Strategy  ·  July 2026

You are not in the EU. The AI Act can still reach your marketing on 2 August 2026.

Article 50's transparency duties for AI-generated content apply from 2 August 2026, and the scope clause covers any team whose AI output is used inside the Union. What to have ready, without the panic.

Bauhaus geometric line illustration of a gridded shield inside nested gateway arcs, one arc filled brand orange, horizontal rule lines ending in circular nodes, ink line-art on cream paper.

► Bottom line up front

On 2 August 2026 the bulk of the EU AI Act starts to apply, including the Article 50 transparency rules for AI-generated content. The scope clause reaches companies with no EU office: if output from your AI systems is used inside the Union, you can be on the hook as a deployer. Most marketing teams need four things in place, an inventory of AI-generated assets, disclosure copy for anything deepfake-adjacent, documented human editorial control over AI-assisted text, and a vendor answer on machine-readable marking. This post is the working checklist.

Why a law from Brussels reaches a marketing team in Singapore

The EU AI Act does not stop at the EU border, and that is by design. Article 2 sets the scope in two moves. Providers who place AI systems on the EU market are covered wherever they are established. And, the clause that matters for most marketing teams, the Act applies to providers and deployers located in a third country “where the output produced by the AI system is used in the Union” (Article 2(1)(c)). Headquarters is irrelevant. Where the output lands is the test.

Translate that into marketing operations and the reach is wider than most teams assume. A chatbot on your site that EU visitors can talk to produces output used in the Union. AI-generated creative in campaigns that EU users see produces output used in the Union. AI-assisted articles that EU readers open produce output used in the Union. For the five markets leapbuzz works across, Singapore, the US, Canada, Australia, and Malaysia, the common pattern is a regional business with no EU entity but plenty of EU traffic, EU customers, or EU partners. That pattern is in the conversation whether it wants to be or not.

Two calibrations before the checklist. First, in almost every marketing scenario you are the deployer, the party using an AI system under your own authority, not the provider who built it. Deployer duties are lighter and mostly about disclosure. Second, this post is marketing operations guidance, not legal advice. Scope questions with real money attached belong with counsel.

What actually starts on 2 August 2026

The Act phases in over five years, and the marketing-facing piece is the August 2026 tranche. Per the official implementation timeline, on 2 August 2026 “the remainder of the AI Act starts to apply, except Article 6(1)”, the high-risk classification rules, which follow a year later. The prohibitions and AI literacy duties have applied since February 2025, and the general-purpose model, governance, and penalty provisions since August 2025.

EU AI Act implementation timeline 2 FEB 2025 prohibitions + AI literacy 2 AUG 2025 GPAI models, governance, penalties framework 2 AUG 2026 Article 50 + the remainder transparency duties for AI-generated content apply 2 AUG 2027 Article 6(1) high-risk rules
Applicability dates per the official implementation timeline. The 2 August 2026 milestone is the one that carries the marketing-facing duties.

The practical meaning: the transparency duties in Article 50, the ones that govern AI-generated content, chatbots, and deepfake-adjacent creative, stop being direction of travel and become enforceable law. Everything your team has been meaning to formalise about AI-generated assets now has a date attached.

Article 50, translated for a marketing team

Article 50 (official text: Regulation (EU) 2024/1689) carries four duties a marketing operation will actually meet. In order of how often they come up:

Chatbots must be visibly machines. People interacting with an AI system must be informed of it, unless that is obvious to a reasonably well-informed person. A clearly labelled AI assistant satisfies this. A chat widget doing its best to pass as a human named Rachel does not. The disclosure has to land at the first interaction.

Synthetic output must carry machine-readable marks. Providers of generative systems must mark AI-generated audio, image, video, and text output in a machine-readable, detectable format, effective and interoperable as far as technically feasible. This one is mostly your tool vendor's duty rather than yours. Your job is to buy tools that do it and to confirm the marks survive your export pipeline.

Deepfake-adjacent content needs a visible disclosure. Deployers of image, audio, or video content that is artificially generated or manipulated must disclose that fact. Artistic, creative, and satirical work gets a gentler version: the disclosure still exists but must not hamper the enjoyment of the work. For campaign creative, the operating line is photorealism. If a viewer could mistake the asset for a photograph of something that happened, label it.

AI-written text that informs the public needs a disclosure, with one big exemption. Text published to inform the public on matters of public interest must be disclosed as AI-generated, unless it has undergone human review or editorial control and a person holds editorial responsibility.

The platform squeeze arrives before the regulator

Whether or not an EU regulator ever looks at a mid-market advertiser in Kuala Lumpur, the platforms will get there first. The major ad and social platforms have spent the last two years adding synthetic-media labels, AI-content declarations at upload, and provenance metadata to their creative tooling, and the generation tools themselves are converging on embedded content credentials. The AI Office is explicitly chartered to encourage codes of practice for detecting and labelling synthetic content, which pushes the whole toolchain toward interoperable marking.

This rhymes with a lesson from the measurement side, covered in the Privacy Sandbox wind-down post: what changes practice is rarely the statute reaching you directly. It is regulation reshaping what platforms and vendors require of everyone who uses them. Third-party cookies survived in Chrome, yet first-party data became mandatory anyway, because regulation and walled gardens moved the floor. Expect the same mechanic here. Upload-time enforcement and procurement questionnaires will make Article 50 posture a de facto requirement in markets the Act never formally reached.

If your campaigns are increasingly assembled by agents rather than people, the same duties follow the pipeline. The governance side of that is covered in the agentic marketing operations post: the escalation boundary you design for agent-produced work is the natural place to hang the disclosure and marking checks.

The readiness checklist, sized for a mid-market team

Four artefacts, achievable in a fortnight without new tooling. One: an inventory of every place AI generates or edits customer-facing material, copy, images, video, chat, across every market you operate in. Two: an EU exposure map, which campaigns, pages, and bots can reach people in the Union. Three: disclosure standards, where labels go on deepfake-adjacent creative, and a documented human editorial sign-off for AI-assisted text. Four: vendor answers, whether each generation tool embeds machine-readable marks and whether those marks survive your export pipeline.

Answer the five questions honestly and the checklist mostly writes itself.

1. Can people in the EU see output from your AI systems?

If EU residents can talk to your chatbot, see your AI-generated campaign assets, or read your AI-assisted pages, Article 2(1)(c) can put you in scope as a deployer even with zero EU entities, because the output is used in the Union. If you genuinely have no EU exposure and your funnels are geo-gated, you are mostly out of scope. Put a quarterly reminder on it anyway: exposure changes faster than legal reviews do.

2. Do you publish AI-generated text with no human editorial step?

Fully automated publishing of text that informs the public is exactly what the Article 50 text duty targets. Add a human review step, name an owner with editorial responsibility, and record the sign-off. With that in place the exemption applies and no label is required. Without it, you are choosing between labelling the content and being unable to show why you did not.

3. Do you produce photoreal AI images or video of people, places, or events?

This is the deepfake lane. The duty is disclosure: the content must be identified as artificially generated or manipulated. Creative and satirical work keeps a lighter touch, the disclosure must not spoil the piece, but it still exists. Build the label into the template now so nobody has to remember it per campaign.

4. Does your site or funnel run an AI chatbot?

People must know they are talking to a machine unless it is already obvious to a reasonably well-informed person. A visible label at the top of the chat window, in the first message, or both, settles it. The disclosure must land at the first interaction, not three exchanges in.

5. Can your generation tools prove machine-readable marking?

Marking synthetic output in a machine-readable, detectable way is the tool provider's duty, but you inherit the problem if your vendor cannot answer it. Ask each vendor two questions: does the output carry a machine-readable mark, and does the mark survive your own export and compression pipeline? Test the second claim yourself. Metadata has a habit of dying in the handoff between tools.

Where this lands in the AI operating model

Teams in regulated verticals will recognise the shape of this work. Banking, insurance, and fintech marketers already run creative through compliance gates before anything ships, and the AI Act extends that muscle to content provenance rather than inventing a new discipline. Measurement, bidding, and attribution are untouched. What changes is that asset production gains a provenance step, the same way it once gained a brand-safety step.

In an AI strategy engagement this shows up as part of the AI operating model, not a side project: the inventory and exposure map become standing documents, the editorial sign-off becomes a workflow rule, and the vendor marking question joins the tool-selection scorecard. The reporting side, keeping an audit trail that shows the process ran, sits naturally with the analytics and insights layer. None of it is glamorous. All of it is cheaper than retrofitting under a deadline, and 2 August 2026 is a real one.

Questions, answered.

Does the EU AI Act apply to a company with no office in the EU?

Yes, in two situations set out in Article 2. If you place an AI system on the EU market, the Act treats you as a provider wherever you are established. More relevant for marketing teams is Article 2(1)(c), which applies to providers and deployers located in a third country “where the output produced by the AI system is used in the Union”. A Singapore or Australian team whose AI-generated campaign assets, chatbot conversations, or AI-written pages reach people inside the EU can fall in scope as a deployer. Headquarters location is not the test. Where the output is used is the test.

What is Article 50 of the EU AI Act in plain terms?

It is the transparency article. Four duties matter for marketing. People must be told when they are interacting with an AI system, unless that is already obvious. Providers of generative tools must mark synthetic audio, image, video, and text output in a machine-readable way. Anyone deploying deepfake-style content must disclose that it was artificially generated or manipulated. And AI-generated text published to inform the public on matters of public interest needs a disclosure, unless a human has reviewed it and someone holds editorial responsibility. The duties apply from 2 August 2026.

Does AI-assisted ad copy or blog content need a disclosure label?

Usually not, if your workflow already includes a real human editorial step. The text duty in Article 50 targets AI-generated text published to inform the public on matters of public interest, and it carries an explicit exemption where the content has undergone human review or editorial control and a natural or legal person holds editorial responsibility. Standard marketing copy that a human edits and signs off sits inside that exemption. The practical action is not labelling everything. It is documenting the editorial step so you can show it existed.

Do AI-generated product images in ads count as deepfakes?

Not automatically. The deepfake duty covers image, audio, and video content that is artificially generated or manipulated in a way that resembles real people, places, events, or objects and could falsely appear authentic to a viewer. A stylised illustration is not the concern. A photoreal AI image implying a real event, a real customer, or a real product scenario gets much closer. The safe operating line: anything photoreal that a viewer could mistake for a photograph of something that happened should carry the disclosure, and your generation tool should be embedding machine-readable marks either way.

What exactly changes on 2 August 2026?

That is the date the remainder of the AI Act starts to apply, with one carve-out: Article 6(1), the high-risk classification rules, follows on 2 August 2027. Prohibited practices and AI literacy duties have applied since 2 February 2025, and the general-purpose model, governance, and penalty provisions since 2 August 2025. For marketing teams the operative change on 2 August 2026 is that the Article 50 transparency duties become enforceable law rather than direction of travel.

What are the penalties for ignoring the transparency rules?

The Act's penalty regime scales fines to a company's global annual turnover, with the ceiling depending on the category of breach. Transparency violations sit below the ceilings reserved for prohibited practices, but they are not symbolic. For a non-EU marketing team the more immediate commercial risk is usually not the regulator. It is platform enforcement at upload time, and procurement gates: EU clients and partners increasingly ask about AI Act posture in vendor reviews before a contract is signed.

Will the ad platforms handle compliance for me?

Partly, and not in a way you can outsource responsibility to. Platform tooling is moving toward embedded provenance marking for AI-generated creative, which helps with the machine-readable marking duty at the tool level. The disclosure duties for deepfake-adjacent content and for public-interest text sit with the deployer. That is you, not the platform. Expect platforms to enforce their own synthetic-media policies at upload, which in practice front-runs the regulation. Treat platform checks as a floor, not as compliance.

What should a marketing team have ready before August 2?

Four artefacts. One, an inventory of where AI generates or edits customer-facing assets: copy, images, video, chat. Two, an EU exposure map showing which campaigns, pages, and bots can reach people in the Union. Three, disclosure standards: where labels go for deepfake-adjacent creative, and a documented human editorial sign-off for AI-assisted text. Four, vendor answers on whether each generation tool embeds machine-readable marks, and a check that the marks survive your export pipeline. A mid-market team can produce all four in a fortnight without buying new tooling.

Map your exposure

Want the AI Act read on your actual asset library?

leapbuzz works with marketing teams across Singapore, the US, Canada, Australia, and Malaysia that ship AI-assisted campaigns every week. An engagement starts with the inventory and exposure map described here and ends with a disclosure standard your team actually follows.

Talk to us about AI Act readiness