What Article 50 is for
Most of the EU AI Act sorts systems by how dangerous they are. Article 50 does something different: it applies whatever the risk tier, and its concern is honesty. The worry it addresses is a person being fooled, thinking they are talking to a human when they are talking to a bot, or taking a video at face value when it was generated. So it reaches systems that interact directly with people, AI that produces or alters text, audio, image, or video, and pointed cases like emotion recognition and biometric categorization. Whatever the surface, the obligation underneath is the same one: disclosure. People are entitled to know when AI is in the room.
The duties it actually imposes
The obligations are specific, and they split by who you are in the chain. Build a system that talks to people, and you have to make sure those people are told it is an AI, unless that is obvious from context. Build a generative system, and its output has to be marked in a machine-readable way so it can be detected as artificial. Use AI yourself to make a deep fake, or to generate published text on a matter of public interest, and you have to disclose that the content is synthetic. Run emotion recognition or biometric categorization on people, and you have to tell them. The trap most teams fall into is assuming one party carries all of this; in practice the duty lands on providers and deployers in different places, and reading it wrong leaves a gap.
The timing, after the Digital Omnibus
Dates are the live question right now. The Commission's Digital Omnibus package, published in late 2025, proposed changes to parts of the EU AI Act timeline, and that has left a lot of teams unsure what still applies when. The working reading is that Article 50's transparency obligations are still expected to land around August 2026, while the heavier high-risk obligations under Annex III have been floated for deferral to a later date, with the synthetic content marking detail tied to its own milestone. Treat every one of those dates as provisional until the final text is adopted, because a proposal moving through the legislative process can still shift. The planning assumption that survives whatever changes is straightforward: transparency bites early, ahead of the high-risk regime.
What it turns into operationally
Strip it down and Article 50 becomes a short list of concrete jobs: tell users when they are speaking to an AI, label AI-generated media so it can be detected, disclose synthetic content where the article demands it. None of those is hard in isolation. The difficulty is consistency, doing them the same way across dozens of applications and teams without one quietly slipping through. That is a delivery problem, not a legal one. The teams that handle it well decide where in each system disclosure has to happen, make it a standard step in how AI ships rather than a thing each squad remembers, and keep a record that it happened so they can show it to an auditor instead of asserting it. Handle transparency as part of the build and it stops riding on anyone's memory.
How to get ready
Begin with a map: which of your systems talk to people, which generate content, which touch emotion recognition or biometric categorization. For each, work out where disclosure or marking has to sit and who owns it, provider or deployer, because that assignment is where compliance usually breaks. Build the disclosure into the system before launch rather than retrofitting it under pressure, and keep the evidence, since the same record that proves you did it is what an auditor will ask for. Then watch the final Omnibus text for confirmed dates and prepare on the basis that the transparency duties are among the first to arrive.
Frequently asked questions
Does Article 50 bind providers or deployers?
Both, depending on the case. Providers build in disclosure and mark synthetic output. Deployers disclose deep fakes and certain public-interest generated text, and inform people subject to emotion recognition or biometric categorization.
When do these obligations apply?
On the working reading they are expected to apply around August 2026, ahead of the deferred high-risk obligations. The Digital Omnibus changes are still moving through the process, so treat the date as provisional and confirm against the final adopted text.
Does it apply even to low-risk AI?
Yes. Article 50 duties hinge on the type of interaction or content, not the risk tier, so a system well outside the high-risk category can still carry disclosure obligations.