Article 50 disclosure code: copy-paste templates that pass the AI Act

# Article 50 disclosure code: copy-paste templates that pass the AI Act

If you have a SaaS using AI, Article 50 of the EU AI Act probably applies to at least one of your features. The legal text takes about 20 minutes to read. The implementation, if you write it from scratch, takes most teams 2 to 4 days because of edge cases (locale handling, fallback for non-C2PA pipelines, metadata schemes, opt-out mechanics).

The Disclos team maintains a public, MIT-licensed set of templates that covers all four Article 50 sub-clauses. This post walks through what each template does, where it goes in your product, and the one thing most teams get wrong on each one.

Article 50(1): chatbot and AI agent disclosure

If your product holds a conversation with a person, you disclose at the start that the person is talking to an AI. We ship three components:

1. Opening block placed above the first AI message. Tells the user they are chatting with an AI assistant and that responses may be inaccurate.
2. Persistent indicator inside the chat UI, visible the whole session.
3. Per-message footer attached to every AI-generated message.

Full HTML, CSS, and ARIA attributes are in chatbot.html in the repo. French version is at chatbot.fr.html. Other EU languages are open for contribution.

The thing most teams get wrong: putting the disclosure in a tooltip or behind a hover state. Article 50(1) requires "clear and distinguishable." A disclosure you can hide by not hovering is not clear. The template uses persistent visible elements for a reason.

Article 50(2): synthetic content disclosure

If your product generates text, images, audio, or video that could be confused for human-authored work, you mark it. The marking has two parts:

1. Visible label on every published artefact ("This content was generated by an AI system"). Translations of this single line in all 24 EU official languages are in translations.json.
2. Machine-readable marker embedded at generation time. C2PA Content Credentials if your pipeline supports them, EXIF/XMP metadata if not, YAML frontmatter for Markdown output, an inline trailer for plain text.

Full templates in generated-content.md.

The thing most teams get wrong: stripping the metadata in a downstream pipeline. The Act requires the marker to survive normal use of the content. If your CDN re-encodes images and drops EXIF, you have a problem. The fix is to embed the marker at the latest possible step, or to use C2PA which is designed to survive re-encoding.

Article 50(3): emotion recognition and biometric categorisation

If your product infers emotional state from a person, or categorises people based on biometric data, you tell the affected people. Before anything else, check Article 5: emotion recognition in the workplace or in education is prohibited outright. So is biometric categorisation based on race, political opinion, religion, sexual orientation, and similar protected categories. If you fall into one of those, no disclosure can save the feature. Stop using it.

If your use is permitted, ship the disclosure at the start of the interaction, not buried in privacy settings. Template in emotion-recognition.md.

The thing most teams get wrong: treating this as a GDPR-only matter. Article 50(3) is a separate AI Act obligation. The GDPR Article 9 explicit consent for biometric data is still required AND the AI Act disclosure is required. Two requirements, both must be met.

Article 50(4): deepfakes

If your product generates or manipulates image, audio, or video that depicts a real, identifiable person and could be mistaken for an authentic recording, you disclose it. The disclosure has two parts again: a visible label that cannot be cropped away, and a machine-readable marker.

Template in deepfake.md.

The thing most teams get wrong: treating voice cloning as somehow lighter than visual deepfakes. Same rule. Article 50(4) applies to voice clones of real persons exactly as it applies to face swaps. If your SaaS does voice cloning for any reason, you disclose.

What the templates do not cover

• High-risk Annex III conformity assessments. Those need a technical file under Article 11, a risk management system under Article 9, and human oversight under Article 14. Different beast, different process.
• Provider obligations for general-purpose AI models. If you are training a foundation model, Chapter V applies. Almost no SaaS is in this bucket.
• National-level implementations. Member States can add national rules on top of the Act. Most are still being drafted as of mid-2026. We track them in the audit but the templates themselves are EU-wide.

How to ship the templates in 90 minutes

1. Clone the repo or copy the files you need
2. Open the template file for each AI feature you have
3. Paste the HTML or Markdown into your product, adjusting branding to match
4. For machine-readable markers, integrate the metadata block into your generation pipeline. C2PA reference implementation linked in the templates.
5. Test that the markers survive your standard publishing flow (CDN, re-encoding, etc.)
6. Save a copy of the final implementation in a folder called eu-ai-act-audit-YYYY-MM-DD/. That folder is your self-audit trail.

If you want the full 5-day audit done for you, the Disclos team ships the same templates pre-configured to your product, integrated into a PDF report, with a Loom walkthrough showing what was done and why. 997 euros, refund guaranteed.

If you would rather do it yourself, the templates above are free and stay free. The repo is MIT. Use them in commercial products. Translate them. Fork them. Send a PR if you spot an improvement.

Article 50 is the most copy-paste-friendly part of the EU AI Act. Take advantage of that.

Last updated: 2026-06-04