11 June 2026 · Kuziva Muzondo
What the Art 50 Code of Practice Means for Your Codebase
The EU published the final Code of Practice on AI content marking on 10 June 2026. Article 50 transparency obligations apply from 2 August 2026. Here is what a static analysis tool can evidence against it — and what it cannot.
The Code of Practice in brief
The Code of Practice on marking and labelling of AI-generated content was published by the European Commission on 10 June 2026. It is voluntary — signing it demonstrates good practice, but the underlying Article 50 obligations are legally binding from 2 August 2026 regardless of whether you sign.
It has two sections:
- Section 1 (Providers): Machine-readable marking of AI-generated content — secured metadata and digital watermarking that must be effective, interoperable, robust, and reliable.
- Section 2 (Deployers): Labelling deepfakes and AI-generated text on matters of public interest, unless the content underwent human editorial review.
Source: European Commission — Code of Practice on AI content marking, 10 June 2026.
What Regula can evidence
Regula can detect the presence of synthetic content generation, chatbot interaction, emotion recognition, and biometric categorisation patterns in your codebase — the four Article 50 transparency categories. It identifies whether your code uses these capabilities, which is useful for scoping your obligations. It cannot verify that marking or disclosure is effective at runtime.
Regula’s limited_risk detection tier includes 23 patterns across four Article 50 categories. Against the Code of Practice provisions:
| Code provision | Regula coverage | Status |
|---|---|---|
| Synthetic content generation (deepfakes, face-swap, voice cloning, text-to-image) | 10 patterns in synthetic_content |
Detected |
| Chatbot / conversational AI without disclosure | 6 patterns in chatbots |
Detected |
| Emotion recognition systems | 4 patterns in emotion_recognition |
Detected |
| Biometric categorisation systems | 3 patterns in biometric_categorisation |
Detected |
What Regula cannot evidence
Regula cannot verify that machine-readable marking is present in generated outputs, that watermarking is effective or robust, that deployer disclosure appears at the interaction layer, or that AI-generated text underwent human editorial review. These are runtime, UI, and editorial workflow questions that static code analysis fundamentally cannot answer.
This list matters as much as the one above.
| Code provision | Why not |
|---|---|
| Machine-readable marking is present in outputs | Static analysis sees source code, not runtime output. Whether watermarks are actually embedded in generated content requires runtime verification. |
| Marking is effective, interoperable, and robust | Quality of watermarking is a runtime and adversarial-testing question. Code scanning can detect the presence of watermarking calls but not their effectiveness. |
| Deployer disclosure at the interaction layer | Whether users see “You are interacting with an AI system” depends on UI implementation, not backend code. Regula can detect chatbot patterns but not UI disclosure. |
| Human editorial review of AI-generated text | Whether published text underwent human review is an editorial workflow question, not a code property. |
| New-system vs existing-system watermarking timeline | Whether a system was “already on the market” before 2 August 2026 is a deployment date question, not a code property. Regula’s timeline command now distinguishes the two deadlines (2 Aug 2026 vs 2 Dec 2026). |
Practical guidance
If your system generates synthetic content, run regula check . --min-tier limited_risk to detect generative AI patterns and regula gap . --framework eu-ai-act to check for transparency gaps. Article 50 obligations apply from 2 August 2026 for all systems. Watermarking for systems already on the market is required by 2 December 2026 (Digital Omnibus; EP approved 16 Jun 2026, Council approved 29 Jun 2026; pending OJ publication).
If you generate synthetic content (images, audio, video, text that could be mistaken for human-created), run:
regula check . --min-tier limited_risk
regula gap . --framework eu-ai-act
Regula will flag the presence of generative AI patterns in your codebase. It will not verify that your watermarking implementation is effective — that requires a separate testing step (consider Giskard or manual adversarial testing).
Article 50 transparency obligations apply from 2 August 2026 for all systems. For systems already on the market, the watermarking deadline is 2 December 2026 (Digital Omnibus; approved by European Parliament on 16 June 2026; approved by Council on 29 June 2026; pending OJ publication).
Last verified: 11 June 2026 · Author: Kuziva Muzondo · Source: EC Code of Practice on AI content marking (10 June 2026) · Not legal advice. Regula identifies risk indicators for developer review.
Related reading
- EN standards mapping (EN 18228, EN 18282) — Traceability between Regula detections and draft harmonised standards
- Omnibus decision framework — Three-track planning approach for deadline uncertainty
- Scanning 5 compliance frameworks — 562 findings across PyTorch, HuggingFace, LangChain, LlamaIndex, CrewAI