Last reviewed: April 9, 2026

Jurisdictions covered: EU (primary), China and US (comparison)

Reading time: 15 minutes

EU AI Act Transparency Obligations: What to Disclose, How to Implement

Art. 50 of the EU AI Act says chatbot users must be told they are interacting with an AI system. It does not say where to put that disclosure, what words to use, how prominent it should be, or what happens when the AI interaction is “obvious.” It also does not define “obvious.”

This is the gap between the law and implementation. The transparency obligations in the AI Act — Art. 50 for general transparency, Art. 13 for high-risk system information, and Arts. 53-55 for GPAI model documentation — establish legal requirements. They do not provide UX guidance, technical specifications, or code patterns for meeting those requirements.

China solved this differently. GB 45438-2025 specifies exact watermark dimensions (image text >= 5% shortest side), audio marking formats (Morse “AI” rhythm), and JSON metadata schemas. You can build a labeling pipeline from the Chinese standard alone. The EU has published zero harmonised standards and prEN 18286 failed its vote. Until standards arrive, implementation is a judgment call.

This article maps every transparency obligation in the AI Act, explains who it applies to, and provides practical implementation guidance for each. For the full AI Act framework, see our Annex III classification guide.

Key Takeaways

• Four distinct transparency regimes apply depending on what your AI system does: Art. 50 (chatbots, deepfakes, emotion recognition), Art. 13 (high-risk system documentation), Art. 53 (GPAI training data), Art. 55 (systemic risk models).
• Chatbot disclosure is enforceable now for GPAI providers (since August 2, 2025). High-risk transparency becomes enforceable August 2, 2026.
• No technical standard exists. The EU has not published specifications for how to watermark, label, or disclose. China has (GB 45438-2025). Build to the Chinese standard and you exceed EU requirements.
• “Obvious” AI interaction is exempt from disclosure — but the regulation does not define what counts as obvious. This is an open question until guidelines are published.
• C2PA and IPTC are the leading technical standards for content provenance and AI metadata, though neither is officially adopted by the EU.

Chatbot Disclosure: Art. 50(1)

The requirement: “Providers of AI systems that are designed to directly interact with natural persons shall design and develop the AI system in such a way that the natural persons concerned are informed that they are interacting with an AI system in a timely, clear and intelligible manner.”

The exception: This does not apply when “it is obvious to a reasonably well-informed, observant and circumspect natural person, taking into account the circumstances and the context of use” that they are interacting with AI.

What this means in practice:

A customer service chatbot must disclose it is AI — unless the context makes this obvious. A voice assistant branded as AI (like “Hey Siri” or “OK Google”) is likely exempt because the user knows it is AI. A chatbot that impersonates a human agent without disclosure is non-compliant.

Implementation guidance:

The regulation provides no UX specifications. Based on the “timely, clear and intelligible” standard and EDPB transparency guidelines under GDPR (which use similar language), we recommend:

• Placement: Before or at the start of the interaction, not buried in terms of service
• Language: Plain, direct: “You are chatting with an AI assistant” — not “This experience may use artificial intelligence technologies”
• Persistence: Visible throughout the conversation, not just on first message
• Modality match: Voice AI should disclose verbally; text AI should disclose in text

The “obvious” exception is risky. Until the Commission publishes guidance, we recommend disclosing by default and claiming the exception only where the AI nature is genuinely self-evident (branded AI assistants, AI image generators marketed as such). If there is any ambiguity, disclose.

High-Risk System Transparency: Art. 13

Art. 13 applies to all high-risk AI systems under Annex III. It requires providers to include detailed information with the system so deployers can understand and use it appropriately.

Required information (Art. 13(3)):

1. Provider identity and contact details

2. Characteristics, capabilities, and limitations of the AI system

3. Intended purpose

4. Level of accuracy, robustness, and cybersecurity (with metrics)

5. Known or foreseeable circumstances where the system may create risks

6. Performance regarding specific groups of persons

7. Specifications for input data

8. Human oversight measures and how to implement them

9. Expected lifetime and maintenance requirements

This is essentially a product manual for AI. Most AI systems ship without this level of documentation today. Building it requires coordination between engineering (accuracy metrics, known limitations), legal (intended purpose scope), and product (human oversight design).

Our view: Art. 13 documentation is the most underestimated transparency obligation. It is not a disclosure label — it is a comprehensive product information package. Start building it now. Systems deployed without it after August 2, 2026 face Tier 2 penalties (EUR 15M or 3% global turnover).

Implementation Checklist

Step 1: Audit which transparency obligations apply.

Map your AI systems against the four categories: chatbot/interaction (Art. 50(1)), synthetic content (Art. 50(2-4)), high-risk (Art. 13), GPAI (Arts. 53/55). Most organizations have at least one system in scope.

Step 2: Implement chatbot disclosure.

If your AI system interacts with users, add a clear disclosure at the start of every interaction. Use plain language. Make it persistent. Do not rely on the “obvious” exception without legal review.

Step 3: Implement content labeling.

For AI-generated images, video, and audio: embed C2PA metadata, add visible labels, and implement machine-readable markers. For text: implement disclosure at the point of generation and include provenance metadata where technically feasible.

Step 4: Build Art. 13 documentation for high-risk systems.

Start the product information package now. Gather accuracy metrics, known limitations, human oversight procedures, and intended purpose documentation from your engineering, legal, and product teams. This cannot be assembled at the last minute.

Step 5: Prepare GPAI training data summaries.

If you provide a GPAI model, draft your training data summary per the AI Office template. Document your copyright policy. Prepare for potential Art. 55 obligations if your model approaches the systemic risk threshold.

Step 6: Monitor for EU technical standards.

No harmonised standards exist for transparency implementation. When CEN-CENELEC publishes standards (likely 2027 at earliest given the prEN 18286 failure), update your implementation to match. In the meantime, C2PA and IPTC are the safest bets.

For related guidance, see our open-source AI exemptions article.

Sources

Official Sources

• EU AI Act — Regulation (EU) 2024/1689, Art. 50 — Last accessed April 9, 2026
• EU AI Act — Art. 13 (High-Risk Transparency) — Last accessed April 9, 2026
• EU AI Act — Art. 53, 55 (GPAI Transparency) — Last accessed April 9, 2026
• GPAI Code of Practice — Training Data Summary Template, July 10, 2025
• C2PA Specification — Content provenance standard
• IPTC AI Metadata Guidelines — Photo/content metadata

Analysis & Commentary

• Kneschke v. LAION, OLG Hamburg (5 U 104/24) — Copyright and AI training data
• CEN-CENELEC — prEN 18286 Failed Enquiry Vote, February 2026 — Standards crisis
• FTC — Guidelines on AI Disclosure (US) — US voluntary approach

Data Sources

• EU transparency standards: zero published (April 2026). Source: CEN-CENELEC tracker.
• China comparison: GB 45438-2025 mandatory since September 1, 2025. Source: TC260.

Disclaimer: This content is for informational purposes only and does not constitute legal advice. Organizations should consult qualified legal counsel for compliance planning. Reg Intel is not a law firm and does not provide legal services.