The EU AI Act and your images: a practical guide
Article 50 in plain language: what it asks of a site that publishes AI-generated images, when it applies, and a 20-minute way to be ready.
If you run a website and some of your images came out of a model — a hero image from Midjourney, product shots touched up with Firefly, blog covers from DALL‑E — the EU has a simple expectation: say so. That expectation has a name, Article 50, and a date, 2 August 2026.
This guide is the calm version. No countdown clocks, no compliance panic — just what the law says, who it covers, and the short list of things worth doing about it.
What the Act actually says about images
The EU AI Act is Regulation (EU) 2024/1689. It entered into force in August 2024 and its obligations phase in over several years. Article 50 is the transparency chapter — the part that says people should know when they’re dealing with AI, and AI-generated content should be recognisable as such.
The Article splits its duties between two roles. Providers build the AI systems; deployers use them. If you generate or edit images with an AI tool and publish them on your site, you’re a deployer — and the duty aimed at you is disclosure.
Does this apply to your site?
Probably, if three things are true: you publish images, some of them are AI-generated or AI-edited, and people in the EU can see them. The Act applies where the output is used — so a non-EU site with an EU audience is generally caught too.
A few nuances worth knowing:
- Being small is not an exemption. A personal blog and a news site carry the same disclosure duty; only the stakes differ.
- The duty is strongest for “deep fakes” — content that resembles real people, places, objects or events. A photoreal “photo” that never happened is exactly what the Article is about.
- Art gets a lighter touch. Clearly artistic, satirical or fictional work still gets disclosure, but in a context-appropriate way — a note in the colophon rather than a stamp on the canvas. Where that line sits is, honestly, still fuzzy.
The dates, without the alarm bell
- 2 February 2025 — Article 4 is already in force: if your team works with AI tools, you’re expected to make sure they understand what those tools can and can’t do. An organisational duty, not a website feature.
- 2 August 2026 — Article 50’s transparency obligations become applicable. This is the date to plan for.
- 2 December 2026 — under a provisional agreement, generative systems already on the market get extra time to meet the machine-readable marking requirement. This one is still settling; don’t build your plan on it.
And penalties, mentioned once and in proportion: transparency breaches can draw fines of up to €15 million or 3% of worldwide turnover, whichever is higher — set case by case by national authorities. The point of this guide is that you’ll never think about that sentence again.
What good disclosure looks like
One label, two layers. The visible layer is for humans: a small, honest badge on or near the image — “AI generated”, “AI modified” — that nobody has to hunt for. The machine layer is for software: an IPTC/XMP DigitalSourceType value embedded in the file, plus schema.org markup in the page, so detection tools and platforms can read the provenance without guessing.
The layers back each other up. Platforms and optimizers routinely strip metadata on re-upload; when the invisible layer is gone, the visible badge still does its job.
A label is not a confession. It’s a caption.
A 20-minute pass for a WordPress site
- Take inventory. Walk your media library and note which published images are AI-generated or AI-edited. Most sites have far fewer than they fear.
- Install AIM Transparency. The free plugin ships with sane defaults: the visible badge, IPTC/XMP embedding and schema markup all switch on when you flag an image. No external calls, works with any theme.
- Flag your AI images — one by one from the media library, or in bulk if the inventory was long.
- Running a chatbot? Turn on the chatbot notice too — Article 50(1) asks that visitors know they’re talking to software.
- Keep a record. Tick through the built-in Article 4 checklist and export the CSV of disclosed images. If anyone ever asks, you have a file to hand them.
Honest caveats
Three things this guide won’t pretend: it isn’t legal advice; the technical marking standards are still being finalised ahead of August 2026; and no badge — ours included — makes you compliant by itself. Deciding which of your images are in scope stays your call.
When in doubt, read the law rather than the takes: the full text of Regulation (EU) 2024/1689 is on EUR‑Lex — Article 50 is a five-minute read. Then label your images, export the CSV, and get back to making things.
Written by the archivist. Checked against the regulation — twice — by the one human.



