EU AI Act · Article 50 · In force 02.08.2026

Your AI product becomes regulated in 52 days.

From 2 August 2026, the EU AI Act requires every AI-generated image, text, audio and video to carry machine-readable markings — and the obligation falls on the product that ships the output. Yes, even if you only call the OpenAI API. Find your Article 50 compliance gaps in 2 minutes, before a regulator or an enterprise customer finds them for you.

Run the free exposure scan Why this affects you
Free · No signup to see your results · Based on the European Commission's draft Guidelines (May 2026)
Days
Hours
Minutes
Seconds
Built on the standards regulators cite
C2PA Content Credentials ISO/IEC 22144 EC Code of Practice on Marking EU AI Act Art. 50 draft Guidelines
The trap

Three ways compliant teams turn out not to be.

We analysed the Commission's draft Guidelines and Code of Practice so you don't have to. These are the three failure modes that catch well-run product teams.

01

"We just use the API" is not a defence.

Under Article 50(2), a product that delivers AI-generated content to users is a provider with its own marking obligations — regardless of whose model sits underneath. The duty ships with your product, not OpenAI's.

02

Your pipeline silently deletes your compliance.

Models like DALL-E embed C2PA credentials at generation time. Then your stack resizes, crops, compresses or re-encodes the file — and strips the credentials out. Most image pipelines do this by default. You can be non-compliant without writing a single bad line of code.

03

The deadline arrives before your roadmap does.

New systems must comply from 2 August 2026; systems already on the market get until 2 December 2026 — for one of four duties only. Penalties reach €15M or 3% of global turnover, with reduced (but still existential) caps for SMEs.

4separate transparency duties under Article 50 — most teams have checked zero of them
€15M / 3%maximum penalty for transparency violations under Article 99
days until Article 50 applies to systems placed on the market
Free tool

The Article 50 Exposure Scan.

Eight questions about your stack. No legal jargon, no signup wall before your score. At the end you'll know which duties apply to you and where your likely gaps are.

exposure-scan · v1.0
For teams that need certainty

The Article 50 Readiness Report.

The scan tells you that you have gaps. The report tells you exactly which ones, how serious, and what your engineers should do about them — mapped line-by-line against the Commission's draft Code of Practice.

Full four-duty gap analysis

Every Article 50 obligation — marking, disclosure, deep-fake labelling, text transparency — assessed against your actual stack.

consultancies quote €3–8k

Pipeline metadata audit

We trace your output pipeline and show precisely where C2PA credentials survive — and where your resize/re-encode steps destroy them.

the gap nobody checks

Prioritised fix list, written for engineers

Not a legal memo. A ranked, technical to-do list your team can start executing the same afternoon.

days of research, done

Delivered in 3 business days

Reviewed by a human, every time. Your gaps, your stack — not a templated PDF.

before the deadline, not after
A compliance consultancy bills €3,000–8,000 for this analysis. Your lawyer bills €300/hour to research it from scratch.
€149 one-time
No subscription. No retainer. One report, total clarity.
The Zero-Gap Guarantee. If we audit your product and find nothing to fix, you pay nothing. Full refund, and you keep the report as proof of diligence.
Every report is human-reviewed — we take a maximum of 10 per week. Current queue: this week.
Questions

Asked by every founder we talk to.

In most cases, yes. Under Article 50(2), the entity that places an AI system on the market under its own name — your product — carries the marking obligation. The Commission's draft Guidelines allow you to rely on marking implemented upstream, but only if it actually survives delivery to your users. If your pipeline post-processes outputs, it usually doesn't.

The draft Code of Practice names three families of techniques: watermarks, metadata identification (C2PA Content Credentials are the example that satisfies all four legal criteria — effective, interoperable, robust, reliable), and cryptographic methods. You can use one or combine several. The wrong answer is "none, we'll add a visible label" — visible labels address a different duty.

At generation time, yes — DALL-E images carry C2PA manifests. But standard resize, crop, compression and re-encode steps strip that metadata before it reaches your users. Text output is a separate, harder problem: there is no C2PA for text, and your obligations still apply. This is exactly the gap our scan checks first.

The obligations apply from that date for new systems; systems already on the market get until 2 December 2026 for the marking duty only. Enforcement will ramp up gradually — but two forces arrive faster than regulators: enterprise customers adding AI Act clauses to procurement, and competitors advertising compliance you can't claim. Diligence documented early is cheap; retrofitted under scrutiny, it isn't.

Up to €15M or 3% of global annual turnover for transparency violations. SMEs benefit from reduced caps under the simplified regime — but a percentage-of-turnover fine at seed stage is still existential. More immediately: non-compliance blocks enterprise deals long before any fine arrives.

No. The scan and the report are technical and informational tooling: they map your stack against published EU guidance and tell you what to fix, in engineering terms. For a legal opinion on your specific obligations, consult qualified counsel — and bring them our report; it will save you billable hours.

Two minutes now, or a very long August.

Free scan. Instant results. The deadline doesn't move because your roadmap is full.

Run the free exposure scan