For most of the last two years, August 2, 2026 was treated as a single, monolithic deadline - the date the EU AI Act’s high-risk regime would finally bite and compliance teams would have to show their work. That framing is now wrong. The Digital Omnibus, the simplification package on which the European Parliament and Council reached a provisional agreement on May 7, 2026, has cleaved that date into two very different categories: obligations that still take effect exactly as written, and obligations that have been pushed more than a year into the future.

The practical consequence is that organizations which read the headlines about “deadlines being delayed” and quietly stood down their AI Act programs have made a serious mistake. The single most broadly applicable obligation in the entire Act - the Article 50 transparency duties - is not deferred. Neither is the enforcement machinery behind it. As of August 2, 2026, the AI Office and national authorities acquire the power to impose fines of up to EUR 15 million or 3% of total worldwide annual turnover, whichever is higher, for breaches of provider and deployer obligations including Article 50.

This article maps what is actually due on August 2, 2026 versus what the Digital Omnibus has moved, who is affected, and what a transparency-compliance program needs to contain before the date arrives. It builds on our earlier, deeper treatment of the marking technology itself - watermarking, metadata, and the voluntary Code of Practice - in Watermarks and Metadata: How to Actually Comply With the EU AI Act’s Article 50 Transparency Rules. If you need the how of marking mechanisms, start there. This piece is about the when, the who, and the what changed.

What Article 50 actually requires

Article 50 sits in a class of its own within the AI Act. It is not a high-risk provision and it is not tied to Annex III. It is a horizontal transparency obligation that applies to specific categories of AI regardless of risk classification, and it takes effect on August 2, 2026. The duties divide cleanly between providers (who build the systems) and deployers (who put them to use):

  • Article 50(1) - AI interaction disclosure (provider duty). Providers of AI systems intended to interact directly with natural persons - chatbots, voice assistants, conversational agents - must design them so the user is informed they are dealing with an AI, no later than the first interaction. The exception is narrow: where it is already obvious to a reasonably well-informed, observant person that they are talking to a machine.
  • Article 50(2) - machine-readable marking of synthetic output (provider duty). Providers of generative AI systems must ensure outputs - text, audio, image, video - are marked in a machine-readable format and detectable as artificially generated or manipulated. The marking must be “effective, interoperable, robust and reliable as far as technically feasible.” Assistive editing that does not substantially alter the input, and systems authorized by law for criminal-offense detection, are carved out.
  • Article 50(3) - emotion recognition and biometric categorization (deployer duty). Deployers must inform the people exposed to these systems that they are being subjected to them.
  • Article 50(4) - deepfakes and public-interest text (deployer duty). Deployers who use AI to produce or manipulate image, audio or video constituting a deepfake must disclose that it is artificially generated. Deployers publishing AI-generated or AI-manipulated text on matters of public interest must do the same - unless a human reviewed the content and holds editorial responsibility for it.

The structural point worth internalizing is that Article 50 creates a chain. Providers embed the marking at the point of generation under 50(2); deployers make it visible to the public at the point of publication under 50(4). A failure at either end breaks the chain, and both ends are enforceable from the same date. The machine-readable marking requirement under Article 50(2) is the technically hardest piece and the one the Digital Omnibus singled out for special transitional treatment, which we return to below.

The enforcement switch flips on the same day

Transparency obligations on paper mean little without consequences, and this is the part of the August 2026 picture that the “everything’s delayed” narrative most badly distorts. The AI Act’s penalty provisions - Article 99 (penalties applied by Member States) and Article 101 (fines on providers of general-purpose AI models, levied directly by the Commission through the AI Office) - become operative on August 2, 2026.

For breaches of operator obligations such as Article 50, the relevant tier under Article 99 is up to EUR 15 million or 3% of worldwide annual turnover, whichever is higher. (The higher tier - EUR 35 million or 7% - is reserved for violations of the Article 5 prohibited-practices rules, which have been in force since February 2, 2025.) Supplying incorrect, incomplete or misleading information to authorities carries its own tier of up to EUR 7.5 million or 1%.

In other words, August 2, 2026 is not merely when the transparency rules apply - it is when the regulator gains the standing to fine for violating them. The substantive obligation and the enforcement power arrive together. This is why a deferral of the high-risk regime does not translate into breathing room for a generative-AI provider or a marketing team publishing synthetic media: the obligation that is most likely to touch a mainstream business, and the penalty that backs it, are both on the unmoved part of the calendar.

What the Digital Omnibus changed

The Digital Omnibus is a simplification package, not a repeal. Its political agreement was reached on May 7, 2026, and it remains pending formal adoption by the Parliament and Council - meaning the dates below are provisional until the final text is published in the Official Journal. With that caveat, the changes that matter for the August 2026 picture are these:

  • Annex III high-risk obligations deferred from August 2, 2026 to December 2, 2027. This is the headline. The standalone high-risk systems listed in Annex III - the category most enterprises were racing to certify - get roughly sixteen additional months. This is the deadline most people meant when they spoke of “the August 2026 deadline,” and it is the one that genuinely moved.
  • A transitional window for generative AI already on the market. Generative-AI systems placed on the market before August 2, 2026 are given until December 2, 2026 to bring their outputs into compliance with the Article 50(2) machine-readable marking requirement. New systems entering the market on or after August 2, 2026 get no such grace period - they must mark from day one. This four-month transitional relief is narrow: it covers the marking mechanism specifically, not the deployer disclosure duties.
  • GPAI obligations are untouched. The general-purpose AI model rules have been in force since August 2, 2025. Models placed on the market before that date - “legacy” models - have until August 2, 2027 to come into full compliance. The Digital Omnibus did not alter this track.

It is worth being precise that the transitional grace period to December 2, 2026 for in-market generative systems echoes the same date already referenced in the voluntary Code of Practice’s transitional provisions. The Omnibus gives that relief a firmer statutory footing. For systems launched after the cutoff, however, the August 2, 2026 marking obligation is immediate.

The timeline at a glance

The table below separates what is due on August 2, 2026 from what the Digital Omnibus has moved. Dates tied to the Omnibus are provisional pending formal adoption.

ObligationWhoOriginal dateStatus after Digital Omnibus
Prohibited practices (Article 5)AllFeb 2, 2025In force - unchanged
GPAI model obligationsGPAI providersAug 2, 2025In force - unchanged
GPAI legacy models full complianceGPAI providers (pre-Aug 2025 models)Aug 2, 2027Unchanged
Article 50 transparency dutiesProviders and deployersAug 2, 2026Applies Aug 2, 2026 - not deferred
Article 50(2) marking, systems already on marketGenerative-AI providers (pre-Aug 2, 2026)Aug 2, 2026Transitional to Dec 2, 2026
Article 50(2) marking, new systemsGenerative-AI providers (on/after Aug 2, 2026)Aug 2, 2026Applies Aug 2, 2026
AI Office / Member State fining power (Art. 99/101)EnforcementAug 2, 2026In force Aug 2, 2026 - not deferred
Annex III high-risk obligationsHigh-risk providers/deployersAug 2, 2026Deferred to Dec 2, 2027

The clean read: the high-risk regime moved; transparency and enforcement did not.

Who must act by August 2026

The reach of Article 50 is broader than the high-risk rules it is so often conflated with, because it keys off what the system does rather than how risky it is. The following groups should treat August 2, 2026 as a live deadline.

Generative-AI providers. Anyone who develops or places on the EU market a system that produces synthetic text, images, audio or video carries the Article 50(2) marking duty. New systems must mark from August 2, 2026; systems already on the market before that date have until December 2, 2026. This includes foundation-model providers, but also the long tail of smaller vendors who fine-tune or wrap generative models and place the resulting product on the market.

Providers of conversational and interactive AI. Chatbots, virtual assistants, voice agents and customer-service automation fall under Article 50(1). The disclosure must be designed into the system so the user knows they are interacting with AI at first contact. Businesses that deployed a chatbot years ago and never thought about it as “AI Act scope” are squarely affected.

Deployers publishing deepfakes or synthetic media. Marketing, advertising, media and entertainment organizations that generate or manipulate image, audio or video using AI owe a disclosure duty under Article 50(4). This is a deployer obligation that does not depend on whether the upstream provider marked the content - the deployer must make the artificial nature clear to the audience.

Newsrooms and publishers of public-interest text. Where AI generates or manipulates text published to inform the public on matters of public interest, Article 50(4) requires disclosure unless a human held editorial responsibility after review. The editorial-review carve-out is meaningful and is precisely the kind of process most established publishers can document.

Deployers of emotion-recognition and biometric-categorization systems. Under Article 50(3), these deployers must inform the natural persons exposed to the systems. This is narrower in application but absolute where it applies.

The common thread: none of these obligations is contingent on a system being classified high-risk, so none of them benefits from the Annex III deferral.

Transparency-compliance checklist

The following is an operational checklist for the Article 50 obligations landing in August 2026. For the underlying marking technologies - C2PA-style signed metadata, imperceptible watermarking, and the voluntary Code of Practice - refer back to our marking and labelling deep dive; this list is the program around them.

  1. Inventory every AI system in scope. Map systems by Article 50 sub-paragraph: interactive (50(1)), generative output (50(2)), emotion/biometric (50(3)), deepfake or public-interest text use (50(4)). A system can fall under more than one.
  2. Classify by market-entry date. For generative systems, determine whether each was placed on the market before or on/after August 2, 2026. Only pre-cutoff systems get the transitional window to December 2, 2026; everything else marks from the August date.
  3. Implement machine-readable marking under 50(2). Deploy signed provenance metadata as the primary record and an imperceptible watermark as the durable fallback. Confirm the solution is “effective, interoperable, robust and reliable as far as technically feasible.”
  4. Build first-contact AI disclosure under 50(1). Ensure chatbots and assistants state they are AI at the start of interaction. Document the reasoning where you rely on the “obvious” exception rather than assuming it applies.
  5. Establish deployer disclosure workflows under 50(4). Define how deepfakes and synthetic media are labelled before publication, and create the editorial-responsibility paper trail for public-interest text that relies on the human-review carve-out.
  6. Address emotion-recognition and biometric notice under 50(3) where relevant, with clear notification to exposed individuals.
  7. Preserve and protect provenance markings. Do not strip existing markings when AI content is reused as input, and prohibit intentional removal of markings in your terms of service.
  8. Consider signing the voluntary Code of Practice. It is the closest thing to a safe-harbor map before harmonized standards exist and signals good-faith compliance to the AI Office.
  9. Document everything for enforcement. With Article 99/101 fining power live from August 2, 2026, maintain evidence of your marking, disclosure, and decision-making. Misleading information to authorities is itself a finable offense.
  10. Do not stand down the high-risk program - re-baseline it. The Annex III deferral to December 2, 2027 is relief, not cancellation. Use the recovered time to do the high-risk work properly rather than abandoning it.

Conclusion

The Digital Omnibus did something genuinely useful: it gave the high-risk regime the runway it needed and removed a deadline that, by most credible assessments, the ecosystem was not ready to meet. But it did so without touching the two things that make August 2, 2026 a hard date for the broadest set of organizations - the Article 50 transparency obligations and the enforcement power that backs them. Generative-AI providers, chatbot operators, publishers and marketers do not get to treat “the deadline moved” as applying to them, because for them it did not.

The cleanest way to hold the distinction in mind is this: the part of the Act that was hardest to engineer for the largest number of companies - transparency - is the part that stayed on schedule, complete with fines. The deferral is real, but it is aimed at high-risk classification work, not at the obligation to tell people when they are looking at, or talking to, a machine. Organizations that have until December 2, 2026 for already-deployed generative systems should treat that as a short bridge, not a reprieve - and those launching anything new should be ready on August 2.

This article is provided for informational purposes only and does not constitute legal advice.