EU AI Act Article 50 — 20 days to seal | Get passport
🐉

GPAI Transparency Obligations

EU AI Act Art 50 + Art 52 · Transparency for general-purpose AI · AI-generated content marking · EU database registration · Provider-of-GPAI summary template · EAT Directive aligned

EU AI ACT ART 50+52 PROVIDER OBLIGATION ACTIVE
8
Transparency Pillars
7
Content Marking Modes
10
Disclosure Categories
14d
EU DB Registration SLA
100%
AI-Output Marking
5
Audiences

What Art 50 + Art 52 Require

Articles 50 and 52 of the EU AI Act establish two overlapping but distinct transparency regimes:

DEFONEOS is a sovereign AI substrate that includes GPAI capabilities (the MEOK brain, the SOV3 BFT council, the SIGIL chain, and various MCPs that wrap open-source general-purpose LLMs). The substrate therefore has both kinds of obligations: as a deployer of AI systems that interact with persons, and as a provider of a GPAI model/scaffold to downstream providers.

This page documents the 8 transparency pillars, 10 disclosure categories, 7 content-marking modes, and the EU database registration process that DEFONEOS implements to comply with both articles.

8 Transparency Pillars

1
Pillar 1 — AI-Identity Disclosure (at every interaction)

Every interaction with a DEFONEOS-operated AI begins with a clear AI-identity disclosure: the user knows they are talking to a sovereign AI substrate. The disclosure is visible at the start of every session, persistent throughout, and surfaced at the start of every distinct task. The disclosure is in plain language ("You are now working with DEFONEOS, a sovereign AI system operated under CSOAI LTD UK 16939677") and includes the deployment-level identity, contact for redress, and link to the System Card.

2
Pillar 2 — Training Data Public Summary

DEFONEOS publishes a public summary of training data per the EU AI Act Article 53(1)(b) template: "the main groups of data elements, types of data, sources, and modalities the model was trained on." The current published summary covers ~190 GB of training corpus across 16+ datasets, organised by data group (government open-data, scientific literature, synthetic telemetry, federated industry data, partner-provided datasets), type (numeric, text, image, signal, geospatial, biometric), source (national open-data portals, OGL-UK-3.0 releases, partner signed agreements, federated ingest), and modality. The summary is reviewed annually and updated when training corpus changes materially.

3
Pillar 3 — Copyright Compliance Policy

DEFONEOS publishes a copyright-compliance policy per Article 53(1)(c). The policy states the opt-out mechanism (robots.txt + ai.txt standard), the data-licensing policy (OGL-UK-3.0 / CC-BY only by default, signed-partner-only for proprietary corpora), the rights-respecting pipeline (rights-of-first-publication respected; pre-2029 publicly-cited source sets preferred), the credits-attribution standard, and the takedown procedure. The policy is reviewed quarterly by an external copyright counsel.

4
Pillar 4 — AI-Generated Content Marking

Every piece of text, image, audio, video, or structured output produced by a DEFONEOS substrate AI carries a machine-readable mark — a C2PA-style provenance manifest + a Watermark-Resistant Sign (per C2PA 2.0 spec) + the SIGIL chain hash. The mark is tamper-evident: any attempt to strip it breaks verification. The mark does not replace human-readable disclosure; it complements it.

5
Pillar 5 — Deepfake Disclosure

Any synthetic likeness (face, voice, gait, biometric signal) used in DEFONEOS-produced content triggers a deepfake disclosure per Article 50(4). The disclosure appears as both a label in the metadata and a human-readable annotation visible at the point of consumption: "This content includes synthetic likeness of [person]; generated by DEFONEOS substrate." The disclosure is required even when the content is later transformed by human editing or downstream processing.

6
Pillar 6 — Emotion-Recognition Disclosure

Where emotion-recognition or biometric-categorisation is used (subject monitoring, fatigue detection, stress indicator recognition), the affected persons are informed in plain language at the point of data capture. The disclosure includes: what is being measured, what categories are recognised, how the data is used, where it is stored, who has access, and how long it is retained. Sensitive contexts (workplaces, schools, healthcare) require affirmative consent.

7
Pillar 7 — Provider Identification

Every DEFONEOS output includes a "Made by" / "Generated by" line that identifies the provider (CSOAI LTD, UK Companies House registration 16939677), the deployment (e.g., "DEFONEOS BFT Council v2.4"), the version (e.g., "v4.7.2 substrate"), and the date. The identification is verifiable: it carries a SIGIL hash that anyone can validate against the public SIGIL registry at sigil.csoai.org.

8
Pillar 8 — Detectability-By-Design

DEFONEOS substrate outputs are designed to be machine-detectable as AI-produced: the watermarking is robust to common transformations (crop, resize, compression, OCR), the metadata manifest is embedded redundantly (in-band + side-band + SIGIL hash), and the system supports external detector API access. This is the "design for detectability" requirement per Article 50(2).

10 Disclosure Categories

#Disclosure CategoryAudienceChannelFrequency
1AI identity at point of interactionUserBanner + footer + manifestPer session
2System Card / model descriptionPublicHosted page + manifestPer version release
3Training data summaryRegulators + publicEU DB + hosted pageAnnually + on material change
4Copyright compliance policyRegulators + content ownersEU DB + hosted pageQuarterly review
5Energy / environmental footprintPublicHosted page + CRDS reportPer training run + monthly aggregate
6Capability & limitations public summaryPublicSystem Card + manifestPer version release
7Red-team / adversarial testing report (GPAI w/ systemic risk)Regulators + AI OfficeConfidential submission + summaryPer major release + on serious incident
8Serious-incident notificationsAI Office + national authorityForm per Implementing RegulationWithin 15 days (or sooner for critical)
9Cybersecurity protection summaryRegulators + partnersConfidential submission + summaryQuarterly + on material change
10Downstream integration documentationDownstream providersAPI + docs site + signed SDK release notesPer release

7 Content Marking Modes

Mode 1 — Text Watermark (Stat. model + structural)

DEFONEOS text outputs carry a two-layer watermark: a statistical-model watermark (token distribution signature trained with low false-positive rate) and a structural fingerprint (sentence-turn-taking patterns + paragraph cadence that is detectable). Watermark is robust to paraphrase and translation.

Mode 2 — Image Watermark (C2PA + pixel-level)

Image outputs include a C2PA cryptographic manifest embedded in the file metadata + a pixel-level watermark in the visual band (resilient to compression, crop, and re-encoding). The manifest references the producer (CSOAI LTD), the substrate version, the SIGIL hash, and the policy URL.

Mode 3 — Audio Watermark (acoustic + metadata)

Audio outputs include a C2PA manifest + an inaudible acoustic watermark in the 17-19 kHz band (detectable by automated systems, inaudible to humans). The watermark survives MP3 compression, sample-rate downsampling, and ambient recording.

Mode 4 — Video Watermark (per-frame + manifest)

Video outputs include a C2PA manifest + a per-frame hash signature + an embedded visible label ("AI-generated" overlay) per Article 50(4) for synthetic-likeness content. The per-frame hash chain is verifiable against the SIGIL chain.

Mode 5 — Code Watermark (file-level + SIGIL)

Generated code includes a header comment block with the producer, version, SIGIL hash, and a per-line structural fingerprint. This allows detected downstream usage to be auditable.

Mode 6 — Structured Data Watermark (SIGIL + manifest)

Structured outputs (JSON, CSV, databases) include a SIGIL manifest in a defined schema field + a hash-of-the-data field. The manifest references the producer, version, timestamp, and downstream license terms.

Mode 7 — Decision/Action Watermark (SIGIL log + audit trail)

Decisions and actions (target nomination, policy change, BFT vote, kill-switch) include the entire SIGIL chain entry. Downstream audit can verify the decision was sovereign-actuated, who approved it, and what the red-line check produced.

5 Audiences

AudienceWhat they needDisclosure TierDEFONEOS Channel
Affected personsIdentity, recourse, explanationTier 1 (plain-language, immediate)Banner, footer, decision receipts
General publicAI vs human, content originTier 2 (labelled, persistent)C2PA manifests, watermarks
Regulators (AI Office, NCSC, ICO, NCAS)Compliance evidence, auditsTier 3 (technical, registry-grade)EU database, regular reports, audit hook
Downstream providers / integratorsIntegration documentation, capabilitiesTier 4 (technical, complete)API docs, SDK release notes, integration pack
Researchers / civil societySystem Card, evaluation reportsTier 5 (public, deep)System Card page, transparency hub, arXiv-equivalent pubs

EU Database Registration

Registration Process

Per Article 71 of the EU AI Act, all GPAI providers must register in the EU database before placing the model on the market. DEFONEOS registers:

Registration SLA

The registration is submitted within 14 days of placing the model on the market (the formal SLA from EU Implementing Regulation 2024/...). Subsequent updates (material change in training data, capabilities, or version) trigger update submissions. Each submission is SIGIL-signed and the registration record carries the SIGIL hash for tamper-evidence.

Downstream Provider Integration

What Downstream Providers Receive

Downstream providers integrating DEFONEOS capabilities receive:

12-Framework Crosswalk

FrameworkArticle / ClauseDEFONEOS Mapping
EU AI ActArticle 50Pillars 1, 4, 5, 6, 8 (transparency, content marking, deepfake, emotion recognition)
EU AI ActArticle 52 (GPAI)Pillars 2, 3 + provider identification + downstream integration
EU AI ActArticle 53 (GPAI provider)Technical docs, public summary, copyright policy
EU AI ActArticle 71 (EU database)Registration process + SLA
C2PA 2.0 specManifest + assertionsPillars 4-8 (content marking modes)
GDPRArticle 13 (information to be provided)Pillar 1 + Pillar 7 (identity disclosure)
GDPRArticle 14 (third-party data)Training data summary (Pillar 2)
GDPRArticle 22 (automated decisions)Pillar 1 + HitL documentation
UK GDPR + DPA 2018Same as GDPRSame as EU
US Executive Order 14110Section 4 (transparency)Pillars 2-5 + provider identification
China Generative AI MeasuresArticle 7 + 11Pillars 1, 4, 7 (identity + marking + identification)
NIST AI RMFGOVERN 6 (transparency)All 8 pillars + System Card page

Honesty Register

What DEFONEOS does NOT claim about GPAI transparency

🛡️ Ready to put DEFONEOS to work?

7 personas · 5 tiers · 30-second signup · free 30-day sandbox for regulators and end-users.

Sign up · Ed25519-signed receipt → For Defence Primes For Regulators (Free) Series A — £45-90M Round
ED25519 SIGIL receipts · UK-sovereign · AUKUS-compatible · T-27 days to EU AI Act