Article 50 requires that natural persons are informed when they are interacting with an AI system, unless it's obvious from the circumstances. It also requires labeling of AI-generated or manipulated content (deepfakes, synthetic audio/video/text) in most cases.
The text is easy to summarize and hard to implement well. Here's what it looks like in practice, by use case.
Minimum viable disclosure, shown at the start of the conversation:
"You're chatting with an AI assistant. For complex issues, you can request a human agent at any time."
What makes it non-compliant: burying the disclosure in a help-center article nobody visits, or a single line in the Terms of Service. The disclosure needs to be at the point of interaction — in the chat widget itself, not three clicks away.
Minimum viable disclosure, shown adjacent to the content:
"This summary was generated by AI based on [source]. Reviewed by [role/human] before publishing." (if reviewed) or "AI-generated — not reviewed by a human." (if not reviewed — and if you ship unreviewed AI content, disclose that too)
Common mistake: labeling the feature ("AI Summarizer") without labeling each individual output. The label needs to travel with the content, especially if that content can be copied, exported, or shared outside your product.
Minimum viable disclosure, near the recommendation itself:
"Recommended by AI based on your usage patterns. [Why am I seeing this?]"
For anything that affects a person materially (loan pre-qualification, candidate ranking, pricing), pair the disclosure with a path to explanation or human review — Article 50 covers the notice; Article 14 (human oversight) and GDPR Article 22 cover what happens next.
Minimum viable disclosure, in the action's output (e.g. an email the agent sends, a ticket it updates):
"This message was sent by an AI agent on behalf of [user/company]. Reply to reach a human."
This is the newest and least standardized area — regulators haven't issued detailed guidance yet, but the principle is consistent: the person on the receiving end of an autonomous AI action should be able to tell, without digging.
The exemption is narrower than founders hope. Spam filters, internal analytics, and back-office automation with no direct human-facing interaction are typically exempt because there's no natural person "interacting" with the system in a way that requires disclosure. The moment a human reads, receives, or acts on AI output directly, the exemption gets much harder to argue.
If you do nothing else this week: add one line of disclosure to your primary AI touchpoint (chat widget, generated-content label, or recommendation module). It's the single highest-frequency gap we find in scans, and it's also the cheapest one to close.
Run a free AI Act readiness scan. Get your risk score in 2 minutes.
→ Get your free risk score