<\/p>\n\n\n
The EU AI Act\u2019s Article 50 transparency obligations take effect August 2026, unaffected by the provisional Digital Omnibus agreement on high-risk deadlines. This guide explains what website owners and online businesses need to disclose, how consent records connect to AI compliance, and the practical steps to take now.<\/p>\n\n\n\n
The provisional Digital Omnibus agreement of May 2026 moves certain EU AI Act deadlines \u2014 but not all of them. Article 50 introduces transparency obligations for AI-powered interfaces and AI-generated content. Deployer-facing rules apply from August 2026, regardless of the provisional postponement of high-risk deadlines. Here is what website owners and online businesses need to prepare, and why consent infrastructure is part of the picture.<\/p>\n\n\n\n
On 7 May 2026, the European Parliament and the Council reached provisional political agreement on the Digital Omnibus on AI<\/a>. For businesses tracking EU AI Act compliance, the headline figure is the postponement of the Annex III high-risk deadline from 2 August 2026 to 2 December 2027.<\/p>\n\n\n\n Annex III covers a broad set of AI applications, including:<\/p>\n\n\n\n If your organization develops or procures any of these, the 2027 date is now your planning anchor.<\/p>\n\n\n\n The agreement is provisional. Parliamentary committee approval was secured in early June 2026, with a plenary vote expected later in June and Council formal adoption to follow. Publication in the Official Journal is required for the new deadlines to become law, and is expected before the 2 August 2026 date. <\/p>\n\n\n\n Until that point, existing obligations remain in force. Organizations with compliance programmes already underway should continue them rather than standing programmes down on the assumption that formal adoption is guaranteed.<\/p>\n\n\n\n The Omnibus agreement modifies timelines, not the substance of obligations. The core requirements for high-risk AI system operators are unchanged. These include:<\/p>\n\n\n\n The penalty ranges are also unchanged: up to EUR 35 million or 7 percent of global annual turnover for the most serious violations.<\/p>\n\n\n\n Territorial scope is equally unchanged. If an AI system affects people in the EU, the AI Act applies regardless of where the deploying organization is headquartered. Additionally, the requirement to have demonstrable, documented lawful bases for personal data processing \u2014 including consent, where that is the chosen basis \u2014 has not moved.<\/p>\n\n\n\n Alongside the deadline changes, the provisional agreement introduces a new prohibited practice. Article 5 of the AI Act is expanded to ban AI systems that generate or manipulate non-consensual intimate imagery (NCII) or child sexual abuse material (CSAM) \u2014 targeting so-called \"nudifier\" applications directly. <\/p>\n\n\n\n A safe harbour applies where a system includes effective technical safeguards that reliably prevent such outputs.<\/p>\n\n\n\n The prohibition applies to 2 December 2026, concurrent with the Article 50(2) watermarking deadline. It becomes legally binding upon formal adoption and publication in the Official Journal.<\/p>\n\n\n\n Article 50<\/a>, which governs transparency obligations for AI systems and AI-generated content, is not touched by the Digital Omnibus<\/a>. The General-Purpose AI obligations under Articles 50 to 55<\/a> have been in force since 2 August 2025.<\/p>\n\n\n\n Deployer-facing obligations under Article 50 apply from August 2026. There is one targeted exception. The Article 50(2) watermarking obligation, where providers of generative AI systems must mark synthetic outputs in machine-readable form, benefits from a four-month grace period under the provisional agreement, pushing that specific deadline to 2 December 2026.<\/p>\n\n\n\n The obligations fall into three categories with different scope and different responsible parties.<\/p>\n\n\n\n Article 50(1) requires that users be informed when they are interacting with an AI system, for example, an AI-powered chatbot or conversational assistant, unless it is obvious from context. <\/p>\n\n\n\n This is a deployer obligation. If your website or product includes an AI-facing customer interface, you need a disclosure mechanism in place before August 2026. For most websites, this is a straightforward implementation task, but it needs to be planned and tested rather than left to the last moment.<\/p>\n\n\n\n Article 50(4) requires deployers of AI systems that generate or manipulate image, audio, or video content in ways that appreciably resemble real persons, places, or events to clearly disclose that the content is AI-generated or manipulated. <\/p>\n\n\n\n For organizations using generative AI in digital marketing or content production, this is one of the more immediately applicable obligations.<\/p>\n\n\n\n Article 50(2) requires providers of generative AI systems to mark synthetic audio, image, video, and text outputs in a machine-readable format so they can be identified as artificially generated. <\/p>\n\n\n\n The four-month grace period under the provisional Omnibus agreement sets the effective deadline for this obligation at 2 December 2026. Providers integrating generative features into products for the EU market should treat this as a near-term engineering deadline, separate from the high-risk postponement.<\/p>\n\n\n\n Article 50(4) also covers deployers who publish AI-generated text intended to inform the public on matters of public interest. Disclosure is required unless two conditions are both met: <\/p>\n\n\n\n This editorial control exemption is relevant to organizations where AI assists in content drafting, provided that human review occurs before publication. It is not a blanket exemption from the obligation to monitor and document how AI is used across content workflows.<\/p>\n\n\n\n The European Commission\u2019s Code of Practice on the Transparency of AI-Generated Content<\/a> remains in progress. The second draft was published in March 2026 and the final version is expected later in 2026. <\/p>\n\n\n\n Organizations that have mapped their AI content workflows in advance will be better positioned to close gaps quickly once the final standard is published.<\/p>\n\n\n\n For most website owners, the most immediate connection between the EU AI Act and existing compliance infrastructure is personal data. The majority of Annex III use cases, and many Article 50 scenarios, involve the processing of personal data. <\/p>\n\n\n\n That processing requires a lawful basis. Where consent is that basis, it must be documented at the point of collection, timestamped, linked to the specific purpose, and retrievable on demand.<\/p>\n\n\n\n This is where a consent management platform (CMP)<\/a> becomes relevant not just to GDPR compliance<\/a>, but to AI Act readiness. The records generated by a well-configured CMP are timestamped, purpose-specific, and auditable. Exactly what regulators, auditors, and procurement teams will look for when assessing whether an organization\u2019s data infrastructure was designed with compliance in mind.<\/p>\n\n\n\n A shift in enforcement deadlines does not change how long it takes to build that infrastructure. It changes the available window. For organizations that deferred preparation on the assumption of a significant delay, that window is narrower than the headline date suggests.<\/p>\n\n\n\n
What Remains Unchanged<\/h3>\n\n\n\n
\n
What the Omnibus Adds: A New Article 5 Prohibition<\/h3>\n\n\n\n
Article 50 of the EU AI Act: A Plain-Language Breakdown<\/h2>\n\n\n\n
Disclosing AI Interactions<\/h3>\n\n\n\n
Disclosing AI-Generated or Manipulated Media<\/h3>\n\n\n\n
Machine-Readable Watermarking [Article 50(2)]<\/h3>\n\n\n\n
AI-Generated Text on Matters of Public Interest<\/h3>\n\n\n\n
\n
Why Consent Records Are Central to AI Act Compliance<\/h2>\n\n\n\n