Why a law from Brussels reaches a marketing team in Singapore
The EU AI Act does not stop at the EU border, and that is by design. Article 2 sets the scope in two moves. Providers who place AI systems on the EU market are covered wherever they are established. And, the clause that matters for most marketing teams, the Act applies to providers and deployers located in a third country “where the output produced by the AI system is used in the Union” (Article 2(1)(c)). Headquarters is irrelevant. Where the output lands is the test.
Translate that into marketing operations and the reach is wider than most teams assume. A chatbot on your site that EU visitors can talk to produces output used in the Union. AI-generated creative in campaigns that EU users see produces output used in the Union. AI-assisted articles that EU readers open produce output used in the Union. For the five markets leapbuzz works across, Singapore, the US, Canada, Australia, and Malaysia, the common pattern is a regional business with no EU entity but plenty of EU traffic, EU customers, or EU partners. That pattern is in the conversation whether it wants to be or not.
Two calibrations before the checklist. First, in almost every marketing scenario you are the deployer, the party using an AI system under your own authority, not the provider who built it. Deployer duties are lighter and mostly about disclosure. Second, this post is marketing operations guidance, not legal advice. Scope questions with real money attached belong with counsel.
What actually starts on 2 August 2026
The Act phases in over five years, and the marketing-facing piece is the August 2026 tranche. Per the official implementation timeline, on 2 August 2026 “the remainder of the AI Act starts to apply, except Article 6(1)”, the high-risk classification rules, which follow a year later. The prohibitions and AI literacy duties have applied since February 2025, and the general-purpose model, governance, and penalty provisions since August 2025.
The practical meaning: the transparency duties in Article 50, the ones that govern AI-generated content, chatbots, and deepfake-adjacent creative, stop being direction of travel and become enforceable law. Everything your team has been meaning to formalise about AI-generated assets now has a date attached.
Article 50, translated for a marketing team
Article 50 (official text: Regulation (EU) 2024/1689) carries four duties a marketing operation will actually meet. In order of how often they come up:
Chatbots must be visibly machines. People interacting with an AI system must be informed of it, unless that is obvious to a reasonably well-informed person. A clearly labelled AI assistant satisfies this. A chat widget doing its best to pass as a human named Rachel does not. The disclosure has to land at the first interaction.
Synthetic output must carry machine-readable marks. Providers of generative systems must mark AI-generated audio, image, video, and text output in a machine-readable, detectable format, effective and interoperable as far as technically feasible. This one is mostly your tool vendor's duty rather than yours. Your job is to buy tools that do it and to confirm the marks survive your export pipeline.
Deepfake-adjacent content needs a visible disclosure. Deployers of image, audio, or video content that is artificially generated or manipulated must disclose that fact. Artistic, creative, and satirical work gets a gentler version: the disclosure still exists but must not hamper the enjoyment of the work. For campaign creative, the operating line is photorealism. If a viewer could mistake the asset for a photograph of something that happened, label it.
AI-written text that informs the public needs a disclosure, with one big exemption. Text published to inform the public on matters of public interest must be disclosed as AI-generated, unless it has undergone human review or editorial control and a person holds editorial responsibility.
The platform squeeze arrives before the regulator
Whether or not an EU regulator ever looks at a mid-market advertiser in Kuala Lumpur, the platforms will get there first. The major ad and social platforms have spent the last two years adding synthetic-media labels, AI-content declarations at upload, and provenance metadata to their creative tooling, and the generation tools themselves are converging on embedded content credentials. The AI Office is explicitly chartered to encourage codes of practice for detecting and labelling synthetic content, which pushes the whole toolchain toward interoperable marking.
This rhymes with a lesson from the measurement side, covered in the Privacy Sandbox wind-down post: what changes practice is rarely the statute reaching you directly. It is regulation reshaping what platforms and vendors require of everyone who uses them. Third-party cookies survived in Chrome, yet first-party data became mandatory anyway, because regulation and walled gardens moved the floor. Expect the same mechanic here. Upload-time enforcement and procurement questionnaires will make Article 50 posture a de facto requirement in markets the Act never formally reached.
If your campaigns are increasingly assembled by agents rather than people, the same duties follow the pipeline. The governance side of that is covered in the agentic marketing operations post: the escalation boundary you design for agent-produced work is the natural place to hang the disclosure and marking checks.
The readiness checklist, sized for a mid-market team
Four artefacts, achievable in a fortnight without new tooling. One: an inventory of every place AI generates or edits customer-facing material, copy, images, video, chat, across every market you operate in. Two: an EU exposure map, which campaigns, pages, and bots can reach people in the Union. Three: disclosure standards, where labels go on deepfake-adjacent creative, and a documented human editorial sign-off for AI-assisted text. Four: vendor answers, whether each generation tool embeds machine-readable marks and whether those marks survive your export pipeline.
Answer the five questions honestly and the checklist mostly writes itself.
1. Can people in the EU see output from your AI systems?
If EU residents can talk to your chatbot, see your AI-generated campaign assets, or read your AI-assisted pages, Article 2(1)(c) can put you in scope as a deployer even with zero EU entities, because the output is used in the Union. If you genuinely have no EU exposure and your funnels are geo-gated, you are mostly out of scope. Put a quarterly reminder on it anyway: exposure changes faster than legal reviews do.
2. Do you publish AI-generated text with no human editorial step?
Fully automated publishing of text that informs the public is exactly what the Article 50 text duty targets. Add a human review step, name an owner with editorial responsibility, and record the sign-off. With that in place the exemption applies and no label is required. Without it, you are choosing between labelling the content and being unable to show why you did not.
3. Do you produce photoreal AI images or video of people, places, or events?
This is the deepfake lane. The duty is disclosure: the content must be identified as artificially generated or manipulated. Creative and satirical work keeps a lighter touch, the disclosure must not spoil the piece, but it still exists. Build the label into the template now so nobody has to remember it per campaign.
4. Does your site or funnel run an AI chatbot?
People must know they are talking to a machine unless it is already obvious to a reasonably well-informed person. A visible label at the top of the chat window, in the first message, or both, settles it. The disclosure must land at the first interaction, not three exchanges in.
5. Can your generation tools prove machine-readable marking?
Marking synthetic output in a machine-readable, detectable way is the tool provider's duty, but you inherit the problem if your vendor cannot answer it. Ask each vendor two questions: does the output carry a machine-readable mark, and does the mark survive your own export and compression pipeline? Test the second claim yourself. Metadata has a habit of dying in the handoff between tools.
Where this lands in the AI operating model
Teams in regulated verticals will recognise the shape of this work. Banking, insurance, and fintech marketers already run creative through compliance gates before anything ships, and the AI Act extends that muscle to content provenance rather than inventing a new discipline. Measurement, bidding, and attribution are untouched. What changes is that asset production gains a provenance step, the same way it once gained a brand-safety step.
In an AI strategy engagement this shows up as part of the AI operating model, not a side project: the inventory and exposure map become standing documents, the editorial sign-off becomes a workflow rule, and the vendor marking question joins the tool-selection scorecard. The reporting side, keeping an audit trail that shows the process ran, sits naturally with the analytics and insights layer. None of it is glamorous. All of it is cheaper than retrofitting under a deadline, and 2 August 2026 is a real one.