Most organisations assume their chatbot is “just a chatbot” — a helpful widget that doesn’t attract serious regulatory attention. The EU AI Act disagrees. From 2 August 2026, Article 50 imposes mandatory transparency and labeling obligations on a broad range of conversational AI systems, AI-generated content tools, and emotion-recognition applications — regardless of whether they are classified as high-risk. This guide explains exactly which chatbots and AI systems fall under Article 50, what you must disclose, and how to comply.
- “Limited Risk” is not the same as “no risk” — it means specific transparency obligations apply, enforced with the same penalty regime as high-risk violations.
- Article 50 transparency duties apply to chatbots, deepfake generators, AI-generated text publishers, and emotion-recognition systems — even if none of these are classified as high-risk.
- The deadline is 2 August 2026. With the Transparency Code of Practice Draft 2 now published (March 2026), the technical specifications for compliance are clear.
- Many businesses are unknowingly operating chatbots that will require retroactive UI changes, updated terms of service, and new disclosure workflows before August 2026.
- The EU AI Act’s four risk tiers: where “limited risk” sits
- Article 50: the four transparency obligations in full
- Chatbots and conversational AI: what must be disclosed
- Deepfakes and synthetic media: the labeling requirements
- AI-generated text: the public-interest content rule
- Emotion recognition: the notification requirement
- Exceptions: when Article 50 does not apply
- Practical compliance steps for each obligation
- FAQ
1. The EU AI Act’s Four Risk Tiers: Where “Limited Risk” Sits
The EU AI Act classifies AI systems into four tiers based on potential harm. “Limited Risk” is the third tier — below Unacceptable Risk (prohibited) and High Risk (full conformity obligations), but above Minimal Risk (no mandatory requirements).
The “Limited Risk” label is slightly misleading — it refers to the level of mandatory compliance obligations, not the level of potential harm. The AI systems in this tier (chatbots, deepfake generators, AI content publishers) can cause significant social harm through manipulation and disinformation. The legislature’s response was not to impose technical conformity obligations, but to require transparent disclosure — ensuring users always know when they are interacting with AI.
2. Article 50: The Four Transparency Obligations in Full
Article 50 of the EU AI Act contains four distinct transparency obligations, each targeting a different type of AI system or content. They operate independently — your system may trigger one, two, three, or all four simultaneously depending on what it does.
| Art. 50 Clause | AI System Type | Obligation | Who Must Act |
|---|---|---|---|
| 50(1) | Chatbots & conversational AI | Inform users they are interacting with AI — in the first interaction | Providers & Deployers |
| 50(2) | Deepfakes & synthetic media | Machine-readable label declaring content is AI-generated | Operators distributing content |
| 50(3) | AI-generated text on public-interest topics | Human-readable disclosure of AI authorship to audience | Publishers & platforms distributing AI text |
| 50(4) | Emotion recognition AI | Notify individuals that emotion inference is operating | Deployers |
3. Chatbots and Conversational AI: What Must Be Disclosed
Article 50(1) requires that providers and deployers of AI systems designed to interact with natural persons must ensure those persons are informed they are interacting with an AI system — unless this is obvious from the context or circumstances of use.
What counts as a “conversational AI system” for Article 50(1)?
- Customer service chatbots on websites or apps
- AI assistants embedded in SaaS platforms
- Voice assistants with conversational capability
- AI-powered live chat tools
- AI customer agents in messaging apps (WhatsApp, Messenger bots)
- AI email response systems that interact personally
- Simple menu-driven IVR systems (not AI-driven)
- Search engines returning AI-sorted results (no dialogue)
- Internal enterprise AI tools not interacting with the public
- AI tools in creative applications where AI nature is obvious from product positioning
What must the disclosure look like?
Article 50(1) does not prescribe the exact format — but the Transparency Code of Practice Draft 2 (March 2026) provides guidance. The disclosure must:
4. Deepfakes and Synthetic Media: The Labeling Requirements
Article 50(2) requires that AI-generated images, video, audio, and other content that resembles existing persons, objects, places, or other entities must carry a machine-readable disclosure that the content is AI-generated. This applies to both the AI tool provider and the operator distributing the content.
The C2PA Content Credentials standard has been adopted as the technical implementation pathway in the Transparency Code of Practice Draft 2 — giving operators a concrete technical specification to implement. Machine-readable labels must travel with the file and be preserved through sharing and downloading.
| Content Type | Machine-Readable Label | Human-Visible Label | Additional Requirement |
|---|---|---|---|
| AI-generated images of real people | C2PA credentials in EXIF/XMP | EU AI Icon in corner | Named person disclaimer if identifiable |
| AI-generated video (deepfakes) | C2PA in video container | EU AI Icon persistent throughout | Named disclaimer for identifiable real persons in fictional scenarios |
| AI-generated audio / voice cloning | C2PA in audio metadata | EU AI Icon in platform listing | Spoken disclosure at audio start for voice-cloning cases |
| AI-generated fictional imagery (no real persons) | C2PA credentials | EU AI Icon recommended | None additional |
5. AI-Generated Text: The Public-Interest Content Rule
Article 50(3) addresses AI-generated text published for public consumption on topics of public interest — including news, politics, health, science, and elections. Publishers and platforms distributing such content must clearly disclose its AI-generated nature to their audience.
The Transparency Code of Practice Draft 2 defines the threshold as content that is more than 50% substantively AI-generated without human editorial revision. Minor AI-assisted editing of human-authored text does not trigger the obligation — it is intended to capture primarily or substantially AI-authored content.
6. Emotion Recognition: The Notification Requirement
Article 50(4) requires that persons exposed to AI systems that infer emotional states from biometric data must be informed that emotion recognition is operating. This obligation falls on the deployer — the organisation operating the emotion recognition system.
Note the overlap with Article 5 prohibitions: emotion recognition AI in workplaces and educational institutions is prohibited outright under Article 5(1)(f) (with narrow exceptions for safety/medical purposes). Article 50(4) covers emotion recognition in other contexts — retail, healthcare (with consent), entertainment, and research — where the use is not prohibited but notification is required.
7. Exceptions: When Article 50 Does Not Apply
Article 50 contains several exceptions. Most are narrow — regulators will interpret them conservatively.
| Exception | Article | Applies to | Practical scope |
|---|---|---|---|
| “Obvious from context” | 50(1) | Chatbot disclosure | Purpose-built AI products; developer tools; B2B professional contexts. Very narrow — does not cover consumer-facing chatbots. |
| Authorised law enforcement | 50(2) | Deepfake labeling | Law enforcement operations using synthetic media for investigative purposes with judicial authorisation |
| Artistic & satirical content with clear disclosure | 50(2) | Deepfake labeling | Clearly labelled satire, parody, fiction. The artistic nature must be apparent — not a defence used to avoid labeling harmful deepfakes. |
| Minor AI assistance | 50(3) | Text disclosure | AI-assisted editing of primarily human-authored text. Under 50% AI-generated (per Draft 2 Code of Practice threshold). |
8. Practical Compliance Steps for Each Obligation
- Add a clearly worded AI disclosure in the first message or interface header of every AI chat interface before August 2026
- Audit every chatbot widget across your website, app, and messaging integrations — document each one
- Update terms of service to reference AI interaction, but do not rely on ToS as the sole disclosure mechanism
- For session-resuming chats, implement a session-gap re-disclosure trigger (e.g. after 24 hours)
- Implement C2PA credential generation as a default output of your image and video generation pipeline — not opt-in
- Obtain the official EU AI Icon vector from the EU AI Office and integrate it into your content rendering pipeline
- Ensure your content distribution channels (website, social, email) do not strip C2PA metadata on upload/publish
- Brief your content team on the 50% AI-authored threshold and when text disclosure is required
- Update your CMS article templates to include AI authorship disclosure fields and the EU AI Icon display
- Add Schema.org CreativeWork markup to article pages identifying AI-generated content
- Create an editorial policy defining what level of AI assistance requires disclosure
- Train editorial teams on the >50% substantive AI generation threshold
