Art. 50 EU AI Act, transparency: inform users about AI interaction

Among all EU AI Act obligations, Art. 50 is the next to take effect for most organizations: 2 August 2026. Organizations that deploy chatbots, recommendation systems, emotion recognitionemotion recognitionAn AI system that infers a person's emotions from biometric data; its use in workplaces and education is restricted under the AI Act.Open full entry → or synthetic content face a concrete deadline, not a theoretical obligation.

What is Art. 50 and who does it apply to?

Art. 50 contains transparencytransparencyOpenness about the fact that AI is used and how it operates in general: disclosures, documentation, notices. Pairs with explainability, which addresses individual outcomes.Open full entry → obligations for AI systems that interact directly with people or generate content that could be mistaken for real. The law distinguishes three groups of obligated parties:

• Providers: organizations that place AI systems on the market, they must technically enable systems to fulfill the information obligation
• Deployers: organizations using AI systems in their processes, they are responsible for actually informing users
• Persons distributing synthetic content: anyone publishing AI-generated images, audio or video to the public

For most organizations, the deployerdeployerAn organization using an AI system under its own authority in its activities — carrying operator duties: use per instructions, oversight, input relevance, monitoring, notices.Open full entry → role is most relevant.

Which systems does Art. 50 cover?

Art. 50 targets four categories of AI applications:

1. Chatbots and conversational AI (Art. 50.1)
Any AI that communicates with people and could be mistaken for a human must inform the user that they are interacting with an AI systemAI systemA machine-based system that, for explicit or implicit objectives, infers from input how to generate outputs — predictions, content, recommendations or decisions — that can influence physical or virtual environments. The OECD-style definition followed by the EU AI Act.Open full entry →, unless this is evident from context. This applies to customer service bots, HR assistants, digital coaches, legal information systems and similar applications.

2. Emotion recognition systems (Art. 50.3)
AI that detects emotions or psychological states of individuals must inform those persons. Think of video conferencing software with emotion analysis, HR tools interpreting candidate behavior or customer service AI applying sentiment analysis.

3. Biometric categorizationbiometric categorizationSorting people into categories such as ethnicity or political views from their biometric data; restricted or prohibited under the AI Act.Open full entry → (Art. 50.3)
AI classifying persons based on biometric characteristics must inform those persons, unless used for lawful identity verification purposes.

4. Synthetic content (Art. 50.4)
AI-generated or AI-manipulated images, audio and video (deepfakes) must be labelled as AI-generated. Exception: content for artistic, creative or satirical purposes with a clear artistic context.

What must you communicate, and how?

The information obligation has two dimensions: what you communicate and when you communicate it.

What: Users must know they are interacting with an AI system. You do not need to disclose how the system works, but you may not hide or actively deny the AI nature.

When: The information must reach the user at the moment of the interaction or before it. Informing afterwards is not enough. A footnote in the privacy policy is not enough. The communication must be active, comprehensible and timely.

How: The law prescribes no specific format. Common approaches include a visible badge ("You are speaking with an AI assistant"), an opening message when a chat starts, or a clear visual marker on AI-generated content. The average user must understand it without legal training.

Exception: internal business processes

Art. 50.1 includes an important exception: the information obligation does not apply when it is evident to the natural personnatural personA living human individual, as distinct from a legal person such as a company; the holder of data-protection and AI-Act rights.Open full entry → that they are interacting with an AI system. This is relevant for internal applications where employees explicitly work with an AI tool and know its AI nature.

But note: "evident" carries a high burden of proof. If there is any doubt about whether the employee knows and understands this, the information obligation still applies. Document explicitly why you consider an application to fall under the exception.

Relationship to Art. 26.7, deployer transparency towards those affected

Art. 50 is not the only transparency obligation. Art. 26.7 requires deployers using high-riskriskIn the EU AI Act's terms, the combination of the probability that a harm occurs and the severity of it if it does. The link between a principle (via the harm that would breach it) and a control (the measure that reduces it). Naming the harm and assessing its risk is required by Art. 9 before any mitigation measure is chosen. See harm, control, residual risk.Open full entry → AI to inform affected personsaffected personsThe individuals or groups who are subject to or impacted by an AI system's outputs or decisions, and whose rights the governance regime aims to protect.Open full entry → about the deployment of that system. This goes further than Art. 50: it also covers systems where no direct interaction occurs but where a person is directly assessed (such as CV screening or credit scoring).

For high-risk AI, you must comply with both at once: Art. 50 (interaction transparency) and Art. 26.7 (assessment transparency). They complement each other.

Deadline and enforcement

Art. 50 takes effect on 2 August 2026, alongside the broader transparency provisions of the EU AI Act. After that date, supervisory authorities can enforce it. The maximum fine for a violation of Art. 50 is €15 million or 3% of global annual turnover.

Beyond direct enforcement, there is the risk of complaints from consumers and affected individuals through national supervisory authorities.

Practical steps for compliance before 2 August 2026

Step 1, Inventory all AI systems with direct user interaction. List all chatbots, recommendation engines, emotion analysis systems and synthetic content tools your organization uses or publishes. Include built-in AI in existing software, AI functions in CRM, customer service platforms or communication tools.

Step 2, Assess per system whether the information obligation applies. Does the exception apply (evident to the user)? Or is informing required? Record the reasoning.

Step 3, Implement the information disclosure. Make the AI nature visible at the moment of interaction. Test whether the average user understands it. Record what you implemented and when.

Step 4, Coordinate with your vendors. Providers must make their systems technically suitable for Art. 50 compliance. Verify with your SaaS vendors whether they have implemented the required functionality. Establish contractually who is responsible for which part of the information provision.

Step 5, Document for your compliance file. The supervisory authority may request evidenceevidenceThe concrete proof that a control is designed, implemented, and working: a test report, an audit trail, an impact assessment, a monitoring log. Each link in the governance chain produces an artifact, and together they are what an organization hands to its own board, a regulator, a customer, or an affected person to show, not say, that a system is governed. Its absence is itself the failure: a risk register without test results, or a mitigation claimed without validation, is a governance gap, not a paperwork one. The closing link of the governance chain. See control, governance.Open full entry → of compliance. Keep screenshots, process descriptions and vendor confirmations. A compliance file with timestamps is your strongest defense.

Two months

Art. 50 is not a heavy technical implementation, but it does require action. Most organizations need to review and adjust their chatbots, customer service systems and content pipelines. Two months is tight if vendors must act as well. Start now.