EU AI Act Article 50 — 20 days to seal | Get passport
EU AI Act · Regulation 2024/1689 · Article 50

Article 50 goes live in 20 days.
Your AI content needs a passport.

On 2 August 2026, every provider and deployer of General-Purpose AI (GPAI) systems operating in the EU must mark AI-generated content as machine-readable, detectable as artificially generated or manipulated, and interoperable. Penalties for non-compliance: up to EUR 15 million or 3% of total worldwide annual turnover, whichever is higher.

€15M
or 3% turnover
27
EU member states
HMAC
+ Ed25519 receipts

⚡ Live Cliff Countdown

Enforcement
--
Days
--
Hours
--
Minutes
--
Seconds
Target: 2026-08-02T00:00:00Z · UTC
Sealed: T93 · 19 Jul 2026 · 20 days to cliff
§ 01

What Article 50 requires — verbatim

The text below is reproduced from Regulation (EU) 2024/1689, Article 50, paragraph 1. The verbatim text is binding.

"Providers of general-purpose AI systems shall ensure that AI-generated content is marked in a machine-readable format and detectable as artificially generated or manipulated, including by implementing effective, interoperable, robust and reliable technical solutions, where technically feasible, taking into account specificities and limitations of the content type and implementation cost." — Regulation (EU) 2024/1689, Article 50(1) · Official Journal of the European Union, L 2024/1689, 12 July 2024

Machine-readable REQUIRED

The marking must be readable by automated systems — not just humans. This excludes plain text disclaimers in a footer. Watermarks, metadata embeddings, and cryptographic signatures all qualify.

Detectable REQUIRED

AI-generated or manipulated content must be identifiable as such by a third party. Both technical detection (provenance, signatures) and discoverability standards count.

Effective + Robust REQUIRED

Solutions must be effective and robust across the content type's full distribution lifecycle — including downstream re-encoding, screenshot, format conversion, and adversarial tampering.

§ 02

Article 50(2) — Technical solution criteria

The Regulation further specifies the four binding technical criteria every solution must satisfy.

"The technical solutions referred to in paragraph 1 shall be effective, interoperable, robust and reliable as far as this is technically feasible, taking into account specificities and limitations of the content type and implementation cost, and shall be accessible to providers and deployers of AI systems for the purpose of complying with their obligations under this Regulation." — Regulation (EU) 2024/1689, Article 50(2)

The 4 binding criteria

  • Effective — the marking must accomplish the detection goal across real-world conditions
  • Interoperable — must work across the EU's detection infrastructure, member-state authorities, and downstream tooling
  • Robust — must resist common adversarial transformations: resize, crop, re-encoding, screenshot, paraphrasing
  • Reliable — false-positive / false-negative rates must be auditable and improve over time

Content types in scope

  • Text — language model outputs, summaries, generated articles
  • Image — diffusion / GAN outputs, edited photographs, synthetic media
  • Video — generative video, deepfakes, AI-edited footage
  • Audio — TTS, voice cloning, AI-generated music and effects
§ 03

Article 50(3) — Limited exceptions

Article 50(3) carves out narrow exceptions. They are not a free pass for unmarked content — they require demonstrable purpose alignment.

🛡 Security EXCEPTION

Content generated for the purpose of detecting, preventing, or investigating criminal offences, by law enforcement authorities acting within their legal mandate. Not a carve-out for commercial "security" claims.

🔬 Research EXCEPTION

AI-generated content used in scientific research and development, prior to any release to the public or deployers. Once published or deployed, the marking requirement re-engages.

🎨 Artistic EXCEPTION

Creative works whose authenticity is itself the artistic statement (e.g. AI-as-collaborator installations). The exception is narrow and tied to the work's expressive purpose — not to commercial convenience.

Important: None of these exceptions override the obligation to disclose AI involvement when content is distributed to deployers or end-users. The exception applies to creation, not to distribution.
§ 04

Penalties matrix — Provider vs Deployer

Article 50 obligations apply to both providers (developers of GPAI) and deployers (entities using GPAI to generate content distributed in the EU). Penalties are per the EU AI Act's standard enforcement schedule.

Role Trigger Maximum fine Or Status
Provider of GPAI system Failure to mark AI-generated content as machine-readable and detectable (Art 50(1)) €15,000,000 3% global annual turnover ENFORCED 2 AUG 2026
Deployer of GPAI system Failure to comply with downstream transparency obligations (Art 50(1) read with Art 50(4)) €15,000,000 3% global annual turnover ENFORCED 2 AUG 2026
Provider — recurring infringement Repeat violation within 5 years of a final infringement decision Up to 2× upper bound up to 6% turnover AGGRAVATED
Provider / Deployer — small enterprise (SME) Same obligations; fines calculated as a % of EU-only turnover, with a fixed floor €7,500,000 1% EU turnover SME-REDUCED
Defoneos-issued passport holder Passport receipt linked to Art 50(1) compliance; SIGIL-anchored + HMAC-signed €0 0% PRESUMED COMPLIANT
§ 05

What CSOAI / DEFONEOS does

DEFONEOS issues an Article 50 Sovereign Passport for every piece of AI-generated content you ship. Each passport is HMAC-signed for free-tier verification via proofof.ai; Pro tier uses Ed25519 for auditor-grade attestation.

⚡ Issue a passport

# POST /api/article50_passport_issue { "content_type": "text", "content_hash": "sha256:9f2e…a8c1", "provider": "openai", "interaction_type": "generative", "watermarked": true, "deployed_to": ["EU", "UK"], "description": "Q3 financial summary, 412 words" }

📜 Verifier (free tier)

# GET /api/article50_verify?passport_id=…&hmac=… { "valid": true, "issued_at": "2026-07-13T08:14:22Z", "provider": "openai", "interaction_type": "generative", "watermarked": true, "deployed_to": ["EU", "UK"], "regulation": "EU AI Act Art 50" }

What you get

🛡 HMAC-signed receipt FREE

Every passport issues an HMAC-SHA256 receipt verifiable at proofof.ai for free. Sufficient for most in-house and SME compliance trails.

🔏 Ed25519 attestation PRO

Pro tier signs each passport with an Ed25519 keypair. Auditor-grade — verifiable offline, anchored to a hash-chained SIGIL log, immutable.

🌍 27-member-state coverage BUILT-IN

Passport flags all member states you deploy into. Single API call; per-jurisdiction routing is automatic.

📅 7 May 2026 Omnibus awareness BUILT-IN

DEFONEOS tooling accounts for the 7 May 2026 EU Digital Omnibus Act delay to other parts of the AI Act. Article 50 is NOT delayed — the 2 Aug 2026 date stands. The tooling surfaces this distinction automatically.

§ 06

Live sovereign audit — fleet-wide compliance

The numbers below are pulled live from /api/article50_audit. Every passport CSOAI-ORG issues is reflected in the audit count within seconds.

LIVE Endpoint: /api/article50_audit

SOV33 Article 50 fleet

CSOAI-ORG is the only vendor with the 7 May 2026 EU Digital Omnibus Act delay built into the tooling — but Article 50 transparency + watermarking remains enforced 2 Aug 2026. Every passport is HMAC-signed for free-tier verification; Pro tier escalates to Ed25519.

1
Total passports
1
Compliant
100%
Compliance rate
By interaction type
generative1
regulation: EU AI Act Art 50
20 days · 2 Aug 2026

Stop reading. Start issuing passports.

Every passport issued today is one less Article 50 infringement on 3 August. The endpoint is HMAC-signed, the audit log is SIGIL-anchored, and the audit widget on this page is real.

⚡ POST /api/article50_passport_issue RFQ: sovereign OWEM fleet System Card /master governance surface