The European Commission has published the second draft of the Article 50 Code of Practice on marking and labelling AI-generated content. The consultation window is now in its final phase, and the document is close to what providers and deployers will be expected to implement. If your organisation places AI systems on the EU market, this is the moment to check your transparency mechanisms against the draft rather than wait for the final text.
What Article 50 requires in plain terms
Article 50 of the EU AI Act obliges providers and deployers of certain AI systems to disclose that content is AI-generated or manipulated. The obligation covers synthetic audio, images, video and text, including deepfakes and chatbot outputs. The Code of Practice is the Commission’s attempt to turn that high-level obligation into operational rules: what must be labelled, how the label must travel with the content, and who is responsible at each stage.
The second draft refines the first in two important ways. It is more specific about the technical means of disclosure — metadata, watermarks and other provenance signals — and it clarifies the split of responsibilities between the provider that builds the system and the deployer that puts it in front of users.
Why the second draft matters
The Code of Practice is not formally binding in the same way as the AI Act itself, but the Commission has made clear that compliance with an approved code creates a presumption of conformity with Article 50. In practice, that means the code is the safest route for any firm that does not want to run its own legal argument. Regulators, auditors and counterparties will treat the code as the benchmark.
For providers of general-purpose models and generative AI tools, the draft sets expectations for the signals that must be embedded at the point of generation. For deployers, it sets expectations for how those signals must be preserved, displayed and explained to end users. Neither group can assume the other will carry the full burden.
What to check now
Content inventory. Identify every AI-generated output your system produces that could plausibly be mistaken for human-created content. That includes synthetic images, voice clips, translated or summarised text, and code suggestions. The obligation attaches to the content, not to the underlying model’s category.
Technical marking. Assess whether your current outputs carry machine-readable markers and whether those markers survive ordinary export, compression or platform sharing. A watermark that disappears when a user screenshots an image is not much of a compliance tool.
User-facing disclosure. Check whether end users see a clear, persistent indication that content is AI-generated before they rely on it. Buried terms-of-service language is unlikely to be enough. The draft emphasises disclosure at the point of interaction.
Contractual handoffs. If you are a deployer using a third-party model, your contract should be explicit about who is responsible for generating, maintaining and displaying labels. The AI Act allocates obligations by role, and unclear contracts will not protect either party.
The timing
The final Code of Practice is expected shortly. Once adopted, organisations will have limited time to adjust engineering roadmaps, procurement processes and user interfaces. The firms that use this final phase productively will be those that treat the second draft as the implementation standard and finalise their compliance design now.