European Commission clarifies AI transparency

AI transparency sounds like a labeling problem. Add a badge, show a disclaimer, move on. But the European Commission’s new draft guidance makes clear that this is really a systems-design problem — and a governance problem — that starts well before anything reaches a user. ### What changed this week? On May 8, the Commission published draft guidelines for Article 50 of the EU AI Act and opened a consultation that runs until June 3, 2026. The point is to tell providers and deployers how the transparency rules should actually work before they start applying on August 2, 2026. A separate voluntary code of practice is meant to complement the guidance, with finalization expected in June. (digital-strategy.ec.europa.eu) ### What does Article 50 actually cover? Four buckets. First, AI systems that interact directly with people have to tell them they are dealing with AI, unless that is obvious. Second, systems that generate or manipulate audio, images, video, or text have to mark outputs in a machine-readable way so they can be detected. Third, deployers of emotion-recognition or biometric-categorization systems have to inform exposed people. Fourth, deployers using AI to make deepfakes — or AI-generated text on matters of public interest — have to disclose the artificial origin. (digital-strategy.ec.europa.eu) ### Why is “machine-readable” such a big deal? Because the Commission is not treating transparency as a sticker on the front of the product. The legal text already says providers must make AI-generated or manipulated content detectable and use technical solutions that are effective, interoperable, robust, and reliable, as far as technically feasible and in line with the state of the art. That pushes companies toward metadata, watermarking, provenance tools, logging, fingerprints, and related detection methods — basically, infrastructure. (ai-act-service-desk.ec.europa.eu) ### So a label is enough — right? No. That is the part many people miss. These transparency rules help users recognize synthetic or AI-mediated content, but they do not turn unlawful content into lawful content. The Commission’s own materials frame Article 50 as a tool against deception, impersonation, fraud, and misinformation risks. In plain English, a disclosed deepfake can still create liability under other legal regimes if the content itself breaks the rules. (ai-act-service-desk.ec.europa.eu) That is why the draft also talks about how Article 50 interacts with other Union legal acts. ### Who is on the hook — provider or deployer? Both can be, but for different things. Providers carry the design-side duties for interaction notices and machine-readable marking of generated content. Deployers carry disclosure duties in cases like deepfakes, public-interest AI text, and some biometric or emotion-recognition uses. That split sounds neat on paper, but real products blur it fast — especially when one firm fine-tunes, embeds, or repackages another firm’s model. (digital-strategy.ec.europa.eu) ### Why does finance care so much? Because banks and insurers already sit inside dense regulatory stacks, and AI adds another horizontal layer on top. Hogan Lovells’ new note on financial services makes the practical point: compliance depends not just on what the system does, but on where the institution sits in the supply chain. If a firm cannot clearly show whether it is acting as provider, deployer, or both, governance and documentation become the only sane way to stay ahead of the problem. (digital-strategy.ec.europa.eu) ### What should companies do now? Map systems to Article 50’s four buckets. Figure out role allocation early. Build disclosure and marking into product architecture, not post-launch UX. And document every handoff — model source, fine-tuning, output controls, logging, user notices, and exception handling. The catch is that August 2 is close, and these obligations will hit customer-facing AI long before many companies feel operationally ready. (hoganlovells.com) ### Bottom line? The Commission is telling the market that “transparent AI” is not a cosmetic fix. It is a design choice, a recordkeeping exercise, and a legal boundary-setting exercise all at once. Companies that treat Article 50 like a simple label rule are probably already behind. (digital-strategy.ec.europa.eu 1) (digital-strategy.ec.europa.eu 2)