The EU AI Act’s Article 50: What “Detectability” Means for AI Content in 2026

On May 8, 2026, the European Commission published draft guidelines outlining how AI providers will need to mark their outputs to comply with the upcoming EU AI Act. This isn’t just paperwork; it’s a seismic shift. Take, for example, a generative image tool like DALL-E or Midjourney. Starting in August 2026, these platforms will be required to embed machine-readable markers indicating AI-generated content. The clock is ticking, and companies are racing to meet the May-June 2026 deadline for finalizing their compliance strategies.

• EU AI Act Article 50 page: Contains the full text structure but not detailed implementation guidance. It mentions the AI Office shall encourage codes of practice.
• Code of Practice page (digital-strategy): Contains a detailed timeline, working group structure, and requirements. This is my primary source.
• JD Supra article: Mentions draft guidelines published May 8, 2026.
• Meta’s AI Watermarking Strategy (previous post): Covers Meta’s approach.
• EU AI Act Enforcement 2026 (previous post): Covers broader regulatory context.

Key verified facts from the corpus:

• Code of Practice drafting process: November 2025 to May 2026
• Working Group 1 (providers) and Working Group 2 (deployers)
• First draft published December 17, 2025; second draft March 3, 2026; third round March 2026
• Draft guidelines published May 8, 2026
• Closing plenary May-June 2026
• Providers must mark outputs in machine-readable format
• Deployers must disclose deepfakes and AI-generated public interest text
• Solutions must be “effective, interoperable, solid, and reliable as far as technically feasible”

The August 2026 Enforcement Deadline

The transparency obligations under Article 50 of the EU AI Act take effect in August 2026. The European Commission published its draft guidelines on implementation on May 8, 2026, as reported by JD Supra, followed by a public consultation period. The final Code of Practice on marking and labeling AI-generated content is expected to be published after the closing plenary, which the AI Office’s timeline schedules for May-June 2026.

Provider Obligations and Code of Practice

As we covered in our earlier EU AI Act Enforcement in 2026 analysis, the broader regulatory landscape has seen some softening for high-risk systems, with the European Parliament and Council negotiating deadline extensions for certain categories. The transparency obligations in Article 50, however, remain on schedule. The AI Office’s Code of Practice drafting process has run through its full timeline, with the third draft published on March 3, 2026, as documented in the official Code of Practice page.

The drafting process convened two working groups starting in November 2025: one focused on provider obligations and one on deployer obligations. These groups met through multiple drafting rounds, with workshops and plenary sessions running through May 2026. The technical standards for detectability are being finalized now, not at some distant future date.

What “Detectability” Means Under Article 50

The regulation requires that outputs of AI systems be “marked in machine-readable format and detectable as artificially generated or manipulated,” according to the official text of Article 50. This imposes a technical requirement that goes beyond a simple disclaimer or terms-of-service notice.

According to the EU’s Code of Practice page, employed technical solutions must be “effective, interoperable, solid, and reliable as far as technically feasible.” These solutions must take into account the specificities and limitations of various types of content, costs of implementation, and the generally acknowledged state of the art as reflected in relevant technical standards.

A cryptographic signature embedded in metadata is not enough. The law requires attention to multiple layers. Cryptographic signatures provide provenance tracking and tamper evidence. solid marking techniques, including watermarks embedded in content, provide resilience against common transformations. The Code of Practice explicitly calls for solutions that are interoperable across platforms and reliable in their detection accuracy.

C2PA Signatures Versus In-Pixel Watermarks

The choice between C2PA-only approaches and combined signature-plus-watermark strategies is the central technical question for compliance teams. Each method has different strengths and failure modes.

C2PA (Content Credentials) provides a cryptographically signed metadata bundle that authenticates the content’s origin, creation time, and any edits. It is tamper-evident and can be verified by any tool that implements the C2PA standard. Adobe has integrated C2PA signing into its Firefly generative AI suite and broader Creative Cloud ecosystem. Camera manufacturers including Leica, Sony, Nikon, and Canon have added C2PA signing at the point of capture, creating a verifiable chain of custody from hardware to distribution.

The limitation of C2PA alone: the signature lives in metadata, which can be stripped or lost during operations like screenshotting or re-encoding. A screenshot of a C2PA-signed image carries no provenance information.

In-pixel watermarks embed a signal directly into pixel data. Google’s SynthID, adopted by OpenAI, Nvidia, and Stability AI according to our earlier analysis of Meta’s AI Watermarking Strategy, embeds the watermark during the image generation process itself. This makes it part of the content rather than an attachment, and it can survive recompression and moderate edits.

The Code of Practice requires that technical solutions be “solid and reliable.” A C2PA-only approach that fails when metadata is stripped would not meet this standard. The practical implication is that providers should implement both cryptographic signatures and solid content-level marking, especially for image and video content.

Provider Obligations and Code of Practice

Working Group 1 of the Code of Practice process focused on provider obligations under Article 50(2). According to the AI Office’s Code of Practice page, providers of generative AI systems must ensure that outputs (audio, image, video, text) are marked in machine-readable format and detectable as artificially generated or manipulated.

The Code of Practice drafts specify that marking solutions must be:

• Effective: The detection method must reliably identify AI-generated content.
• Interoperable: The marking must work across platforms, tools, and jurisdictions. C2PA and IPTC standards are referenced as baseline interoperability standards in the Code of Practice process.
• solid: The marking must survive typical content transformations including compression, resizing, and format conversion.
• Reliable: False positive rates must be minimized to avoid incorrectly flagging human-created content.

The Code of Practice is a voluntary tool. According to the AI Office, if approved by the Commission, the final code will are a voluntary instrument for providers and deployers of generative AI systems to show compliance with their respective obligations under Article 50(2) and (4). Companies that follow the Code can reasonably expect to pass regulatory scrutiny. Companies that deviate need to document why their alternative approach meets the same standard.

For text content, requirements differ from those for images and video. Text does not have pixels to watermark, so the primary mechanism is signed metadata coupled with visible disclosure. The Code of Practice acknowledges that text marking is less mature than image marking and calls for continued technical development.

Deployer Obligations: Deepfakes and Public Interest Text

Working Group 2 addressed deployer obligations under Article 50(4). Deployers must disclose:

• Deepfakes: Content that is artificially generated or manipulated, constituting a deepfake (image, audio, or video which resembles existing persons, objects, places, entities or events and would falsely appear to be authentic or truthful) must be labeled as artificially generated or manipulated.
• AI-generated public interest text: Text publications informing the public on matters of public interest must be disclosed as AI-generated, unless the publication has undergone a process of human review and is subject to editorial responsibility.

The deepfake requirement is significant for social media platforms. Starting in August 2026, platforms operating in the EU must detect and label deepfake content that users upload, not just content generated by their own AI tools. This shifts responsibility onto deployers who distribute AI-generated content originating from third parties.

Visible Labeling Requirements

Article 50 also requires visible disclosure to end users. The label should be clearly legible and prominently placed on the content itself, not just in a separate disclosure page or terms of service. For video content, the label should appear in the player UI. For audio content, a verbal or text disclosure at the beginning of the recording is expected.

Meta’s approach provides a useful reference. As detailed in our earlier analysis of Meta’s 2024 AI Watermarking Strategy, Meta applies visible “Imagined with AI” labels on AI-generated images across Facebook, Instagram, and Threads. This is combined with invisible watermarks and C2PA metadata, creating a layered transparency framework that aligns with the EU’s expectations.

The Code of Practice’s working groups have considered cross-cutting issues including horizontal requirements for information to be provided to natural persons under Article 50(5). The goal is to ensure that labeling is consistent and meaningful across different platforms and content types.

Major Provider Approaches

Each major provider has taken a different path, and the differences reveal important strategic trade-offs.

OpenAI signs outputs with C2PA Content Credentials, embedding cryptographic signatures in metadata for DALL-E and Sora outputs. OpenAI has also adopted SynthID-style watermarking for image outputs, adding in-pixel robustness alongside the metadata signature, as reported in coverage of SynthID adoption.

Google embeds SynthID watermarks directly into images generated by Imagen, Veo, and Lyria. The watermark is added during generation and is detectable via Google’s API, Chrome, Search, and Android tools. Users can right-click an image in Google Search and select an option to check for SynthID signals. Google’s approach prioritizes robustness at the pixel level.

Adobe has integrated C2PA signing into its Firefly generative AI suite. Adobe’s approach emphasizes chain of custody: every edit is recorded in Content Credentials, creating a verifiable history from creation through all modifications. This is particularly relevant for professional content workflows.

Meta uses a layered approach combining visible labels, invisible watermarks, and C2PA metadata. Meta’s watermarking is applied as post-processing rather than during generation. Meta has also published open-source watermarking research, including Stable Signature, which embeds signatures during the generation process to improve durability.

Minimum Implementation Baseline

For a product that generates images, video, or text and operates in the EU market, an implementation that aligns with Article 50 expectations includes:

For image generation:

• Embed cryptographic signatures in output metadata (following C2PA or equivalent standards).
• Apply an invisible, solid watermark to pixel data where technically feasible.
• Display a visible label on the content in all UI surfaces indicating AI generation.
• Ensure detection tools can verify both signature and watermark presence.

For video generation:

• Same as images, with the additional requirement that marking must be frame-accurate and survive re-encoding.
• A visible label must appear in the video player UI.
• For deepfake detection, deployers need processes to identify and label AI-generated video content uploaded by users.

For text generation:

• Attach signed metadata to text output where technically feasible.
• Display visible disclosure in the UI indicating AI generation.
• For public interest text, document the human review process if claiming the editorial exception under Article 50(4).

The AI Office’s draft guidelines make clear that compliance is assessed on outcomes. If a watermark can be removed with a simple filter, or if a signature is routinely stripped by downstream platforms, the solution does not meet the standard of being “effective, interoperable, solid, and reliable.”

Key Takeaways

• Article 50 is enforceable from August 2026, with draft guidelines published May 8, 2026 and the Code of Practice finalizing around May-June 2026.
• Detectability requires attention to multiple layers: cryptographic signatures, content-level marking, and visible UI labels.
• Cryptographic signatures (C2PA) provide provenance tracking but can be stripped with metadata; in-pixel watermarks offer resilience against common transformations.
• Provider obligations cover signing AI outputs; deployer obligations cover detecting and labeling deepfakes and AI-generated public interest text.
• Major providers (OpenAI, Google, Adobe, Meta) all implement multi-layered approaches, setting an industry baseline.
• The Code of Practice is a voluntary tool but represents the AI Office’s interpretation of effective compliance.

Sources and References

This article was researched using a combination of primary and supplementary sources:

Supplementary References

These sources provide additional context, definitions, and background information to help clarify concepts mentioned in the primary source.

• The European Commission issues draft guidelines on the transparency requirements under the AI Act
• Article 50: Transparency Obligations for Providers and Deployers of Certain AI Systems | EU Artificial Intelligence Act
• Draft of the guidelines on the implementation of the transparency …
• AI-Generated UGC Regulations & FTC Disclosure Compliance: Guide Released
• Code of Practice on marking and labelling of AI-generated content | Shaping Europe’s digital future
• Vision Compliance Releases 2026 EU AI Act Readiness Report, Finds 78% of Enterprises Unprepared for Obligations