PRIVACYSCANNER
Download for Mac
Download for Mac

EU AI Act Article 50, explained

What the EU's AI transparency rules mean for the files on your Mac — and how to see the markers for yourself.

From 2 August 2026, the European Union's AI Act requires AI-generated content to be identifiable. Not through a visible stamp in the corner of an image, but through machine-readable markers embedded inside the file itself. Many of the AI tools you already use have been quietly adding these markers for years. This page explains what the law says, what the markers look like, and what they can and cannot prove.

What Article 50 actually says

Article 50 of the AI Act (Regulation (EU) 2024/1689) sets out four transparency duties:

  1. AI systems that talk to people must make clear you are interacting with an AI, unless it is obvious from context.
  2. Providers of generative AI — systems producing synthetic audio, images, video or text — must ensure outputs are marked in a machine-readable format and detectable as artificially generated or manipulated.
  3. Emotion recognition and biometric categorisation systems require informing the people exposed to them.
  4. Deepfakes must be disclosed as artificially generated or manipulated, with a lighter rule for clearly artistic, creative or satirical works.

The duty that reaches the files on your disk is the second one. It is aimed at the companies building the AI tools, and the practical result is simple: the images coming out of major generators carry embedded provenance data. Article 50 also tasks the EU's AI Office with facilitating codes of practice that standardise how providers implement the marking.

Key dates

  • 1 August 2024 — the AI Act entered into force.
  • 2 August 2026 — the Article 50 transparency obligations apply.

C2PA: the marker standard the big tools use

The most established marking technology is C2PA, an open standard from the Coalition for Content Provenance and Authenticity, an industry group founded by Adobe, Microsoft, Intel, the BBC and others. Its user-facing name is Content Credentials.

A C2PA marker is a cryptographically signed manifest embedded inside the file, in a container format called JUMBF. The manifest can record which tool created the image, when, whether AI was involved, and what edits followed. Because the manifest is signed, tampering with it is detectable — and because it travels inside the file, it can be read entirely offline. No database lookup, no upload.

Tools that embed Content Credentials in their output include ChatGPT's image generation (OpenAI), Adobe Firefly, Microsoft's Bing Image Creator and Designer, and Google's image models. If you have generated images with these, the markers are very likely already sitting in your files.

Beyond C2PA: the other traces AI tools leave

C2PA is not the only marker. Image files have older, standardised metadata fields, and AI tools use those too:

  • IPTC Digital Source Type. A standard metadata field with a controlled vocabulary for how an image came to be. The values trainedAlgorithmicMedia and algorithmicMedia mean the image was created with AI ("Created using Generative AI" is the official label), while compositeWithTrainedAlgorithmicMedia and compositeSynthetic mean it was edited or composited with AI ("Edited using Generative AI"). This is the mechanism favoured in the Meta and Google ecosystems.
  • Generator signatures. Many tools write their name or generation parameters into the file — in software tags, comment fields, or the text chunks of a PNG.

Different tools leave different traces. Some embed a full signed manifest, some write a single metadata field, some do both.

Do I have to label my own AI images?

Generally, no. The AI Act places its obligations on the providers of AI systems and on organisations deploying them — and it explicitly does not apply to private individuals using AI in a purely personal, non-professional capacity (Article 2). If you make AI images for personal use, the marking duty is on the tool, not on you. Professional and commercial use is a different matter, and platform rules may apply on top of the law. This page is general information, not legal advice.

The flip side is worth knowing: because the tools mark their output automatically, your AI images may already be labelled — whether you intended it or not.

What the markers can and cannot prove

Honesty matters here. A marker inside a file is strong evidence that AI was involved. The absence of one proves nothing: metadata can be stripped, re-saving and screenshots discard it, and some generators add no markers at all. Provenance data tells you what a file declares about itself. That is genuinely useful — and it is not the same as a definitive AI test.

Check your own files — locally

Privacy Scanner reads these markers on your Mac: it checks images for C2PA Content Credentials and AI-related metadata, and shows you exactly which type of marker it found. The scan is free, and nothing ever leaves your machine — no upload, no account, no network access at all.

Download Privacy Scanner on the Mac App Store

Sources: Regulation (EU) 2024/1689, Article 50 and Article 2 (EUR-Lex) · C2PA specification (c2pa.org) · IPTC Digital Source Type vocabulary (iptc.org)