--- title: "EU AI Act Article 50: What to Do for Your Website" description: "The EU AI Act’s Article 50 transparency obligations take effect August 2026, unaffected by the provisional Digital Omnibus agreement on high-risk deadlines. This guide explains what website owners and online businesses need to disclose, how consent records connect to AI compliance, and the practical steps to take now. The provisional Digital Omnibus agreement of May 2026 moves certain EU AI Act deadlines — but not all of them. Article 50 introduces transparency obligations for AI-powered interfaces and AI-generated content. Deployer-facing rules apply from August 2026, regardless of the provisional postponement of high-risk deadlines. Here is what website owners and online businesses […]" url: https://www.cookiebot.com/en/eu-ai-act-article-50-transparency-compliance/ categories: [Uncategorized] --- # EU AI Act Article 50: What to Do for Your Website ## At a Glance Key Takeaways - **Political agreement**: A provisional deal on the Digital Omnibus on AI was reached on 7 May 2026, delaying high-risk system deadlines. Parliamentary committees approved the text in early June 2026; a full plenary vote and Council adoption are expected before August 2026. Formal adoption requires Official Journal publication. - **High-risk deadline**: Annex III systems (biometrics, hiring tools, credit-scoring, education platforms) must comply by 2 December 2027; Annex I product-embedded AI by 2 August 2028. - **Article 50 unchanged**: Transparency obligations for AI-powered customer interfaces and AI-generated content are not delayed. Deployer obligations apply from August 2026. - **Watermarking grace period**: The Article 50(2) obligation for providers to machine-label synthetic content has a four-month grace period, setting the effective deadline at 2 December 2026. - **Consent records still required**: AI systems that process personal data, which are the majority of Annex III use cases, require documented, auditable consent regardless of when high-risk enforcement begins. - **Key 2026 actions**: Audit AI touchpoints on your website, confirm consent records are timestamped and retrievable, and map Article 50 disclosure obligations before the August deadline. The EU AI Act’s Article 50 transparency obligations take effect August 2026, unaffected by the provisional Digital Omnibus agreement on high-risk deadlines. This guide explains what website owners and online businesses need to disclose, how consent records connect to AI compliance, and the practical steps to take now. The provisional Digital Omnibus agreement of May 2026 moves certain EU AI Act deadlines — but not all of them. Article 50 introduces transparency obligations for AI-powered interfaces and AI-generated content. Deployer-facing rules apply from August 2026, regardless of the provisional postponement of high-risk deadlines. Here is what website owners and online businesses need to prepare, and why consent infrastructure is part of the picture. ## What Does and Does Not Change with the Provisional Agreement On 7 May 2026, the European Parliament and the Council reached [provisional political agreement on the Digital Omnibus on AI](https://www.europarl.europa.eu/news/en/press-room/20260323IPR38829/artificial-intelligence-act-delayed-application-ban-on-nudifier-apps). For businesses tracking EU AI Act compliance, the headline figure is the postponement of the Annex III high-risk deadline from 2 August 2026 to 2 December 2027. Annex III covers a broad set of AI applications, including: - Biometric identification - Critical infrastructure - Recruitment and HR tools - Credit-scoring systems - Education platforms If your organization develops or procures any of these, the 2027 date is now your planning anchor. The agreement is provisional. Parliamentary committee approval was secured in early June 2026, with a plenary vote expected later in June and Council formal adoption to follow. Publication in the Official Journal is required for the new deadlines to become law, and is expected before the 2 August 2026 date. Until that point, existing obligations remain in force. Organizations with compliance programmes already underway should continue them rather than standing programmes down on the assumption that formal adoption is guaranteed. ### What Remains Unchanged The Omnibus agreement modifies timelines, not the substance of obligations. The core requirements for high-risk AI system operators are unchanged. These include: - Data governance - Risk management documentation - Human oversight design - Conformity assessment - Auditable record-keeping The penalty ranges are also unchanged: up to EUR 35 million or 7 percent of global annual turnover for the most serious violations. Territorial scope is equally unchanged. If an AI system affects people in the EU, the AI Act applies regardless of where the deploying organization is headquartered. Additionally, the requirement to have demonstrable, documented lawful bases for personal data processing — including consent, where that is the chosen basis — has not moved. ### What the Omnibus Adds: A New Article 5 Prohibition Alongside the deadline changes, the provisional agreement introduces a new prohibited practice. Article 5 of the AI Act is expanded to ban AI systems that generate or manipulate non-consensual intimate imagery (NCII) or child sexual abuse material (CSAM) — targeting so-called "nudifier" applications directly. A safe harbour applies where a system includes effective technical safeguards that reliably prevent such outputs. The prohibition applies to 2 December 2026, concurrent with the Article 50(2) watermarking deadline. It becomes legally binding upon formal adoption and publication in the Official Journal. ## Article 50 of the EU AI Act: A Plain-Language Breakdown [Article 50](https://artificialintelligenceact.eu/article/50/), which governs transparency obligations for AI systems and AI-generated content, is not touched by the [Digital Omnibus](https://usercentrics.com/knowledge-hub/eu-digital-omnibus-package/). The General-Purpose AI obligations under [Articles 50 to 55](https://artificialintelligenceact.eu/chapter/5/) have been in force since 2 August 2025. Deployer-facing obligations under Article 50 apply from August 2026. There is one targeted exception. The Article 50(2) watermarking obligation, where providers of generative AI systems must mark synthetic outputs in machine-readable form, benefits from a four-month grace period under the provisional agreement, pushing that specific deadline to 2 December 2026. The obligations fall into three categories with different scope and different responsible parties. ### Disclosing AI Interactions Article 50(1) requires that users be informed when they are interacting with an AI system, for example, an AI-powered chatbot or conversational assistant, unless it is obvious from context. This is a deployer obligation. If your website or product includes an AI-facing customer interface, you need a disclosure mechanism in place before August 2026. For most websites, this is a straightforward implementation task, but it needs to be planned and tested rather than left to the last moment. ### Disclosing AI-Generated or Manipulated Media Article 50(4) requires deployers of AI systems that generate or manipulate image, audio, or video content in ways that appreciably resemble real persons, places, or events to clearly disclose that the content is AI-generated or manipulated. For organizations using generative AI in digital marketing or content production, this is one of the more immediately applicable obligations. ### Machine-Readable Watermarking [Article 50(2)] Article 50(2) requires providers of generative AI systems to mark synthetic audio, image, video, and text outputs in a machine-readable format so they can be identified as artificially generated. The four-month grace period under the provisional Omnibus agreement sets the effective deadline for this obligation at 2 December 2026. Providers integrating generative features into products for the EU market should treat this as a near-term engineering deadline, separate from the high-risk postponement. ### AI-Generated Text on Matters of Public Interest Article 50(4) also covers deployers who publish AI-generated text intended to inform the public on matters of public interest. Disclosure is required unless two conditions are both met: - The content has undergone human review or editorial control before publication, and - A natural or legal person assumes editorial responsibility for the publication This editorial control exemption is relevant to organizations where AI assists in content drafting, provided that human review occurs before publication. It is not a blanket exemption from the obligation to monitor and document how AI is used across content workflows. The European Commission’s [Code of Practice on the Transparency of AI-Generated Content](https://digital-strategy.ec.europa.eu/en/library/commission-publishes-second-draft-code-practice-marking-and-labelling-ai-generated-content) remains in progress. The second draft was published in March 2026 and the final version is expected later in 2026. Organizations that have mapped their AI content workflows in advance will be better positioned to close gaps quickly once the final standard is published. ## Why Consent Records Are Central to AI Act Compliance For most website owners, the most immediate connection between the EU AI Act and existing compliance infrastructure is personal data. The majority of Annex III use cases, and many Article 50 scenarios, involve the processing of personal data. That processing requires a lawful basis. Where consent is that basis, it must be documented at the point of collection, timestamped, linked to the specific purpose, and retrievable on demand. This is where a [consent management platform (CMP)](https://www.cookiebot.com/en/cookie-consent-solution/) becomes relevant not just to [GDPR compliance](https://www.cookiebot.com/en/gdpr-compliance-requirements-checklist/), but to AI Act readiness. The records generated by a well-configured CMP are timestamped, purpose-specific, and auditable. Exactly what regulators, auditors, and procurement teams will look for when assessing whether an organization’s data infrastructure was designed with compliance in mind. A shift in enforcement deadlines does not change how long it takes to build that infrastructure. It changes the available window. For organizations that deferred preparation on the assumption of a significant delay, that window is narrower than the headline date suggests. Read more: [GDPR consent requirements and cookie compliance](https://www.cookiebot.com/en/gdpr-cookies/) ### The Case for Acting Before the Deadline From an implementation standpoint, the argument for using the current period deliberately rather than deferring is pragmatic. Consent infrastructure put in place under deadline pressure risks being fragile, inconsistently documented, and difficult to audit. The technical debt created by rushed implementations surfaces at precisely the worst moment: an enforcement inquiry, a due diligence process, or a partner audit. The organizations that continue building during the current period carry a genuine advantage into enforcement. They can demonstrate that their data infrastructure was designed with compliance in mind from the outset, rather than assembled in the weeks before a deadline. The General-Purpose AI obligations under Articles 50 to 55 have been in force since August 2025. The Article 50(2) watermarking deadline lands in December 2026. Neither waits for the high-risk postponement to resolve. **Date****Obligation / Event****Notes**2 August 2025General-Purpose AI obligations (Articles 50–55) entered into forceUnaffected by the Digital Omnibus agreement7 May 2026Provisional political agreement on Digital Omnibus on AI reachedNot yet formally adopted; existing obligations remain in force until Official Journal publicationAugust 2026Article 50 deployer-facing transparency obligations applyIncludes Article 50(1) disclosure for AI-facing customer interfaces; unaffected by the Omnibus2 December 2026Article 50(2) watermarking obligation appliesFour-month grace period under provisional Omnibus; providers of generative AI systems must machine-label synthetic outputs2 December 2026New Article 5 prohibition on AI-generated NCII and CSAM applies (provisional)Covers nudifier applications; safe harbour for systems with effective preventive safeguards2 December 2027Annex III high-risk system obligations apply (provisional)Covers biometrics, employment, credit-scoring, education, and critical infrastructure; moved from 2 August 20262 August 2028Annex I product-embedded AI obligations apply (provisional)AI systems governed by sectoral product safety legislation; subject to formal Omnibus adoption## Three Practical Steps to Take Now The August 2026 high-risk deadline may or may not shift further. Article 50 obligations will apply from August 2026 regardless. Three actions are worth completing without waiting for resolution. ### Audit AI Touchpoints on Your Website Identify every point on your website or digital product where users interact with, or receive content generated by, an AI system. This includes chatbots, product recommendation engines, AI-assisted search, and generative content features. For each touchpoint, assess whether Article 50 disclosure obligations apply and what disclosure mechanism is needed. This inventory is the prerequisite for everything else, and it consistently takes longer than organizations expect when AI capabilities are embedded in third-party tools rather than built in-house. ### Confirm Your Consent Records Are Audit-Ready For any AI system that processes personal data, confirm that you can answer the following: What is the lawful basis for this processing? Is that basis documented at the point of collection, with a timestamp and purpose linkage? Can you produce those records on demand? If any answer is uncertain, the current window is the right time to close the gap. Cookiebot by Usercentrics captures timestamped, purpose-specific consent records automatically, structured for exactly this kind of retrieval. ### Map Your Article 50 Disclosure Obligations Walk through your AI content and product workflows and apply the Article 50 framework to each. Where AI-facing customer interfaces exist or are planned, Article 50(1) disclosure is required. Where generative AI produces synthetic media in marketing or editorial contexts, Article 50(4) applies. Where you publish AI-assisted text on public interest matters, apply the editorial control analysis. Where your organization provides generative AI features, plan for the December 2026 watermarking deadline. The final Code of Practice is expected later in 2026. Organizations that have mapped their workflows in advance will be able to close any gaps quickly once the final standard is published. ## The Deadline Has Moved but the Need to Prepare Hasn’t The high-risk deadline has provisionally moved to December 2027. The Article 50 watermarking deadline lands in December 2026. The requirement to have documented, auditable consent records has not moved at all. For website owners and online businesses, the practical question is not whether these obligations apply. It’s whether the infrastructure to meet them is already in place. Cookiebot by Usercentrics scans your website to detect all cookies and tracking technologies in use, generates consent records automatically that support GDPR compliance, and gives you an audit trail as AI Act enforcement matures. ## EU, UK, and global rules. Which ones apply to your business? Many businesses have obligations under multiple overlapping regulations. Find out exactly which ones apply to your operations. No signup required, takes less than 2 minutes. [Find My Regulations](/en/regulations-finder/) *This article is for informational purposes only and does not constitute legal advice. For guidance specific to your organization’s circumstances, consult a qualified legal professional.*