On August 2, 2026, Article 50 of the EU AI Act becomes enforceable. If you ship AI agents, this date matters to you — and probably more than anyone has told you. I keep seeing teams get one big thing wrong about it, so let me be direct.
What actually changes
Article 50 introduces transparency obligations for anyone who builds or deploys AI systems. The core idea: a person has the right to know when they're talking to an AI, and when content was generated or manipulated by one. This isn't a best-practice guideline. It's law, with fines up to €15M or 3% of worldwide annual turnover, whichever is higher.
The mistake almost everyone is making
"This doesn't apply to me — my company isn't in the EU."
Wrong. The EU AI Act has extraterritorial scope. It doesn't matter where your company is incorporated: if your AI system reaches users inside the EU, you're in scope. A fintech in Bogotá with one corporate client in Madrid. A dev shop in Austin building agents for a brand with European users. A SaaS in São Paulo whose app gets opened from Berlin. All on the clock.
The part that bites developers specifically
Most teams assume "compliance" means slapping a "you're chatting with an AI assistant" banner on the UI. That's the easy half. The hard half shows up later, when a client, an auditor, or a regulator asks:
"Show me that this agent, in this specific interaction, actually disclosed and behaved the way you claim."
That's where almost nobody has an answer. Because complying is one thing — being able to prove you complied is a completely different data problem. And it's an engineering problem, not a legal one. If your only "evidence" is scattered application logs with 14-day retention and no integrity guarantee, you have nothing to hand over.
What you can start instrumenting today (free)
An honest checklist you can act on this week:
- Inventory. List every point where an agent interacts with a person or generates content. Most teams undercount.
- EU exposure map. Does any of those touch an EU user, even indirectly? If unsure, assume yes.
- Disclosure at first contact. Verify the AI-interaction notice fires on the first turn, not buried in a footer.
- Evidence trail. The one everyone forgets. Can you reconstruct what the agent did and disclosed, after the fact, in a form you can show someone?
- Calendar. Aug 2 is the baseline. Doing this in July is cheap. Doing it in August under pressure is not.
Point #4 is the one I got obsessed with. Here's the minimal pattern I landed on — wrap the agent, and every action becomes a structured, replayable event:
pythonfrom centinela import Centinela
c = Centinela(project="my-agent")
with c.trace("handle_request") as t:
t.log_action(type="llm_call", model="claude-sonnet-4", tokens=1234)
t.log_action(type="tool_call", name="send_email",
blocked=True, human_review="approved", ai_disclosed=True)
No backend, no signup needed to try it — set CENTINELA_ENDPOINT=stdout and every event prints to your console so you can see exactly what you're capturing:
pip install centinela
Why I'm writing this
I've been deep in agent observability and auditability for months, and I'm surprised how little this is being discussed right when it matters most — especially for teams outside the EU who wrongly think they're exempt.
I'm building Centinela, an open-source SDK that records what your agents actually did — every call, every action, flagged and queryable — and turns it into auditable evidence. To be upfront: the SDK is free and works today (MIT, runs 100% on your machine). The hosted dashboards and the bilingual audit report are in early access — I'm building those in public. I'm not selling you anything here; the code is open and you can start instrumenting in two minutes if you want.
- SDK (free, open-source): https://github.com/centinela-ai/centinela-python
- How it maps to Article 50 + where it's headed: https://getcentinela.dev
But beyond any tool, the real message is this: the hard part is no longer building agents. It's being able to answer for them. And that question arrives sooner than it looks.
If you deploy agents and this hits close to home — how are you handling the evidence trail today? Genuinely want to learn what's working in the comments.
Top comments (1)
The evidence-trail problem is real - but there's a prior problem most teams hit first: the disclosure itself doesn't pass the "clear and distinguishable" bar because it was never designed. Article 50(5) says disclosures must meet accessibility requirements - so the AI badge needs 4.5:1 contrast, the chatbot header label needs to be read by a screen reader in the right DOM order, and the first-turn disclosure needs to survive 200% zoom on mobile. Most teams ship a 12px grey label that passes a desktop screenshot and fails NVDA + mobile in one session.
Worth adding to the Centinela checklist: a disclosure-visibility pass before the evidence-trail instrumentation - because a logged disclosure nobody could actually see is still a violation.