EU AI Act for Marketing and Adtech

Probably not high-risk. Targeting, personalisation, programmatic bidding, generative creative and marketing chatbots are not listed in Annex III of Regulation (EU) 2024/1689 — the EU AI Act — and they are not, by default, prohibited under Article 5. So the full high-risk regime under Articles 9–17, 43 and 49 — risk management, data governance, technical documentation, conformity assessment — does not attach to the ordinary marketing stack. The marketer's real exposure is concentrated in four narrow surfaces: Article 5 manipulation and vulnerability exploitation, Article 50 transparency, the GDPR profiling overlap, and GPAI duties that arise when you build on a foundation model.

This guide classifies each system and handles the few duties that genuinely apply, rather than over-engineering a high-risk programme across a martech estate that does not need one. Start with how limited-risk classification works, because most of your estate lands there.

---

Marketing and Adtech AI Is Mostly Not High-Risk — Start There

The expensive mistake is treating the whole estate as either out of scope or uniformly high-risk. Neither holds. The EU AI Act classifies a system by what it does, and most marketing functions are not listed.

Why Annex III Decides It — Article 6(2)

Article 6(2) makes a system high-risk only where it falls within an Annex III use case. Ordinary marketing and adtech use cases do not appear there. Look at what Annex III actually covers: Annex III point 2 is AI safety components in the management and operation of critical infrastructure — the supply of water, gas, heating, electricity and road traffic. Annex III point 4 is employment — recruitment and selection at point 4(a), in-employment decisions at point 4(b). Behavioural targeting and ad personalisation are neither; they sit outside Annex III, and are not high-risk on that basis.

The Four Surfaces That Do Matter

The marketer's exposure is concentrated in four surfaces, and only four: Article 5 prohibited practices, where a campaign becomes manipulative or exploits vulnerable people; Article 50 transparency, for chatbots and AI-generated content; the GDPR profiling overlap, which governs targeting regardless of the AI Act tier; and GPAI duties under Articles 51–55 when you build on a foundation model. The task is to inventory each system, classify it under Articles 5 and 6, and handle the handful of real duties — not to build a conformity-assessment programme around a recommendation model that never needed one. Tier follows function, not headcount.

---

Where Adtech Hits the EUR 35M Tier: Article 5 Manipulation and Vulnerability

This is the only place the discipline touches the top penalty tier — everything else in this guide is transparency or parallel regulation. Article 5 is where a campaign can stop being lawful at all.

Subliminal and Manipulative Techniques — Article 5(1)(a)

Article 5(1)(a) prohibits AI that deploys subliminal techniques beyond a person's consciousness, or purposefully manipulative or deceptive techniques, that materially distort behaviour by impairing informed decision-making and cause — or are reasonably likely to cause — significant harm. This is not aimed at ordinary advertising; it targets engineered distortion of a person's choices that does real damage.

Exploiting Vulnerability — Article 5(1)(b)

Article 5(1)(b) prohibits AI that exploits vulnerabilities due to age, disability, or a specific social or economic situation to materially distort behaviour in a way that causes or is reasonably likely to cause significant harm. For marketing this is the sharper edge. It reaches dark-pattern personalisation engineered to override judgement, predatory targeting of users in financial distress or elderly audiences, and exploitative gamified persuasion that pushes a vulnerable cohort toward harmful spending.

Drawing the Practical Line

Lawful persuasion and ordinary personalisation are not prohibited. The threshold is material behavioural distortion plus significant harm — both limbs, not one. A persuasive ad, an urgency banner, a personalised offer: none crosses the line on its own. What risks crossing it is a system that detects a user's financial desperation and times high-cost offers to exploit it. Most marketing stays the right side; name the patterns that do not, and review them.

The Live Exposure and the Top Fine

Article 5 prohibitions have applied since 2 February 2025 — not deferred by the Digital Omnibus. Breaches sit in the top penalty tier under Article 99(3): up to EUR 35,000,000 or 7% of total worldwide annual turnover, whichever is higher. A new CSAM/"nudifier" prohibition joins the list from 2 December 2026. Read the Article 5 prohibitions already in force for the full set.

---

Article 50 Transparency: Chatbots, Deepfakes and the 2 December 2026 Marking Date

If Article 5 is the rare red flag, Article 50 is the recurring duty — the one AI Act obligation that touches a normal marketing estate again and again, with a fixed calendar deadline to plan for.

Tell People They Are Talking to a Bot — Article 50(1)

Article 50(1) requires a deployer of an AI system that interacts with natural persons — a marketing or sales chatbot — to inform people they are dealing with an AI system, unless that is obvious to a reasonably well-informed, observant and circumspect person. The disclosure must be clear and given at the point of interaction: a short in-widget label at the start of the conversation is the safe pattern, while burying it in the terms of service is unlikely to satisfy the requirement. No technical-documentation or conformity-assessment duty attaches.

Mark Synthetic Content — Article 50(2) and 50(4)

Article 50(2) requires providers of generative AI systems to mark synthetic image, audio, video and text outputs in a machine-readable format detectable as artificially generated or manipulated. Article 50(4) requires deployers who generate or manipulate deepfake content — or who publish AI-generated text to inform the public on matters of public interest — to disclose that it is artificial. For a marketing team, the 50(4) deployer disclosure is the operative duty for published synthetic spokespeople, deepfake-style ads or AI-written copy.

The Critical Date

Most Article 50 transparency duties apply from 2 August 2026. But the content-marking and watermarking obligations land on 2 December 2026 — a fixed calendar date, the operative deadline for AI-generated marketing creative, synthetic spokespeople and deepfake-style ads. Plan creative so marking and disclosure are in place by then.

Carve-Outs Creative Teams Should Know

Artistic, creative, satirical or fictional work still requires deepfake disclosure, but in a manner that does not hamper the display or enjoyment of the work — a credit line rather than a banner that ruins the piece. The exemption is about proportionate presentation, not a pass to skip disclosure. See Article 50 transparency obligations and deepfake and AI-content labelling for detail.

---

The GDPR Overlap: Profiling, Targeting and Automated Decisions

The AI Act does not displace the GDPR. For marketers the GDPR is usually the heavier, already-in-force regime, and minimal-risk status switches off none of it.

Targeting Is Profiling — GDPR Article 4(4)

Behavioural targeting and personalisation are profiling within GDPR Article 4(4): automated processing to evaluate personal aspects, including to analyse or predict preferences and behaviour. Profiling needs a lawful basis, transparency, and — where it relies on tracking technologies — consent under ePrivacy. None of that turns on the AI Act tier.

Automated Decisions — GDPR Article 22

GDPR Article 22 governs solely automated decisions producing legal or similarly significant effects on a person. In marketing this bites where personalised pricing, credit-style ad eligibility or automated exclusion from an audience materially affects an individual, giving them rights to human intervention and to contest the decision.

Parallel Checks, Not Substitutes

Article 5 of the AI Act overlaps with, but is distinct from, GDPR fairness and ePrivacy consent. A campaign can be fully GDPR-compliant — valid consent, clear notice — and still breach Article 5 if it manipulates or exploits; the reverse is also true. Treat them as parallel checks that both have to pass. Inferring special-category data — health, sexual orientation, religious belief — to target ads raises GDPR Article 9, which generally prohibits such processing; where the inference is biometric, it can also raise Article 5(1)(g) of the AI Act, which prohibits biometric categorisation to deduce sensitive attributes.

---

Building on Foundation Models: GPAI Duties in the Marketing Stack

When a marketing team builds generative tooling on a general-purpose AI model, the GPAI obligations in Articles 51–55 come into view — in force since 2 August 2025. The question is who carries them.

Provider Versus Downstream Deployer

The foundation-model provider typically carries the GPAI provider duties — technical documentation, a training-data summary and a copyright policy under Articles 53–55. A marketing team that merely uses the model through an API is normally a downstream deployer, and does not inherit those obligations.

The Triggers That Shift Responsibility — Article 25(1)

That split is not permanent. Under Article 25(1), putting your own name or trademark on a system, substantially modifying it (including fine-tuning a model), or using it for a purpose outside the provider's intended use can convert a deployer into the provider of the AI system. Treat any move from consuming a model to customising it as a trigger to reassess.

Keep the Scope Honest

GPAI provider compliance is a specialist, partial area — at Confir it stays on the roadmap rather than being marketed as complete. If you access a model via API for creative, you are almost certainly a deployer, not a provider.

---

Worked Example: A Mid-Sized Performance Agency Classifies Its Stack

Consider Meridian Reach, a 140-person EU performance-marketing agency running programmatic targeting across client accounts, a generative-creative studio that produces ad imagery and copy, a sales chatbot on client landing pages, and dynamic landing-page personalisation — around twelve distinct AI systems. Here is how each lands.

Walking Each System to a Tier

Programmatic and behavioural targeting is minimal-to-limited risk; not in Annex III, so GDPR profiling rules govern it. The generative-creative studio is limited-risk: Article 50(2) marking applies to its synthetic output from 2 December 2026, and Article 50(4) disclosure to published deepfake-style or synthetic-spokesperson creative. The sales chatbot is limited-risk and carries the Article 50(1) disclosure. The one item that stops the review is a retargeting flow that detects users in financial distress and times high-cost offers at them — an Article 5(1)(b) vulnerability-exploitation red flag. Halt and review before it runs.

Role Analysis

Meridian is a deployer of third-party adtech platforms and a deployer of a foundation model accessed via API — not a GPAI provider. That holds unless it fine-tunes the model or rebrands it as its own, either of which triggers an Article 25(1) reassessment.

The Practical Outcome

Of the roughly twelve systems, none are Annex III high-risk. The live duties are two Article 50 disclosures (chatbot and synthetic creative), the 2 December 2026 content-marking work, an Article 5 review of the one financial-distress retargeting campaign, and ongoing GDPR profiling controls. Article 4 AI literacy applies to staff operating these tools, in force since 2 February 2025. That is the entire AI Act workload for the agency — far from a high-risk conformity programme.

---

The Marketing and Adtech Use-Case-to-Risk Map

The table below collapses the guide into one view: find your system, read its likely tier, then the obligation and Article that follow.

The only prohibited row is the manipulation/vulnerability one, and the only recurring AI Act duty across the estate is Article 50 transparency. Everything else is GDPR.

The Penalty Tiers Inline

Article 5 breaches sit at the top: up to EUR 35,000,000 or 7% of total worldwide annual turnover, whichever is higher, under Article 99(3). Most other obligation breaches — including transparency duties — are up to EUR 15,000,000 or 3% under Article 99(4). Supplying incorrect, incomplete or misleading information to authorities is up to EUR 7,500,000 or 1% under Article 99(5). For SMEs and start-ups, Article 99(6) caps the fine at the lower of the two.

---

Deadlines and How Confir Helps

The Deadlines That Apply to Marketers

Several already bite. Article 5 prohibitions and Article 4 AI literacy have been in force since 2 February 2025; GPAI duties under Articles 51–55 since 2 August 2025. Most Article 50 transparency duties apply from 2 August 2026, with content-marking, watermarking and the new CSAM/"nudifier" prohibition from 2 December 2026.

Stand-alone high-risk Annex III obligations under Article 6(2) legally still read 2 August 2026 in the enacted statute. The Digital Omnibus reached provisional political agreement on 6–7 May 2026 (COREPER confirmed the text around 13 May 2026) to defer them to 2 December 2027, but as of June 2026 it is not yet law — it still needs a European Parliament plenary vote, formal Council adoption, and publication in the Official Journal. The deferral is to fixed calendar dates; the standards-contingent "stop the clock" variant was rejected. Plan against 2 August 2026 until it is enacted — though for marketing this is largely moot, since the estate is rarely Annex III in the first place.

What Confir Does

Confir classifies each marketing and adtech system under Article 5 and Article 6 from a plain-English intake, separating the minimal- and limited-risk tooling — targeting, personalisation, generative creative — from any Article 5 red flag, and flagging the Article 50 disclosure duties and the 2 December 2026 marking deadline.

The engine is deterministic and rule-based: no model inference, no hallucination. The same intake answers produce the same documented finding, with the rule that fired shown, so every classification is reproducible and audit-defensible rather than advisory. GPAI provider compliance remains a partial, roadmap area.

---

Frequently asked questions

Is marketing and adtech AI high-risk under the EU AI Act?

Mostly no. Targeting, personalisation, programmatic bidding, generative creative and marketing chatbots are not listed in Annex III, so under Article 6(2) they are not high-risk and the conformity-assessment regime does not apply. The real exposure for marketers is narrower: Article 5 if a campaign becomes manipulative or exploits vulnerable people, and Article 50 transparency for chatbots and AI-generated content. GDPR profiling rules apply throughout regardless of the AI Act tier, and are often the heavier obligation in practice.

Can an advertising campaign be a prohibited AI practice under Article 5?

Yes, in narrow cases. Article 5(1)(a) prohibits AI using subliminal, purposefully manipulative or deceptive techniques that materially distort behaviour and cause significant harm. Article 5(1)(b) prohibits exploiting vulnerabilities of age, disability or a specific social or economic situation. Dark-pattern personalisation or predatory targeting of financially distressed users can cross this line. Ordinary persuasion and personalisation do not. Article 5 has applied since 2 February 2025 and breaches carry the top fine tier: up to EUR 35,000,000 or 7% of worldwide turnover under Article 99(3).

Do I have to tell users they are talking to a marketing chatbot?

Yes, in almost all cases. Article 50(1) requires a deployer to inform people they are interacting with an AI system, unless that is obvious to a reasonably well-informed, observant and circumspect person. For a marketing or sales chatbot the disclosure must be clear and given at the point of interaction — a short in-widget label at the start of the conversation is the safe pattern. Burying it in the terms of service is unlikely to satisfy the requirement. There is no technical documentation or conformity-assessment duty attached.

When do I have to label AI-generated marketing content?

The content-marking and watermarking obligations apply from 2 December 2026, a fixed calendar date, while most other Article 50 transparency duties apply from 2 August 2026. Under Article 50(2), providers of generative systems must mark synthetic image, audio, video and text in a machine-readable format. Under Article 50(4), deployers must disclose deepfake content and AI-generated text published to inform the public. Plan generative creative, synthetic spokespeople and AI-written copy so that marking and disclosure are in place by 2 December 2026.

How does the EU AI Act interact with GDPR for ad targeting?

They run in parallel and the AI Act does not displace the GDPR. Behavioural targeting and personalisation are profiling under GDPR Article 4(4) and need a lawful basis, transparency and often consent; GDPR Article 22 governs solely automated decisions with legal or similarly significant effects. Minimal-risk status under the AI Act switches off no GDPR obligation. A campaign can satisfy GDPR yet still breach Article 5 manipulation rules, and inferring special-category data for targeting raises both GDPR Article 9 and potential AI Act exposure.

If we build marketing tools on a foundation model, do GPAI rules apply to us?

Usually you are a downstream deployer, not the GPAI provider. The general-purpose AI obligations in Articles 51–55, in force since 2 August 2025, sit primarily with the foundation-model provider. A marketing team accessing a model through an API normally carries deployer duties, not provider duties. However, fine-tuning or substantially modifying a model — or putting your own brand on the resulting system under Article 25(1) — can shift provider-style responsibility, so reassess your role whenever you customise rather than simply consume a model.

Which EU AI Act deadlines apply to marketers right now?

Several already apply. Article 5 prohibitions and Article 4 AI literacy have been in force since 2 February 2025, and GPAI obligations under Articles 51–55 since 2 August 2025. Most Article 50 transparency duties apply from 2 August 2026, with content-marking and watermarking from 2 December 2026. Stand-alone high-risk Annex III obligations legally still read 2 August 2026; a proposed deferral to 2 December 2027 was agreed in May 2026 but is not yet law as of June 2026 — though it rarely affects marketing, which is seldom Annex III.

---

Related guides

• Article 5 prohibited practices
• Article 50 transparency obligations
• Deepfake and AI-content labelling
• How limited-risk classification works
• AI recommendation engines and the AI Act
• Retail and e-commerce AI compliance