AI Labels Are Now Infrastructure

By /

On June 10, 2026, the European Commission published the final Code of Practice on marking and labelling AI-generated content. It was updated two days later, on June 12. The story did not land with the noise of a model launch, a chip announcement, or another "AI will replace the office" panic cycle.

It should have made more practical noise.

The Code is voluntary. The transparency obligations it supports under Article 50 of the EU AI Act are not. The Commission says those obligations apply from August 2, 2026, and the Code is meant to give providers and deployers of generative AI systems a practical path for marking, detecting, and labelling AI-generated or AI-manipulated content.

That sounds like policy language. The operator translation is simpler:

AI labels are no longer just a little badge in the corner.

They are becoming product infrastructure.

What Happened

The Commission published three connected pieces on June 10:

  • a final Code of Practice on Transparency of AI-Generated Content;
  • an optional set of EU icons for labelling certain AI-generated or AI-manipulated content;
  • signing instructions for providers and deployers that want to adhere to the Code.

The Code has two main sections. One is aimed at providers, with rules for marking and detection of AI-generated and manipulated content. The other is aimed at deployers, with rules for labelling deepfakes and AI-generated or manipulated public-interest text.

That provider/deployer split matters.

A provider is closer to the system that generates the output. Think: the AI product, model-backed service, or tool that creates synthetic text, image, audio, or video. A deployer is closer to the use of the system in a real workflow. Think: the publisher, campaign, business, public body, school, media operation, or product team that decides to use the generated output.

Those roles can overlap. A company can provide an AI feature and deploy AI-generated content in its own product. But blurring the roles is how teams end up with a decorative label and no actual compliance story.

The Code Is Voluntary. The Deadline Is Not.

The Commission’s Code page is unusually direct about the distinction: adhering to the Code is voluntary, but Article 50 transparency requirements are legal obligations where they apply.

That is the useful part. The Code is not the law itself. It is an implementation framework. The Commission says the Code is currently being assessed by the Commission and the AI Board, and that Article 50 guidelines will complement it.

If the Code receives a positive assessment, signatories will be able to rely on its measures to demonstrate compliance with the AI Act’s rules for marking, detection, deepfakes, and certain text publications. Teams that use other methods can still do so, but they will need to show that their measures are adequate.

That creates a very practical fork:

  • sign the Code and build toward a recognized EU-wide framework;
  • do something else and be ready to prove why it is good enough.

That is not a theological decision about regulation. It is a product and evidence decision.

The signing page adds a timeline signal: signatories are expected to be publicly listed in July 2026, ahead of the August 2 application date. The Commission also scheduled an information session for June 22.

If your product touches AI-generated content in Europe, "we will look at this later" is already starting to sound like "we love avoidable calendar pain."

What Actually Needs A Label?

The most useful detail on the EU icons page is also the one that will probably get lost in social media summaries:

Not all AI-generated or AI-manipulated content needs to be labelled under Article 50.

The Commission’s icon guidance describes the disclosure requirement around two important content cases:

  • deepfakes, meaning AI-generated or manipulated image, audio, or video content that resembles existing persons, objects, places, entities, or events and would falsely appear authentic or truthful;
  • AI-generated or manipulated text published to inform the public on matters of public interest, when it did not undergo human review or editorial control and no natural or legal person assumed editorial responsibility.

There are also limitations and exceptions. The page describes special handling for evidently artistic, creative, satirical, fictional, and analogous works. It also notes that the disclosure obligation does not apply where the use is authorized by law to detect, prevent, investigate, or prosecute criminal offences. For public-interest text, the page says the obligation does not apply where the text has undergone human review or editorial control and a person or organization holds editorial responsibility.

That last part is quietly important for publishers.

If an AI tool helps draft a public-interest article, summary, explainer, or alert, the answer may not be "slap an AI sticker on everything forever." The better answer is to decide what role the AI system played, what human review happened, who has editorial responsibility, what records exist, and what the reader needs to know.

This is less glamorous than arguing about whether machines can "create." It is also more useful.

Visible Labels And Invisible Marks Are Different Jobs

Article 50 is not just about what a reader sees.

The AI Act requires certain AI systems that generate synthetic audio, image, video, or text output to mark outputs in a machine-readable format and make them detectable as artificially generated or manipulated, as far as technically feasible. The Commission’s Code page frames provider obligations around marking and detection, including solutions that are effective, interoperable, robust, and reliable as far as technically feasible.

That is a different problem from putting a visible icon on a webpage.

Visible labels help people understand what they are seeing. Machine-readable marks help software, platforms, downstream publishers, archives, and authenticity tools reason about origin and modification. One is user disclosure. The other is supply-chain metadata for media.

If you publish AI-generated content, you probably need to think in layers:

  • visible disclosure: what a person sees at first exposure;
  • metadata or provenance: what travels with the asset or can be verified later;
  • editorial records: who reviewed it, who approved it, and why it was published;
  • platform behavior: what survives resizing, cropping, downloading, reposting, syndication, and CMS transformation.

The Commission’s icons guidance makes this concrete. It says the icon should be clearly perceivable and distinguishable by the time a person is first exposed to the relevant content. It also says the icon should be embedded into the content or provided through an equivalent method so it remains visible when content is reshared or downloaded, where applicable.

That is not a styling note. That is a lifecycle requirement.

If your label disappears when an image gets downloaded, cropped, cached, converted to WebP, passed through a social scheduler, or republished in a newsletter, your system may be honest only inside the one UI you control. The internet is very good at escaping the one UI you control.

The EU Icons Are Helpful. They Are Not Compliance Glitter.

The EU icon set is optional. The Commission says the icons are freely available and can be used by creators, publishers, and other deployers. It also says the icons were user-tested, and that performance improved when the basic icon was accompanied by a text label.

The page is also clear about the trap: using the icon does not establish legal compliance by itself.

That should be printed on a large mug and handed to every product team.

An icon can help users. It can make disclosure consistent. It can reduce design bikeshedding across teams that would otherwise invent seventeen equally confusing "AI-ish" badges.

But a label is not a governance program. It does not prove that the right content was labelled, that the label was placed correctly, that accessibility needs were considered, that the underlying media was marked, that public-interest text was reviewed, or that a downstream copy still carries the right signal.

The icon is the front door. You still need the building.

C2PA Is Part Of The Plumbing Conversation

The Code and icons arrive in a broader technical moment around content provenance.

C2PA, the Coalition for Content Provenance and Authenticity, provides an open technical standard for establishing the origin and edits of digital content. Its public site describes Content Credentials as a kind of nutrition label for digital content. The C2PA specifications include technical documents, implementer guidance, user experience guidance, security considerations, harms modelling, and AI/ML guidance.

That does not mean C2PA magically solves AI deception. No standard does. Provenance can be stripped, ignored, misunderstood, or misused. It can also create new operational questions: who signs assets, which keys are trusted, how credentials survive processing, how false claims are handled, and what happens when a platform does not preserve metadata.

Still, the direction is obvious. AI transparency is moving from vibes to evidence.

Teams that generate or distribute synthetic media will need to understand provenance standards, CMS behavior, CDN transformations, social platform handling, image pipelines, asset signing, and user-facing disclosure. The people who thought "AI policy" belonged only to legal are about to meet the media pipeline.

Everyone will have a lovely time.

What Builders And Publishers Should Do Now

This is not legal advice. It is an operational reading of where the work is going.

If you build, publish, or operate AI-generated content workflows, start with a boring inventory.

List the AI systems that create or modify text, images, audio, or video. Note where those outputs are used, whether people in the EU may see or use them, whether your organization is acting as provider, deployer, or both, and whether the content could fall into the chatbot, synthetic media, deepfake, or public-interest text buckets.

Then split the work into five tracks.

1. Product Disclosure

Decide where users are informed that they are interacting with an AI system or seeing AI-generated or AI-manipulated content. The AI Act text requires information to be clear and distinguishable, and Article 50 refers to first interaction or exposure in relevant cases.

Do not bury disclosure in a privacy policy and call it done. If the reader only learns the content was AI-generated after they have already been misled, the label has failed its main job.

2. Machine-Readable Marking

If you provide systems that generate synthetic content, figure out what machine-readable marking means for your output types. Text, image, audio, and video do not all behave the same way. A watermark, metadata field, signed manifest, or provenance credential has to survive the realistic path the content takes.

Test the ugly path, not the demo path.

Export the file. Resize it. Compress it. Put it through the CMS. Send it through your newsletter tool. Upload it to a social platform. Download it again. See what remains.

3. Editorial Review And Responsibility

For public-interest text, the Commission’s icon guidance puts a lot of weight on human review, editorial control, and editorial responsibility.

So write down what those words mean in your workflow.

Who reviews AI-assisted public-interest text? What are they checking? What sources are required? Who approves publication? Where is that approval recorded? If a model summarizes a public document incorrectly, who owns the correction?

This is where a newsroom, school district, city office, nonprofit, SaaS company, or small publisher can be more mature than a giant platform with a nicer badge.

4. Accessibility

The icons guidance specifically encourages accessibility measures: clear size, plain language, assistive-technology support through alt text or ARIA labels where possible, enough display time for temporary disclosures, and navigable second-layer information.

That is not decorative. A label that cannot be perceived by the people it is meant to inform is a compliance-shaped shrug.

Treat AI disclosure like a real UI component. It needs text, contrast, placement, semantics, and behavior across devices.

5. Vendor And Evidence Management

Ask vendors what they do to mark outputs, preserve provenance, support visible labelling, and document AI use. Put the answers in contracts and procurement checklists where appropriate.

Also keep your own evidence.

If you decide not to label a certain class of content because it is outside scope, because it was human-reviewed with editorial responsibility, or because a specific exception applies, record the reasoning. If you rely on a vendor’s marking system, document the version, configuration, and test result.

Future-you will appreciate not having to reverse-engineer a policy decision from a Slack thread and three optimistic screenshots.

The Hard Part Is Not The Badge

There is a lazy version of AI transparency where every AI-related thing gets a little sparkle icon and everyone pretends trust has been restored.

That version will not survive contact with reality.

The hard part is deciding when disclosure is needed, making the disclosure meaningful, preserving provenance through messy content pipelines, documenting human review, supporting accessibility, and proving that the process works after content leaves your product.

That is why this undercovered June 10 announcement matters.

It is a signal that AI-generated content is becoming part of normal systems governance. Not just model governance. Not just policy governance. Normal, unglamorous, operational governance: inventories, pipelines, UI states, records, testing, vendor questions, and audit trails.

The small teams that handle this well will not be the ones with the most dramatic AI policy page. They will be the ones that can answer simple questions:

  • What generated this?
  • Who reviewed it?
  • How is it labelled?
  • Does the label survive distribution?
  • What evidence backs that claim?

That is where AI transparency becomes real.

Not in the badge. In the machinery behind it.

Sources

Leave a Comment

Your email address will not be published. Required fields are marked *


Scroll to Top