Flash Alert - Transparency in AI: European Commission publishes Code of Practice for AI-generated content

The European Commission has published the final version of the Code of Practice on Transparency of AI-Generated Content, a voluntary framework designed to support the implementation of the transparency obligations set out in Article 50 of the European Artificial Intelligence Regulation (AI Act).

Although the Code is not legally binding, it is designed to help providers and professional users of Artificial Intelligence systems to implement, in a practical manner, some of the transparency obligations that will apply from 2 August 2026.

Its publication represents a further step towards the implementation of the AI Act and reinforces an increasingly clear message: trust in Artificial Intelligence will depend not only on the quality of the systems, but also on the transparency with which they are used.

1. The starting point: Article 50 of the AI Act

Article 50 sets out a set of transparency obligations applicable to certain categories of AI systems, namely:

• Informing people when they interact directly with an AI system, such as chatbots, virtual assistants or conversational agents;
• Ensuring that synthetic content generated or manipulated by AI is labelled in a machine-readable format;
• Informing people when they are subject to emotional recognition or biometric categorisation systems;
• Disclosing that certain content has been generated or manipulated by AI, including deepfakes and certain content intended to inform the public on matters of public interest.

The Code now published seeks to translate some of these obligations into concrete operational measures, providing guidance on technical mechanisms for labelling, detecting and identifying content generated or manipulated by AI.

The recommended measures include the use of metadata, digital watermarks and other technical mechanisms designed to enable the identification of the artificial origin of content, whilst promoting effective, robust, interoperable and reliable solutions.

The aim is clear: to reduce the risks of deception, manipulation, fraud, disinformation and the misuse of synthetic content.

2. Who should be particularly vigilant?

AI system providers

Providers should assess the implementation of technical mechanisms that enable the identification and detection of content generated or manipulated by their systems, ensuring compliance with the transparency requirements set out in the AI Act.

Organisations using generative AI

Companies using generative AI tools in marketing, corporate communications, media, social media, customer service or external content production should carefully analyse the requirements applicable to the disclosure of AI use.

Organisations using conversational systems

Companies that provide chatbots, virtual agents or other interactive systems should ensure that users are properly informed that they are interacting with an AI system, unless this is evident from the context.

3. What changes in practice?

Deepfakes

Image, audio or video content that appears to be authentic but has been generated or manipulated by AI must be clearly identified as such.

Content on matters of public interest

Certain AI-generated or manipulated content intended to inform the public on matters of public interest may be subject to transparency requirements.

However, it is important to highlight an exception that is particularly relevant for companies, media organisations, consultancies, law firms and other organisations that use AI as a tool to support content production.

The AI Act provides that this obligation does not apply where there is human review or editorial control of the content and a natural or legal person assumes editorial responsibility for its publication.

In practice, this means that the mere use of AI tools to support the drafting of articles, newsletters, reports, press releases or other institutional content does not automatically imply a labelling obligation.

The decisive factor is the existence of effective human supervision, content validation and accountability for its publication.

On the other hand, content disseminated in an essentially automated manner, without significant human review or without clearly identified editorial responsibility, may be subject to the transparency obligations set out in the AI Act.

This exception highlights the growing importance of internal governance mechanisms capable of demonstrating who reviewed, approved and took responsibility for content produced using AI.

Synthetic content generated by AI systems

Providers must implement mechanisms to identify the outputs of their systems as artificially generated or manipulated, to the extent technically possible.

Visual labelling

The Code also encourages the use of visual identification mechanisms that enable users to more easily recognise certain content generated or manipulated by AI.

4. The main challenge: governance, not just technology

Although much of the debate surrounding the AI Act remains focused on high-risk AI systems, these guidelines demonstrate that regulatory compliance increasingly depends on organisations’ ability to understand, control and govern the use of AI in their processes.

For many companies, the key questions now are:

• Where is generative AI being used?
• What AI-generated content is being published externally?
• Who approves this content?
• Are there rules for the use of chatbots and AI agents?
• How is synthetic content identified?
• Who is responsible for decisions regarding transparency towards customers, users and the public?

Without an up-to-date inventory of AI systems, without human oversight processes and without clearly assigned responsibilities, it will be difficult to demonstrate compliance with these obligations.

5. What should organisations do immediately?

• Map existing uses of generative AI within the organisation;
• Identify use cases subject to transparency requirements;
• Clearly distinguish the roles played asa provider ordeployer of AI systems;
• Implement mechanisms for human supervision and approval;
• Define internal rules for the use of chatbots, AI agents and generative AI tools;
• Review external communication and content publication processes;
• Assess mechanisms for flagging and identifying synthetic content;
• Update contracts with AI solution providers;
• Review internal policies on the responsible use of AI;
• Promote training and awareness-raising initiatives for employees.

6. Conclusion

The publication of this Code reinforces a trend that has been gaining momentum since the adoption of the AI Act: compliance with European AI regulations depends not only on the technology used, but on organisations’ ability to govern it.

Transparency is no longer merely a technical issue of content tagging or labelling. It becomes a matter of governance, requiring organisations to know their AI systems, understand their use cases, assign clear responsibilities, and implement appropriate mechanisms for oversight, control and accountability.

For many organisations, the challenge will no longer be merely to adopt Artificial Intelligence, but to demonstrate that they use it in a transparent, responsible manner and in accordance with the European regulatory framework.