Implementation crosswalk for the EU Code of Practice on AI-generated content transparency under Article 50 of the EU AI Act.
Audience: AI system providers, deployers of generative AI, content platforms, compliance officers, and data protection officers (DPOs).
Deadline: Article 50 transparency obligations become enforceable August 2, 2026. Providers with systems already on the EU market have until December 2, 2026 to implement machine-readable marking. The EU Commission published draft transparency guidelines on June 8, 2026. Public consultation closed June 3, 2026. Scientific Panel of 60 independent experts appointed June 1, 2026 to support enforcement.
The Code of Practice establishes two distinct obligation tracks under Article 50. Each targets a different role in the AI content lifecycle.
Mark AI-generated outputs in a machine-readable format. This applies to text, image, audio, and video outputs. Providers must ensure outputs are detectable as AI-generated or manipulated.
The Code promotes open standards. C2PA content credentials, IPTC metadata, and watermarking are all acceptable methods. The new EU transparency icon must also be supported where applicable.
Label deepfakes clearly. Deployers must disclose when content depicts real people in fabricated scenarios. AI-generated text published on matters of public interest must also be disclosed as synthetic.
The Code does not mandate a specific technology. C2PA, IPTC metadata, or watermarking are all acceptable. What matters is that the marking is machine-readable, durable, and verifiable by downstream systems.
SWT3 does not do the marking. SWT3 witnesses that marking was done.
The Code of Practice defines what you must do. SWT3 proves you did it. Each time your system applies a C2PA manifest, attaches a watermark, or delivers a deepfake label, SWT3 mints a cryptographic anchor recording the event. That anchor is your audit evidence.
| Date | Milestone |
|---|---|
| June 2026 | Code of Practice on AI-generated content marking finalized by the EU Commission |
| August 2, 2026 | Article 50 transparency obligations enforceable for new systems placed on the EU market |
| December 2, 2026 | Machine-readable marking deadline for existing systems (transitional period) |
| Ongoing | Compliance monitoring and annual review expected under the AI Office's oversight |
The August 2 date is the hard enforcement boundary for new deployments. Systems already on the market have until December 2 to retrofit machine-readable marking. Waiting until November is not a strategy.
Each obligation in the Code of Practice maps to a SWT3 procedure. The procedure records the factors that prove the obligation was met.
| Obligation | Procedure | Factors Recorded | Evidence Produced |
|---|---|---|---|
| Machine-readable content marking | AI-MARK.1 |
Content items marked, metadata attached flag, content type | Anchor proving marking was applied |
| Content type classification | AI-MARK.1 |
Content type code (0=text, 1=image, 2=audio, 3=video, 4=multimodal) | Per-output type attestation |
| C2PA/watermark metadata attachment | AI-MARK.1 |
factor_b = 1 when C2PA manifest or watermark attached | Proof metadata was present at generation time |
| Deepfake labeling (deployer) | AI-TRANS.1 |
Transparency disclosure type, recipient type, timestamp | Proof label was delivered to viewer |
| Public interest text disclosure | AI-TRANS.1 |
Disclosure delivered before publication | Proof of pre-publication notice |
| Marking process auditability | AI-AUDIT.1 |
Audit log entry count, tamper detection result | Proof marking system was operational |
| Model provenance per generation | AI-INF.1 |
Model hash, prompt hash, response hash, latency | Proof of which model generated each output |
| Output integrity verification | AI-MDL.1 |
Deployed model hash vs approved registry | Proof correct model was used |
| Multi-system content chain | AI-CHAIN.1 |
Provenance handoff between content pipeline stages | End-to-end content authenticity chain |
The central procedure for Article 50 compliance. Every time your system marks an AI-generated output, this procedure records what happened.
Factor A = content_count -- number of content items marked in this batch.
Factor B = metadata_attached -- 1 if C2PA manifest or watermark was attached, 0 if not.
Factor C = content_type_code -- 0 (text), 1 (image), 2 (audio), 3 (video), 4 (multimodal), 5 (code), 6 (other).
Cite: Art. 50(2) EU AI Act, GPAI Code of Practice on AI-generated content marking.
Query the ledger for AI-MARK.1 anchors where factor_b = 1. Each anchor proves marking was applied. The factor_c breakdown shows coverage across content types. If factor_b is consistently 0, the system is recording outputs but not attaching metadata -- a gap.
Records deployer-side transparency actions. For deepfakes: proves a label was shown to the viewer. For public interest text: proves AI-generation was disclosed before or at time of publication.
Factor A = disclosure_type -- identifies whether this is a deepfake label, public interest notice, or general AI disclosure.
Factor B = recipient_type -- viewer, reader, or downstream system.
Factor C = timestamp -- when the disclosure was delivered.
Filter for AI-TRANS.1 anchors. The timestamp in the anchor proves disclosure was delivered before or at the time of publication. Cross-reference with content publication timestamps to verify sequencing.
Records model identity per generation. Proves which model generated each output. Required for traceability under Art. 12 (record-keeping) combined with Art. 50 (transparency).
Factor A = model_hash -- SHA-256 of model identifier or weights.
Factor B = prompt_hash -- SHA-256 of the input prompt (cleared at higher levels).
Factor C = response_hash -- SHA-256 of the generated output.
Cross-reference AI-INF.1 with AI-MARK.1 to verify every generation has both a provenance record and a marking record. Gaps indicate outputs that were generated but not marked -- a compliance exposure.
Proves the marking system was running. Periodic verification that the marking pipeline is operational, not just configured. A marking system that silently fails produces no AI-MARK.1 anchors -- but AI-AUDIT.1 proves the system was checked.
Factor A = log_entry_count -- number of audit entries in the period.
Factor B = tamper_detection -- result of integrity check on audit logs.
AI-AUDIT.1 anchors at regular intervals prove continuous compliance, not point-in-time snapshots. Look for consistent spacing. Large gaps suggest the audit system was offline during those periods.
For multi-system pipelines where content passes through generation, editing, and publication stages. Each handoff between systems is witnessed. This is critical for platforms that use one model to generate content and another to edit or translate it.
Factor A = chain_step -- position in the pipeline (1=generation, 2=editing, 3=review, 4=publication).
Factor B = upstream_fingerprint -- fingerprint of the previous step's anchor.
Factor C = content_hash -- SHA-256 of content at this stage.
A chain of AI-CHAIN.1 anchors reconstructs the full content lifecycle from generation to publication. Follow upstream_fingerprint references backward to verify end-to-end provenance. Any break in the chain is a gap.
SWT3 clearing levels control how much detail survives in the ledger. For Article 50 compliance, audio and video require full metadata retention because forensic provenance is critical for deepfake detection.
| Content Type | Clearing Level | Rationale |
|---|---|---|
| Text generation | Level 1 (Standard) | Hashes retained, raw text cleared |
| Image generation | Level 0 (Analytics) | Full metadata retained for C2PA chain |
| Audio generation | Level 0 (Analytics) | Forensic metadata critical for deepfake detection |
| Video generation | Level 0 (Analytics) | Full provenance chain required |
| Code generation | Level 1 (Standard) | Hashes retained, source cleared |
| Multimodal | Level 0 (Analytics) | Mixed content requires full metadata |
At Level 0 (Analytics), all factors and metadata survive in the ledger. At Level 1 (Standard), raw content is cleared but hashes are retained. For most Article 50 use cases, the hash is sufficient proof -- you do not need to store the raw output to prove it was marked.
| Question | Answer |
|---|---|
| How do you mark AI-generated content? | AI-MARK.1 anchors with factor_b = 1 prove marking was applied per output |
| How do you label deepfakes? | AI-TRANS.1 anchors with disclosure_type = deepfake_label prove the label was delivered |
| Which content types are covered? | AI-MARK.1 factor_c codes 0 through 6 (text, image, audio, video, multimodal, code, other) |
| How do you prove marking was continuous? | AI-AUDIT.1 anchors at regular intervals prove the marking system was operational |
| Can you trace content back to the model? | AI-INF.1 + AI-MARK.1 cross-reference links each output to its generating model |
| How do you handle multi-system pipelines? | AI-CHAIN.1 provenance chain with upstream fingerprint references |
| What open standards are supported? | C2PA, IPTC, watermarking -- AI-MARK.1 is standard-agnostic, records whichever method you use |
Each call mints a SWT3 Witness Anchor. The anchor is your cryptographic proof that marking occurred. Query the ledger by procedure, model, or time range to produce audit evidence on demand.