MEOK.AI
Sign inStart Free
Features
Pricing
Blog
About
🚀 Activate your agent

Free forever · No credit card

← All posts
EU AI Act Article 50 · 27 April 2026 · 8 min read

Article 50 Watermarking — the implementation pattern

The clock to 2 November 2026 is real. The Commission Q1 2026 implementing-act guidance settled most of the open questions, and the pattern that satisfies Article 50 is now concrete: C2PA Content Credentials 2.1 manifest, robust per-output watermark, end-user disclosure. Here's what each piece looks like in practice.

What Article 50 actually says

Article 50(2) binds providers of generative AI systems (text, image, audio, video, synthetic decision content) to ensure outputs are marked in a machine-readable format and detectable as artificially generated or manipulated.

Article 50(4) adds the deployer disclosure obligation: when output is intended to inform the public on matters of public interest (deep fakes, news, etc.), the deployer must disclose that the content is artificial.

Penalty band: Article 99(4)(g) — up to €15M or 3% global annual turnover, whichever is higher.

The three layers

1. C2PA Content Credentials 2.1 manifest

The Coalition for Content Provenance and Authenticity (C2PA) v2.1 spec is the de facto standard the Commission has aligned with. A C2PA manifest is a signed JSON-LD assertion bundle embedded in the output container (PNG, JPEG-XL, MP4, WebM, audio).

Required claims for Article 50:

  • claim_generator_info — your model + version (e.g. your-app/1.0; sd-3-medium-ft-2026-03)
  • c2pa.actions — at least one c2pa.created or c2pa.placed action with digitalSourceType = trainedAlgorithmicMedia
  • c2pa.training-mining — your training-data policy (mandatory for foundation models, optional for fine-tunes)
  • Signature with X.509 cert chain rooted in a recognized CA (Adobe, Microsoft, Google, or a self-signed cert with public verification endpoint)

2. Robust per-output watermark

The C2PA manifest can be stripped (re-encoding, transcoding, screenshot). The watermark is the durable layer.

  • Image: SynthID-Image (Google), Stable Signature (Meta), or Numbers Protocol. Must survive crop, resize, JPEG q=70, format conversion.
  • Audio: SynthID-Audio or AudioSeal. Must survive MP3 128kbps, time-stretching ±5%.
  • Text: SynthID-Text (token-level), KGW (Kirchenbauer et al), or Aaronson watermark. Survives ~50% paraphrase. Commission has signaled this level is acceptable as "best-effort technical measures."
  • Video: SynthID applied per-keyframe + audio track watermarked separately.

3. End-user disclosure

The user-facing disclosure that an output is AI-generated. Three patterns satisfy:

  • Visible badge in the UI: "AI-generated" label adjacent to the output. Recommended for consumer-facing products.
  • EXIF/manifest-only with deployer opt-out: machine-readable mark only, with documented justification (e.g. integration into B2B workflow where end-user disclosure is provided downstream by deployer).
  • API-only: no UI, machine-readable C2PA + watermark only. Deployer carries the user-disclosure obligation.

Open questions still being settled

  • Cross-provider detection — no mandate yet to maintain a public verifier. Best practice: publish a verify endpoint at your-domain.example/c2pa/verify for auditor curl-checks.
  • Open-weights split obligation — Recital 102 reduces the open-weight provider's obligation. Downstream deployer carries it. Practical: ship watermarking code in your reference inference scripts so deployers don't have to write it.
  • Synthetic-data training pipelines — outputs of generative models used to seed downstream training don't trigger Article 50 directly (training-data ≠ output to public). But the resulting model's outputs do.

What to ship by 2 November 2026

  1. C2PA manifest generator wired into your output pipeline (every generation produces a manifest).
  2. Signing key custody — hardware HSM or cloud KMS. NEVER bundle private keys client-side.
  3. Watermarker integration — SynthID, AudioSeal, KGW depending on modality.
  4. End-user disclosure pattern (badge, EXIF-only, or API-only) chosen and documented.
  5. Public verify endpoint (curl-able by auditors).
  6. Article 4 literacy log + Article 9 RMS entry covering "watermark robustness limitations" risk.

Need a starter kit?

£99 self-serve ZIP: C2PA manifest template, SynthID-class watermark config, signed compliance attestation, deployer disclosure policy template.

£99 Article 50 Kit →

Source: Regulation 2024/1689 Art. 50 · C2PA spec 2.1 · MEOK AI Labs · CSOAI LTD · UK Companies House 16939677