The Article 50 checklist: five questions that scope your entire exposure
From 2 August 2026, the EU AI Act's transparency obligations apply to any organisation providing or deploying AI systems that touch the EU. The scoping work sounds daunting; in practice it reduces to five questions asked of every AI system you use — including tools you buy rather than build. A "no" to all five means that system is out of scope. Every "yes" maps to one specific duty with specific wording and timing rules.
One distinction first, because it changes which duties are yours: you are a provider of a system if you developed it (or had it developed) and offer it under your name — including white-labelling someone else's system. You are a deployer if you use a system under your authority in your business, like running a vendor's chatbot on your site. You can be provider of some systems and deployer of others.
1. Does it interact directly with people?
Chatbots, voice assistants, conversational agents, interactive avatars.
Duty (provider): people must be informed they're interacting with AI — unless it's genuinely obvious from context. In practice: a visible line in the chat window at first contact, an IVR announcement, and matching language in your help centre and privacy policy.
2. Does it generate synthetic content?
Text, images, audio, or video generation — including AI features inside a larger product.
Duty (provider): outputs must be marked in a machine-readable format and detectable as AI-generated. Systems already on the market get until 2 December 2026; systems launched from 2 August 2026 must comply from launch day.
3. Do you publish AI-generated or manipulated media that could pass as real?
Synthetic images, audio, or video of real-seeming people, places, or events — "deepfakes" in the Act's language, however benign the use.
Duty (deployer): disclose that the content is AI-generated or manipulated, on or immediately adjacent to the content itself. Artistic and satirical works may disclose in a way that doesn't spoil the work.
4. Do you publish AI-generated text to inform the public?
News, public-information content, corporate publishing at scale.
Duty (deployer): disclose AI generation — unless the text has undergone human editorial review and a named person or entity holds editorial responsibility. If you rely on that exemption, document the editorial process; the record is your evidence.
5. Do you run emotion recognition or biometric categorisation on people?
Sentiment analysis of voice or face in call centres, retail emotion analytics, HR tools inferring emotional state, systems sorting people by biometric traits.
Duty (deployer): inform the people exposed, and comply with GDPR in parallel. Caution: several uses in this category are prohibited outright — emotion recognition in workplaces and education is banned subject to narrow exceptions. A "yes" here is the one answer that genuinely warrants legal advice.
Timing, manner, and evidence
All disclosures must be made in a clear and distinguishable way at the latest at first interaction or exposure, and must meet accessibility requirements. The disclosure belongs at the point of contact — the chat window, the content, the signage — not buried in a privacy policy, though the policy should also match. And keep dated screenshots of every deployed disclosure alongside your system inventory: being able to show compliance on 3 August matters nearly as much as being compliant.
The templates for every "yes"
The Statute Press EU AI Act Transparency Compliance Pack contains ready-to-adapt disclosure wording for all five duties, the full scoping decision tree, an Excel inventory register that auto-computes each system's obligations, and a watermarking checklist for engineering — with free updates through 2 December 2026.
Get the pack — €79 Free deadline map