DEV Community

Cover image for The EU AI Act deadline nobody's ready for (and what developers actually have to do)
Satwik Basu
Satwik Basu

Posted on • Originally published at github.com

The EU AI Act deadline nobody's ready for (and what developers actually have to do)

#opensource #typescript #showdev #ai

If you've been following AI regulation at all, you've probably heard about the EU AI Act.

You may also have heard that parts of it were delayed.

That's true, but it's causing a lot of confusion.

The recent Digital Omnibus changes pushed several high-risk AI obligations into 2027 and 2028. Many teams interpreted that as "the AI Act got delayed."

It didn't.

Some of the first transparency requirements are still arriving on schedule, and for many software teams they become relevant on August 2, 2026.

If your product has an AI chatbot, AI-generated content, voice assistant, image generator, emotion detection feature, or anything similar that reaches users in the European Union, Article 50 is worth understanding now.

This article explains what developers actually need to know, in plain English.

The short version

Article 50 focuses on transparency.

The idea is simple:

People should know when they're interacting with AI, when content was generated by AI, and when systems are performing sensitive analysis such as emotion recognition.

The obligations are split across four sections:

  • Article 50(1): Disclosure for AI systems that interact with people
  • Article 50(2): Machine-readable marking of AI-generated content
  • Article 50(3): Disclosure for emotion recognition and biometric categorisation systems
  • Article 50(4): Labeling requirements for deepfakes and certain AI-generated public-interest content

Most of these obligations apply from August 2, 2026.

The machine-readable marking requirement in Article 50(2) applies from December 2, 2026.

Who is affected?

A common misconception is that only large AI companies need to care.

In practice, many ordinary software products could be affected.

Examples include:

  • SaaS products with AI chat assistants
  • Customer support chatbots
  • AI writing tools
  • AI image generation products
  • Voice agents
  • Meeting assistants
  • Internal business tools used by EU employees
  • Mobile apps with AI features
  • Websites embedding third-party AI widgets

You don't need to be based in Europe.

If your product reaches users in the EU, these obligations can become relevant.

For many startups, that's the surprising part.

Article 50(1): Tell people they're interacting with AI

This is the easiest requirement to understand.

If a user is interacting directly with an AI system, they should be informed that they're interacting with AI.

Think about:

  • Chatbots
  • Voice assistants
  • AI customer support agents
  • AI companions
  • AI-powered onboarding assistants

In practical terms, this usually means providing clear disclosure before or during the interaction.

The regulation is trying to prevent situations where users believe they're communicating with a human when they're actually communicating with software.

For most teams, the work here is not technical.

It's identifying every AI interaction surface and ensuring the disclosure is visible and understandable.

Article 50(2): Machine-readable marking of AI-generated content

This is the requirement that seems to catch developers off guard.

It's not only about visible labels.

The regulation expects AI-generated content to include machine-readable information indicating that AI was involved.

This becomes applicable on December 2, 2026.

The exact implementation details will continue evolving, but developers should already be thinking about metadata pipelines.

Questions worth asking:

  • How are generated images stored?
  • What metadata survives exports?
  • What happens when content is transformed?
  • Can downstream systems detect that content originated from AI?

If your product generates images, documents, audio, or video, this deserves engineering attention well before December.

Article 50(3): Emotion recognition and biometric categorisation

This obligation applies to systems that perform emotion recognition or biometric categorisation.

If a system is analyzing facial expressions, voice characteristics, behavioral patterns, or similar signals to classify emotional states or biometric traits, users generally need to be informed.

Many teams assume they don't do this.

Some are wrong.

Features marketed as:

  • Mood detection
  • Sentiment analysis from video
  • Interview analysis
  • Engagement scoring
  • Attention tracking

may deserve closer review depending on how they operate.

The key lesson is simple:

Don't rely on marketing names.

Review what the software is actually doing.

Article 50(4): Deepfake and AI-generated content labeling

This section addresses synthetic content that could be mistaken for authentic content.

Deepfakes are the obvious example.

The goal is transparency.

People should have a reasonable ability to understand when media has been artificially generated or manipulated.

The exact implementation can vary depending on the context and the type of content involved, but teams creating AI-generated media should not assume this requirement only affects large platforms.

A surprisingly small product can generate surprisingly large amounts of synthetic content.

What happens if you ignore it?

Article 99 provides the penalty framework.

For certain violations, fines can reach:

€15 million or 3% of global annual turnover, whichever is higher.

Whether a specific situation reaches that level depends on the facts, enforcement decisions, and legal interpretation.

But even without discussing fines, most companies would prefer to avoid discovering transparency gaps after a regulator, customer, journalist, or enterprise buyer finds them first.

What can a development team do this week?

You do not need a six-month compliance project to make progress.

Start with inventory.

Step 1: Find every AI surface

Create a list of:

  • Chatbots
  • Agents
  • AI search features
  • Image generation features
  • Voice features
  • Third-party AI integrations
  • Embedded widgets

Most organizations have more AI entry points than they initially expect.

Step 2: Map each feature to an obligation

Ask:

  • Does a user interact with AI?
  • Is AI-generated content produced?
  • Is emotion recognition involved?
  • Is synthetic media produced?

A single feature can trigger multiple obligations.

Step 3: Review disclosures

Check whether disclosures are:

  • Visible
  • Understandable
  • Consistent
  • Present across all user journeys

Don't only check the happy path.

Look at mobile flows, embedded widgets, and edge cases.

Step 4: Review generated content pipelines

If your product generates content, determine:

  • What metadata exists today?
  • What metadata gets removed?
  • What survives exports?
  • What survives sharing?

The answers are often surprising.

Step 5: Create evidence

Document:

  • What you reviewed
  • What was found
  • What was fixed
  • When reviews occurred

The approach I'm taking

I built a scanner for this because manually hunting through repositories and live websites became repetitive.

npx article50 scan
Enter fullscreen mode Exit fullscreen mode

The point isn't to replace legal review.

It's to help developers find AI surfaces, transparency gaps, and implementation work that might otherwise be missed.

Final thoughts

The biggest misunderstanding around the EU AI Act right now is that teams think the important deadlines are years away.

For Article 50 transparency obligations, they aren't.

August 2, 2026 is close.

For many products, the hardest part won't be implementing disclosures.

It will be discovering every place AI is already present.

Start with inventory.

Then review disclosures.

Then review content-marking workflows.

The earlier you start, the easier the work becomes.

Resources

Disclaimer: This is technical guidance, not legal advice.

Top comments (0)