The European Commission has published the final Code of Practice on marking and labelling AI-generated content.
The Code is voluntary. Article 50 of the EU AI Act is not.
That distinction is the whole story. The Code does not create a new legal duty, and it does not replace the AI Act or the Commission's forthcoming Article 50 guidelines. But it gives providers and deployers of generative AI systems a practical framework for showing how they plan to meet transparency obligations that start applying on August 2, 2026.
For companies, this is not just a question of adding a watermark. It is a governance project involving content provenance, machine-readable marking, deepfake labels, public-interest text, user notices, human review, editorial responsibility, and evidence of compliance.
For broader AI law tracking context, see Clearon's Laws, Bills & Regulations page.
What The Code Covers
The Code has two main sections.
Section 1 is for providers of generative AI systems. It addresses marking and detection of AI-generated or manipulated audio, image, video, and text content. The Commission's materials describe the focus as machine-readable solutions that are effective, interoperable, robust, and reliable as far as technically feasible.
Section 2 is for deployers of generative AI systems. It addresses labelling of deepfakes and AI-generated or AI-manipulated text published for the purpose of informing the public on matters of public interest.
The EU has also published optional icons that deployers may use for AI-generated-content labels.
That provider/deployer split matters. Some organizations will sit on both sides. A company that offers a generative AI system may have provider obligations. The same company may also be a deployer when it uses generative AI to publish or distribute content.
What Starts On August 2, 2026
The Commission says Article 50 transparency obligations for providers and deployers in scope will apply from August 2, 2026. AI systems placed on the market before that date get a transitional period until December 2, 2026.
From August 2, key obligations include clear labelling in certain cases. Deepfakes and AI-generated or AI-manipulated text published on matters of public interest must be clearly labelled. Users must also be informed when they are interacting with an interactive AI system, such as a chatbot.
Those requirements are broader than a technical watermarking problem. They require companies to know what content they generate, where it travels, who publishes it, whether the publication is about a matter of public interest, and whether human review or editorial responsibility changes the compliance analysis.
Why A Voluntary Code Still Matters
The Code is voluntary, but signing it can matter.
The Commission says that, after a positive adequacy assessment by the Commission and the AI Board, providers and deployers that sign the Code can rely on its measures to demonstrate compliance with the AI Act's transparency rules for labelling and detection of AI-generated content, deepfakes, and certain text publications.
By contrast, companies that comply through other means will have to show that their measures are adequate. Those alternative measures may be assessed individually by different market surveillance authorities.
That creates a practical choice. Signing the Code may offer predictability and a common EU-wide evidence path. Not signing may preserve flexibility, but companies will need their own substantiated compliance record.
Either way, the work has to be done.
What Remains Pending
The Code is not the last word.
The Commission says the Code is undergoing adequacy assessment by the Commission and the AI Board. It will also be complemented by Commission guidelines on the scope and implementation of Article 50.
Those guidelines are expected ahead of August 2, 2026. The Commission says they will clarify which providers, deployers, and AI systems are covered; what types of AI-generated or manipulated content fall within scope; how the obligations should be applied in practice; and how compliance may be demonstrated, including through a Code deemed adequate by the Commission and the AI Board.
That means companies should not treat the Code as a final standalone compliance manual. They should treat it as the first concrete implementation framework and then reconcile it with the final guidelines when they are published.
The Compliance Workstream
Companies should start with an inventory.
For providers, the inventory should identify which systems generate audio, image, video, or text outputs; what marking or detection methods are already used; whether those methods are machine-readable; and whether they are effective, interoperable, robust, and reliable enough to defend.
For deployers, the inventory should identify where the organization publishes or distributes AI-generated or AI-manipulated content, including marketing content, public reports, news-like content, social posts, synthetic audio or video, and content that may qualify as public-interest text.
The harder questions are operational:
- Who decides whether content is a deepfake?
- Who decides whether text informs the public on a matter of public interest?
- What counts as sufficient human review?
- What records show that editorial responsibility exists?
- Where should labels, disclaimers, or icons appear?
- How will labels survive syndication, reposting, formatting changes, or downstream distribution?
- How will product, legal, trust and safety, marketing, and publishing teams coordinate?
Those questions should not wait until August 2026.
What Companies Should Do Now
A practical Article 50 readiness plan should include:
- mapping provider and deployer roles for each generative AI system and content workflow;
- identifying AI-generated and AI-manipulated audio, image, video, and text outputs;
- documenting existing watermarking, metadata, provenance, detection, and labelling controls;
- deciding whether the company is likely to sign the Code;
- tracking the Commission and AI Board adequacy assessment;
- tracking the final Article 50 guidelines;
- designing labels, disclaimers, or icons for relevant content types;
- creating rules for deepfakes, public-interest text, human review, and editorial responsibility;
- testing whether labels remain visible and understandable across distribution channels; and
- keeping evidence that the organization evaluated and implemented proportionate transparency controls.
The key is to treat AI-generated-content transparency as a cross-functional compliance process, not a last-minute design ticket.
Bottom Line
The EU AI Act transparency Code turns Article 50 from an abstract deadline into a practical workplan.
The Code is voluntary, but it points to the evidence regulators may expect: provider-side marking and detection, deployer-side labelling, clear treatment of deepfakes and public-interest text, and a record showing how the organization chose and implemented its controls.
Companies do not need to wait for the final guidelines to begin the inventory. By the time Article 50 applies, the hard part will not be knowing that labels are required. It will be proving that the right content was identified, labelled, marked, reviewed, and documented.

