TREVAM
View Buyer Edition
Reference

EU AI Act Article 50 Applicability: Transparency Evidence Map

Map common Article 50 transparency questions to the evidence, artifacts, review owners, and red flags a team should prepare for buyer and compliance review.

Scope

Buyer-facing evidence map for AI vendors, deployers, and product/compliance teams documenting Article 50 transparency obligations under the EU AI Act for procurement, deployment review, and internal compliance owner workflows.

Covers

  • Article 50(1) — direct interaction with natural persons (chatbots, conversational agents, voice assistants).
  • Article 50(2) — generation and manipulation of synthetic content (text, image, audio, video).
  • Article 50(3) — emotion recognition and biometric categorisation notice.
  • Article 50(4) — deepfake disclosure and AI-generated text on matters of public interest.
  • "Unless obvious" analysis across applicable sub-paragraphs.
  • Timing, format, and accessibility of disclosure at first interaction.
  • Provider versus deployer responsibility for each sub-obligation.
  • Upstream model and GPAI dependency notes affecting marking and disclosure.
  • Documentation owner and review cadence.

Out of scope

  • Legal determination of Article 50 applicability for any specific system.
  • Final disclosure adequacy opinions.
  • High-Risk Annex III conformity assessment.
  • Systemic-risk GPAI provider obligations (Articles 53–55).
  • Legal advice, certification, warranty drafting.
  • Drafting of consumer-facing notices for a specific deployment.

Source status

Source Status Notes
EU AI Act (Regulation (EU) 2024/1689), Article 50 Current Regulation text Transparency obligations apply from 2 August 2026.
Commission draft guidelines on Article 50 transparency obligations Draft guidance Published 8 May 2026. Public consultation open until 3 June 2026. Final adopted guidance should be monitored when published. Treat as draft, not final.
Code of Practice on marking and labelling of AI-generated content Draft guidance Voluntary instrument supporting Article 50(2). Currently draft; final adopted guidance should be monitored when published. The Code of Practice does not replace the Article 50 legal text and does not create Trevam-specific conclusions about a deployer's disclosure duties.
EU AI Act Article 50(2) transition for pre-2 August 2026 systems Current Regulation text Pre-2 August 2026 systems may be subject to transition rules. Track the current Regulation text and any formally adopted Digital Omnibus changes.
Digital Omnibus on AI Provisional political agreement 7 May 2026 provisional agreement. Not enacted.
EU AI Act Service Desk Authority guidance Operational guidance, updated periodically.

Where a source is in draft or provisional status, this page does not present its content as final law. Buyers and deployers should monitor the corresponding final adoption and update their documentation accordingly.

Problem

Article 50 is four obligations, not one.

A procurement reviewer asking "Does Article 50 apply to your system?" is testing whether each sub-paragraph has been individually assessed and whether the assessment is documented at a level a deployer or buyer can route to legal review. A naked "yes" or "no" misses the structure of the article and leaves the buyer without the evidence needed for their own internal review.

The four sub-paragraphs answer four different questions:

  • 50(1) asks whether the system directly interacts with a natural person. A "yes" triggers disclosure at first interaction, unless the AI nature is obvious from the circumstances and context of use.
  • 50(2) asks whether the system generates or manipulates synthetic content. A "yes" triggers provider-side machine-readable marking and may trigger deployer-side disclosure depending on use.
  • 50(3) asks whether the system performs emotion recognition or biometric categorisation. A "yes" triggers deployer-side notice to affected natural persons.
  • 50(4) asks whether the system generates deepfakes or AI-generated text published on matters of public interest. A "yes" triggers deployer-side disclosure, with carve-outs for evidently artistic, creative, satirical, or fictional work, and for law-enforcement detection of criminal offences.

The May 2026 Commission draft guidelines (open for consultation until 3 June 2026) refine the interpretation of "obvious", the average-consumer test, the artistic carve-out, the timing of first interaction, and the format of disclosure. Until those guidelines are finally adopted, Article 50 applicability assessments need to be written against the draft text with explicit source-status awareness.

The map below pairs the questions a buyer or reviewer is likely to ask about each sub-paragraph with what they are really testing, the evidence to attach, who owns the assessment, and the red flags that should not be glossed over.

Core evidence mapping

# Article 50 question What the buyer/reviewer is testing Evidence to prepare Trevam artifact Review owner Red flag
1 "Does Article 50(1) apply — direct interaction with a natural person?" Whether the assessment names the interaction surface, identifies the user type, and concludes on disclosure obligation Article 50(1) applicability record naming the interaction (chat, voice, embedded assistant, etc.), the user type, and the conclusion Article 50 Decision Record (50(1) section) Legal/Compliance + Product "We have a chatbot but disclosure is not needed" without obviousness analysis
2 "If 50(1) applies, how is the 'unless obvious' exemption assessed?" Whether the obviousness analysis follows the May 2026 draft guidelines' average-consumer multi-factor test, not a self-serving "it's clear from context" assertion Obviousness analysis recording target audience, vulnerable groups, AI literacy levels, deployment context, and conclusion Article 50 Decision Record (obviousness sub-section) Legal/Compliance Asserting "obvious" without the multi-factor test; ignoring vulnerable-group consideration
3 "Does Article 50(2) apply — generation or manipulation of synthetic content?" Whether the assessment distinguishes provider-side machine-readable marking from deployer-side disclosure use, per content type Article 50(2) applicability record per content type (text, image, audio, video) with provider/deployer split Article 50 Decision Record (50(2) section) Engineering + Legal/Compliance Conflating provider marking with deployer disclosure; missing per-content-type assessment
4 "Does Article 50(3) apply — emotion recognition or biometric categorisation?" Whether the deployment notice obligation is identified and routed to a notice-design owner Article 50(3) applicability record covering the recognition or categorisation activity and the notice plan Article 50 Decision Record (50(3) section) Product + Legal/Compliance "We do not process biometrics" without a definition check against the Act
5 "Does Article 50(4) apply — deepfake or AI-generated text on matters of public interest?" Whether the evidently artistic/creative/satirical/fictional carve-out is assessed, and whether public-interest text disclosure is in scope Article 50(4) applicability record for each content type, with carve-out reasoning per the May 2026 draft guidelines Article 50 Decision Record (50(4) section) Legal/Compliance + Editorial Claiming the artistic carve-out for primarily informative or commercial content; missing the public-interest text obligation
6 "What disclosure timing applies under 50(1)?" Whether disclosure is positioned at the first interaction in a clear and distinguishable manner, not buried in onboarding flows or Terms of Service Disclosure UI evidence: screenshot, position, accessibility check, timing record Article 50 Draft Disclosure Notices + UI screenshot file Product + UX T&Cs-only disclosure; disclosure after engagement
7 "What is the format and accessibility of the disclosure?" Whether the disclosure meets the clarity and accessibility expectations of the May 2026 draft guidelines Format and accessibility record: text/icon/voice, reading level, language, screen-reader behaviour Article 50 Draft Disclosure Notices UX + Accessibility Disclosure visible only in fine print; no accessibility check
8 "Who is responsible — provider or deployer — for each sub-paragraph?" Whether the provider/deployer responsibility split is written and matches the Article 25 / Article 26 role determination Provider versus deployer responsibility table for 50(1)–(4) Article 50 Decision Record (responsibility split) + Risk Tier Rationale Memo (role section) Legal/Compliance Provider/deployer split assumed, not written; mismatch with role memo
9 "How are upstream model and GPAI dependencies recorded for marking purposes?" Whether the upstream model's marking capabilities are known and documented for Article 50(2) deployer use Upstream model marking note: provider, model, marking method, machine-readable format Technical File Outline (Article 50 dependency section) + Article 50 Decision Record (cross-reference) Engineering + Legal/Compliance "Marking handled by the model" without verification; provider documentation not cited
10 "How are disclosure changes versioned?" Whether changes to the disclosure copy, UI, or technical marking are logged with date and impact note Change Log entries with Article 50 impact; disclosure version history Change Log + Article 50 Draft Disclosure Notices (version history) Engineering + Product Disclosure copy edited without version; no re-screen on material change
11 "How does AI literacy support disclosure design and monitoring?" Whether deployer-side staff handling disclosure decisions have role-relevant AI literacy evidence AI Literacy Evidence Log entries covering disclosure design, monitoring, and incident response AI Literacy Evidence Log HR + Compliance Disclosure designed without role-relevant literacy; ad hoc owners
12 "What is the watch position on the May 2026 Commission draft guidelines and the Digital Omnibus?" Whether the Article 50 record carries explicit source-status awareness and an update trigger Watch item entry naming the draft guidelines, consultation deadline (3 June 2026), expected adoption, and the Digital Omnibus provisional status Article 50 Decision Record (watch section) Legal/Compliance Treating draft guidance as final; relying on Digital Omnibus extensions before formal adoption

Flagged questions

  • "Does Article 50 apply to your system?" Four sub-obligations, each independently assessed. A binary answer without the per-paragraph breakdown is wrong.
  • "Is your disclosure adequate?" Adequacy is judged against the May 2026 Commission draft guidelines, which are not yet final. Treat the answer as a structured record, not a verdict.
  • "Are you exempt from Article 50(1) because the AI nature is obvious?" The May 2026 draft guidelines apply an average-consumer multi-factor test. Asserting "obvious" without the test is not safe.
  • "Does the deepfake carve-out apply to your AI-generated marketing content?" The May 2026 draft guidelines clarify that "evidently artistic, creative, satirical, fictional" excludes content with primarily informative or commercial purposes.
  • "Is the Code of Practice on marking sufficient for Article 50(2)?" The Code of Practice is a voluntary instrument supporting Article 50, currently draft. The Code of Practice does not replace the Article 50 legal text. Sufficiency is not yet final.
  • "When does Article 50 actually apply to my system?" Article 50 transparency obligations apply from 2 August 2026. Pre-2 August 2026 systems may be subject to transition rules. Track the current Regulation text and any formally adopted Digital Omnibus changes.
  • "Should we wait for the Digital Omnibus to settle before designing disclosure?" No. The 7 May 2026 Digital Omnibus is provisional. Disclosure design should proceed against current baseline and be updated on formal adoption.

Failure modes

For each: bad pattern · why it fails · safer response · evidence required.

  1. 1. "Article 50 does not apply because our system is Limited Risk."
    Why it fails
    Article 50 transparency obligations apply independently of the high-risk classification. A Limited Risk chatbot still falls under 50(1).
    Safer response
    "Article 50 applicability is assessed per sub-paragraph, independently of the risk-tier label."
    Evidence required
    Article 50 Decision Record.
  2. 2. "We do not need disclosure because the AI nature is obvious."
    Why it fails
    the May 2026 draft guidelines apply an average-consumer multi-factor test (target audience, vulnerable groups, AI literacy levels, deployment context). Asserting "obvious" without the analysis is not safe.
    Safer response
    "Obviousness analysis records target audience, vulnerable groups, AI literacy levels, and deployment context per the draft guidelines."
    Evidence required
    Article 50 Decision Record (obviousness sub-section).
  3. 3. "Our chatbot disclosure is in the Terms of Service."
    Why it fails
    Article 50(1) requires disclosure at the latest at the time of the first interaction. A disclosure buried only in Terms of Service is unlikely to evidence timely, clear disclosure at first interaction.
    Safer response
    "Disclosure is presented at first interaction, with clarity and accessibility documented per the May 2026 draft guidelines."
    Evidence required
    UI screenshot, timing record, accessibility check.
  4. 4. "Our model provider's marking handles Article 50(2)."
    Why it fails
    provider-side machine-readable marking is a separate obligation from deployer-side use. The deployer needs to verify marking is present and to design disclosure where the use case requires it.
    Safer response
    "Upstream provider marking is documented. Deployer-side use of marking is assessed separately, and disclosure is designed where required."
    Evidence required
    Technical File Outline (Article 50 dependency section) + Article 50 Decision Record.
  5. 5. "The deepfake exemption applies because our marketing content is creative."
    Why it fails
    the May 2026 draft guidelines clarify that the artistic/creative/satirical carve-out excludes content serving primarily informative or commercial purposes.
    Safer response
    "Deepfake applicability is assessed against the May 2026 draft guidelines, with carve-out reasoning recorded per content type."
    Evidence required
    Article 50 Decision Record (50(4) section, carve-out sub-section).
  6. 6. "We do not perform biometric processing, so Article 50(3) does not apply."
    Why it fails
    the Act's definitions of biometric categorisation and emotion recognition may capture activities that the team does not consider biometric in everyday language.
    Safer response
    "Article 50(3) applicability is assessed against the Act's definitions, not against everyday usage."
    Evidence required
    Article 50 Decision Record (50(3) section).
  7. 7. "Our system was launched in March 2026, so Article 50 obligations do not apply to us."
    Why it fails
    pre-2 August 2026 systems may be subject to transition rules. Track the current Regulation text and any formally adopted Digital Omnibus changes. The transition is a deadline, not an exemption.
    Safer response
    "Pre-2 August 2026 systems are documented and the applicable transition deadline is tracked. Compliance work proceeds against the current baseline."
    Evidence required
    Risk Tier Rationale Memo + Article 50 Decision Record (timeline section).
  8. 8. "We will wait for the Digital Omnibus to settle before designing disclosure."
    Why it fails
    as of 7 May 2026, the Digital Omnibus is provisional. Buyers should not rely on provisional changes to defer compliance work. Current baseline applies.
    Safer response
    "Disclosure design proceeds against the current baseline. The Digital Omnibus is a tracked watch item and will trigger an update on formal adoption."
    Evidence required
    Article 50 Decision Record (watch section) + Change Log entries on monitoring.
  9. 9. "Our disclosure works on desktop, so we are covered."
    Why it fails
    disclosure is a per-interaction-surface obligation. Mobile, voice, embedded, third-party, and assistive surfaces each need their own evidence.
    Safer response
    "Disclosure is documented per interaction surface, with accessibility checks per surface."
    Evidence required
    Article 50 Draft Disclosure Notices (per-surface section) + accessibility check.
  10. 10. "Our Article 50 assessment is final."
    Why it fails
    the May 2026 Commission draft guidelines are not yet finally adopted, and the Code of Practice on marking is in draft. Article 50 records should carry source-status awareness, not finality.
    Safer response
    "The Article 50 record is dated and references the source status of the draft guidelines, with an update trigger on final adoption."
    Evidence required
    Article 50 Decision Record (source status + last reviewed sections).

What this is not

This Reference page is not, and should not be cited as:

  • A legal determination of Article 50 applicability for any specific system.
  • A final disclosure adequacy opinion.
  • Legal advice or a substitute for counsel.
  • A High-Risk Annex III conformity assessment.
  • Systemic-risk GPAI provider guidance under Articles 53–55.
  • A substitute for buyer, legal, or compliance review.
  • A claim that any draft disclosure notice in the kit is sufficient for every system, surface, or audience.
  • A statement that the May 2026 Commission draft guidelines are final or that the Digital Omnibus on AI is enacted law.

The map exists to help vendors and deployers prepare review-ready documentation. Each item is subject to human/legal/compliance review.

How to use the Trevam kit

The EU AI Act Compliance Starter Kit — Buyer Edition v1.6 includes 27 artifacts plus an included AI-assisted completion companion guide. The artifacts most directly used for Article 50 applicability evidence:

  • Article 50 Decision Record — the primary artifact for this page. Records 50(1), 50(2), 50(3), 50(4) applicability separately, with obviousness analysis, carve-out reasoning, provider/deployer responsibility split, upstream dependency notes, and watch items.
  • Article 50 Draft Disclosure Notices — disclosure copy library covering chatbot first-interaction disclosure, AI-generated content disclosure, and deepfake/public-interest text disclosure. Biometric categorisation and emotion-recognition contexts are handled through the Article 50 Decision Record and require context-specific review.
  • Intended Purpose Statement — input for the 50(1)–(4) per-paragraph assessment. Use cases, users, inputs, outputs, exclusions, foreseeable misuse.
  • Risk Tier Rationale Memo — adjacent artifact. Article 50 stacks on top of risk-tier classification and shares the role determination. See the risk-tier rationale Reference.
  • AI Literacy Evidence Log — relevant where deployer-side staff handle disclosure design, monitoring, and incident response.
  • Change Log — captures version, date, and scope of disclosure changes, and the impact on Article 50 applicability.

The AI-assisted completion companion is an optional methodological guide for using approved AI workspaces (e.g. enterprise Claude, ChatGPT, Microsoft 365 Copilot-style assistants, or internal assistants) to draft, evidence-check, red-team, and prepare the kit's outputs for human/legal/compliance review. The companion does not determine Article 50 applicability, does not finalise disclosure copy, and does not substitute review.

Last reviewed / update note

Last reviewed: 2026-05-18.

This page is subject to update when one of the following occurs:

  • The European Commission publishes the final adopted Article 50 transparency guidelines (currently in consultation until 3 June 2026; final adopted guidance should be monitored when published).
  • The Code of Practice on marking and labelling of AI-generated content reaches a new draft milestone or final adoption.
  • The Digital Omnibus on AI is formally adopted by the Council and Parliament (currently provisional agreement of 7 May 2026; possible changes to transition timing on formal adoption).
  • A material update to the EU AI Act Service Desk or AESIA guidance affects Article 50 interpretation.
  • The Trevam EU AI Act Compliance Starter Kit moves to a new version that changes the artifact set referenced here.

Substantive updates are recorded in the public Trevam update log.