natural person who takes editorial responsibility for publication. A newsroom publishing AI-drafted copy that a journalist reads, edits, and approves before publication is not required to label each paragraph as AI-generated. The editorial chain substitutes for the disclosure — but only if genuine review has occurred. A spell-check pass does not qualify.
Scenario 3: Emotion Recognition and Biometric Categorisation (Article 50(3))
Who must disclose: The deployer — the organisation operating the system in which natural persons are exposed to emotion-recognition or biometric-categorisation AI.
When: Before or at the moment the person is exposed to the system.
Critical threshold check before you reach Article 50(3):
Not all emotion-recognition and biometric-categorisation uses are merely limited-risk. Several are prohibited under Article 5:
- Emotion recognition in the workplace or educational institutions = prohibited, Article 5(1)(f). No disclosure notice fixes a prohibition.
- Real-time remote biometric identification in publicly accessible spaces by law enforcement = prohibited except under strict conditions, Article 5(1)(h).
- Biometric categorisation based on sensitive attributes (race, political opinions, religion, sexual orientation) = prohibited, Article 5(1)(g).
Article 50(3) applies only where the use is permitted. Confirm the use is lawful before drafting the notice.
Example notice wording
For a retail environment using emotion-recognition cameras:
We use AI systems in this area that analyse facial expressions to improve customer experience. No individual profiles are stored. [Privacy notice link]
For a workplace access system using biometric categorisation:
This building uses an AI-based biometric access system to identify and categorise persons for entry authorisation. You will be notified before the system processes your biometric data. For more information, see our [privacy notice / data protection contact].
For a wellness or healthcare app using affect detection:
This app uses AI to analyse facial expressions as part of your wellness assessment. AI analysis is not a medical diagnosis. To disable this feature, [go to Settings > Privacy].
Overlap with GDPR
Biometric data is a special category under GDPR Article 9. Article 50(3) disclosure and GDPR consent or legitimate-basis obligations run in parallel. The GDPR notice and the Article 50 disclosure can be presented together, but the Article 50 requirement to inform is triggered at first exposure — it cannot wait for a later privacy policy review.
Scenario 4a: Deepfakes (Article 50(4) — Manipulated Visual/Audio/Video)
Who must disclose: The person who creates and/or disseminates the deepfake content. In a platform context, the platform operator may also bear obligations.
When: At publication or dissemination — disclosure must accompany the content.
What counts as a deepfake for Article 50(4): AI-generated or AI-manipulated image, audio, or video content that portrays real persons, places, or events in a manner that a person could falsely believe to be authentic.
Example disclosure wording
For a deepfake video published on a website or platform:
This video has been artificially generated or manipulated using AI technology. It does not depict a real event, real speech, or real actions by the individuals shown. [Date of creation / name of creator where appropriate]
For a synthetic audio clip featuring a real person's voice:
This audio recording is AI-generated and does not represent a real statement by [name]. It was created using voice synthesis technology.
For a manipulated image showing a real location:
This image has been significantly altered using AI tools. The scene depicted does not reflect real events.
What "significant manipulation" means
The Act does not define a pixel-level threshold. The test is whether a person could reasonably mistake the content for genuine. Minor retouching (blemish removal, colour correction) is not in scope. Putting real words in a real politician's mouth, making a person appear to be somewhere they were not, or creating a realistic video of an event that did not happen — these are in scope.
Scenario 4b: AI-Generated Text on Matters of Public Interest (Article 50(4))
Who must disclose: Operators of online platforms that generate or disseminate AI-generated text on matters of public interest.
When: At the point of publication — the disclosure must accompany the text.
The editorial exception: If the AI-generated text has been reviewed by a natural person who takes editorial responsibility for its publication, the disclosure is not required. This mirrors the Scenario 2 exception. The review must be substantive — reading and approving the content, not merely checking formatting.
Example disclosure wording
For an AI-generated news summary or political commentary published without human review:
This article was generated by an AI system without individual human editorial review. It covers a matter of public interest. For editorial standards, see [link].
For a platform that generates automated summaries of public proceedings:
The following summary was produced by an automated AI system from publicly available records. It has not been reviewed by a journalist. Verify facts from primary sources before relying on this content.
Timing and Accessibility Rules (Article 50(5))
Article 50(5) sets two requirements that apply across all scenarios:
- Timing: Disclosures must be made at the latest at the moment of first interaction or first exposure. You cannot notify after the fact.
- Accessibility: Disclosures must be made in a clear manner that is accessible to the persons concerned.
What this means for implementation:
- For chatbots: a system message or persistent UI label displayed before the first user input.
- For synthetic content: a visible label attached to or displayed immediately adjacent to the content, plus machine-readable marking.
- For emotion-recognition systems: a notice at the physical entrance to the space, on-screen before the session starts, or via a direct notification.
- For deepfakes or AI text: a disclosure integrated into the content itself — headline, caption, or prominent note — not hidden in a page footer.
A disclosure that is technically present but practically invisible does not satisfy Article 50(5). Regulators will assess whether an ordinary person in that context would have seen and understood the disclosure.
Penalties for Non-Compliance
Article 50 transparency violations sit in the €15,000,000 or 3% of worldwide annual turnover tier under Article 99(4) — whichever is higher. For companies below a certain size, Article 99(6) caps the fine at the lower of the percentage or the fixed amount, which gives smaller organisations a proportionality protection worth noting.
These fines are not hypothetical. National market surveillance authorities gain enforcement powers on 2 August 2026, the same day Article 50 applies.
How Confir Helps
Confir's AIRC assessment (Risk Classification and Compliance, covering Articles 5, 6, 43, and 50) flags which of your registered AI systems trigger one or more of the Article 50 scenarios. The rule-based scoping engine — deterministic, not AI-generated — applies the Article 50 criteria to the system's intake answers and surfaces the relevant obligation: chatbot disclosure, synthetic-content marking, emotion-recognition notice, or deepfake labelling.
For systems that sit at the prohibited/limited-risk boundary (workplace emotion recognition, biometric categorisation using sensitive attributes), Confir's classification logic raises an Article 5 flag before you reach Article 50 — preventing the category error of drafting a disclosure for something that is banned outright.
The AITO assessment module (Transparency and Human Oversight, covering Articles 13, 14, 27, and 50) then tracks your disclosure implementation against the Article 50(5) timing and accessibility requirements as part of the overall compliance picture.
Start free at confir.eu — no consultant needed.
Frequently Asked Questions
Does Article 50 apply to my internal chatbot?
Article 50(1) targets AI systems that interact with "natural persons" — that wording covers employees as well as customers. If your internal helpdesk chatbot handles HR queries, legal questions, or any interaction where an employee might not realise they are talking to an AI, the disclosure obligation applies. The obligation falls on you as the deployer.
My AI tool generates text for our marketing team to edit before publishing. Do we need to label the output?
If a human reads, substantively edits, and takes editorial responsibility for the text before publication, the Article 50(2) exception applies and no label is required. If the edits are cosmetic and the AI output is published largely unchanged, the exception does not apply and you need the disclosure. Keep a record of your editorial process to demonstrate the exception applies.
We use a third-party image-generation API in our product. Are we responsible for the machine-readable marking?
The provider of the image-generation API bears the primary obligation to ensure outputs are marked under Article 50(2). As the deployer, check that the API you use actually provides C2PA credentials or equivalent marking. If it does not, you may need to implement marking yourself as a safeguard — and you should raise it contractually with the provider. A broken technical chain is not a defence.
When exactly is "first interaction" for a chatbot embedded in our app?
The safest interpretation is: before the user types their first message. A system message at session open, or a persistent "AI assistant" label, satisfies this. A disclosure triggered only after the user has asked their first question is late — they have already interacted.
Can we combine the Article 50 notice with our cookie banner or privacy notice?
Combining them is not prohibited, but Article 50(5)'s accessibility requirement means the disclosure must be equally visible and timed correctly. A cookie banner that appears at page load and is dismissed before the chatbot opens is not a valid substitute for a disclosure at the chatbot interface itself. The safest approach: a dedicated disclosure at the point of interaction, cross-referencing your broader privacy notice for detail.
Related guides
- EU AI Act Article 50
- Article 50 Transparency Notice: Build-It Guide
- EU AI Act Article 13
- EU AI Act Provider vs Deployer: Key
- EU AI Act Deployer Obligations: What Article
- EU AI Act Article 26
- Open-Source AI Model Exemptions Under the EU
- Importer & Distributor Obligations Under the EU
Manage your EU AI Act compliance in one place
Confir automates risk classification, technical documentation, and audit trails for any company. No consultants. No 6-month projects. 7-day free trial.
Start free trial →