{"content_id":"vstg2wvx7q","slug":"eu-ai-act-2026-generative-ai-labeling-gpai-checklist","locale":"en","schema_type":"TechArticle","category":"how_to","category_name":"How-to","title":"Checklist for the EU AI Act, Effective August 2026: Generative AI Labeling and GPAI Requirements","summary":"This document summarizes the EU AI Act’s requirements for the disclosure and labeling of generative AI content, as well as key enforcement points regarding providers of GPAI models, which take effect on August 2, 2026. It provides a checklist covering role definitions, documentation, copyright, and risk management that Korean and U.S. companies should review when providing AI services to users in the EU.","author":{"name":"Injoys Editorial Team","url":"https://injoys.com/ko/about"},"key_points":["Starting August 2, 2026, key transparency obligations under the EU AI Act—such as the identification and labeling of AI-generated content—will take effect.","Signing a voluntary code of conduct does not eliminate legal obligations, but it can help demonstrate to regulatory authorities that a company is making a sincere effort to comply.","GPAI model providers must review their separate documentation requirements, including technical documentation, information for sub-providers, copyright policies, and training data summaries.","GPAI models that pose systemic risks require a strengthened management framework, including assessment, risk mitigation, reporting of major incidents, and cybersecurity measures.","Companies in South Korea and the United States—which are outside the EU—must also assess whether they fall within the scope of the regulation if they provide AI systems or GPAI models to the EU market or if their outputs are used within the EU."],"content_markdown":"## Conclusion at a Glance\n\nThe European Union’s AI Act will enter a phase where the marking and labeling of generative AI content, along with certain transparency obligations, will take full effect starting August 2, 2026. On June 10, 2026, the European Commission published implementing rules regarding the identification and labeling of AI-generated content, which serve as practical guidelines for companies to refer to when incorporating these legal obligations into their actual product and service operations.\n\nThis article is not legal advice but rather a knowledge resource for compliance review. Actual applicability may vary depending on service structure, user location, model delivery methods, contractual roles, and interpretations by local regulatory authorities.\n\n## Key Dates and Implementation Points\n\n| Item | Key Details | Points for Companies to Check |\n|---|---|---|\n| June 10, 2026 | European Commission publishes Code of Practice on the identification and labeling of AI-generated content | Review whether product UI, metadata, watermarks, and public disclosure methods comply with the Code of Practice |\n| August 2, 2026 | Relevant transparency obligations under the AI Act take effect | Prepare labeling policies and logs for text, images, audio, and video |\n| August 2, 2026 | Designated as the date when enforcement powers against GPAI model providers take full effect | Review technical documentation, copyright policies, training data summaries, and risk management systems |\n| Continued Application | May also apply to non-EU businesses connected to the EU market or EU users | Even for entities based in South Korea or the U.S., scope must be assessed based on whether they provide services to the EU |\n\n## Glossary\n\n### AI-Generated Content\n\nThis refers to text, images, audio, video, or combinations thereof created by AI systems. The transparency obligations under the AI Act are particularly significant for content that appears to have been created by a human or that could mislead users into believing that real people, events, or statements are factual.\n\n### Generative AI Labeling\n\nGenerative AI labeling is the process of indicating to users or recipients whether content has been generated or manipulated by AI. From a practical standpoint, it is safest to consider labeling methods in the following two tiers.\n\n1. **Human-readable labels**: On-screen text, icons, subtitles, description fields, post notices, etc.\n2. **Machine-readable indicators**: Metadata, content source information, watermarks, content authentication and provenance information, etc.\n\n### GPAI Models\n\nGPAI stands for “general-purpose AI” and refers to AI models that can be widely used for various subtasks and application services. This includes large language models, multimodal models, and image generation models. The level of compliance required differs between companies that simply use AI functions and those that provide GPAI models themselves.\n\n## Generative AI Labeling Requirements Changing Starting August 2026\n\nThe transparency framework of the AI Act aims to ensure that users can determine whether they are interacting with AI or whether the content they encounter has been generated or manipulated by AI. In particular, the clarity of labeling is crucial when AI-generated content relates to public interest information, news, elections, health, finance, safety, or legal judgments.\n\n### Labeling Checklist by Media Type\n\n| Content Type | Practical Labeling Method | Points to Note |\n|---|---|---|\n| Text | Notices at the top or bottom of posts, editor’s notes, or explanations of the generation method in the Terms of Service or Help section | For text intended to provide information on matters of public interest, clearly document whether human review and editorial responsibility apply |\n| Image | Notices surrounding the image, metadata in downloadable files, watermarks, or source information | Establish policies to distinguish between simple editing and heavily distorted合成 images |\n| Audio | Audio notices before and after playback, description fields, and file metadata | Synthetic voices that sound like those of real people must be evaluated separately for the potential to mislead |\n| Video | On-screen captions, description fields, notices at the beginning and end, metadata, and watermarks | Higher transparency standards are required for deepfakes, recreations of political or social statements, and videos featuring合成人物 |\n| Multimodal Content | Composite labeling tailored to text, images, audio, and video | Verify whether a single label is sufficient or if there remains a risk of misperception across each medium |\n\n## The Relationship Between Voluntary Codes of Conduct and Legal Obligations\n\nThe European Commission’s Code of Conduct is a practical tool that specifies how companies can fulfill their legal obligations. Although it is called a voluntary code of conduct, its significance should not be underestimated.\n\n### The Significance of Signing the Code of Conduct\n\n- The Code of Practice does not replace the AI Act itself.\n- Signatory companies may find it easier to demonstrate to regulators that they have established a compliance framework.\n- Non-signatory companies are not exempt from the legal obligations of the AI Act.\n- The Code of Practice can serve as a reference document to explain compliance standards in communications with supervisory authorities and the AI Office.\n\n### Items to Include in Internal Company Documents\n\n- Definition and scope of AI-generated content\n- Labeling criteria by content type\n- Exceptions where labeling may be omitted and the approval procedures for such exceptions\n- Technical labeling methods, such as metadata and watermarks\n- Procedures to verify that labeling is maintained when content is posted on external platforms\n- Procedures for handling user reports and correcting labeling errors\n- Log retention periods and responsible departments\n\n## GPAI Role Classification: Providers, Distributors, and Fine-Tuning Operators\n\nWhen reviewing GPAI obligations, the first step is to classify your own role. Even within the same company, one may be a simple user for one product and a model provider for another.\n\n| Role | General Definition | Key Responsibilities |\n|---|---|---|\n| GPAI Model Provider | An entity that develops a GPAI model or makes it available on the EU market under its own name | Technical documentation, information for downstream providers, copyright policy, training data summary |\n| AI System Provider | An entity that places an AI system on the market or provides it as a service to perform specific functions | Risk classification of the AI system, transparency, user guidance, and whether a conformity assessment has been conducted |\n| Distributor | An entity that provides or distributes AI systems or models within the supply chain | Communicating product information, verifying changes, and retaining supply chain documentation |\n| Deployer or User | An entity that uses an AI system for business purposes | User notifications, responsibility for output usage, internal controls, human oversight |\n| Fine-Tuning Provider | An entity that further trains or adjusts an existing model to provide it for a specific purpose or under a specific brand | May incur provider or sub-provider obligations depending on the extent of modifications |\n\n### Key Questions for Fine-Tuning Providers\n\n- Is this for internal use only, or is it provided to external customers?\n- Have the original model’s functions, risks, or intended use been substantially altered?\n- Are you offering the model or service under your own brand?\n- Are you maintaining the documentation and restrictions received from the original model provider?\n- Do you have records of reviews regarding the source, rights, personal information, and copyright of the fine-tuning data?\n\n## GPAI Provider Obligations Checklist\n\nGPAI model providers may bear heavier documentation and transparency obligations than general AI application operators. The following items constitute a practical checklist that should be reviewed as a priority around August 2026.\n\n### 1. Technical Documentation\n\n- General capabilities and limitations of the model\n- General information regarding training, validation, and testing\n- Key architectural and design choices\n- Information necessary for downstream providers to integrate the model safely\n- Model update and version history\n\n### 2. Information for Downstream Providers\n\nWhen providing a GPAI model via an API, open-source, license, or cloud service, sufficient information must be provided to enable downstream providers to design and evaluate their own AI systems. This may include performance limitations, prohibited uses, recommended safeguards, known risks, and integration guidelines.\n\n### 3. Copyright Policy\n\nThe AI Act requires GPAI providers to establish copyright-related policies. Companies must, at a minimum, document the following:\n\n- Policies for the collection and use of training data\n- Procedures for handling copyright-protected content\n- Procedures for identifying opt-out requests or usage restriction signals from rights holders\n- Methods for verifying dataset sources and licenses\n- Procedures for receiving and responding to infringement reports\n\n### 4. Training Data Summary\n\nGPAI providers must provide a sufficiently detailed summary of the content used for training. While this does not mean that the entire source data must be disclosed, it must be possible to understand what types of data were used and to what extent.\n\n### 5. System Risk Assessment\n\nSome powerful GPAI models may be classified as posing systemic risks. In such cases, companies must consider the following enhanced obligations:\n\n- Model evaluation and adversarial testing\n- Identification, analysis, and mitigation of systemic risks\n- Procedures for monitoring and reporting serious incidents\n- Cybersecurity safeguards\n- Post-launch monitoring and iterative improvement\n\n## Assessing the Scope of EU Application for Korean and U.S. Companies\n\nThe EU AI Act is not a regulation that applies exclusively to EU companies. Non-EU companies must also assess their potential subjection to the Act if they provide AI systems or GPAI models to the EU market, offer services to users within the EU, or have a structure where the outputs of their AI systems are used in the EU.\n\n### Checklist for Non-EU Companies\n\n1. Can EU users sign up, make payments, or use the service?\n2. Are the service language, pricing, customer support, and marketing targeted at the EU market?\n3. Do API customers or B2B customers use the model in the EU?\n4. Do the outputs generated by the AI affect EU consumers, workers, citizens, or voters?\n5. Is the service provided through an EU legal entity, representative, reseller, or cloud partner?\n6. Even if EU users are explicitly excluded in the terms of service, is actual access and use controlled?\n\n## Internal Action Plan to Be Prepared by August 2026\n\n### Product and Technology Teams\n\n- Design UI components that allow for the application of default labels to generative AI outputs\n- Test the preservation of metadata in image, audio, and video files\n- Verify that watermarks and content source information are retained after compression and re-upload\n- Implement logic to distinguish between AI-generated content and human-edited content\n\n### Legal and Policy Team\n\n- Draft a memo outlining the scope of application and classification of roles under the AI Act\n- Review whether to sign the Code of Conduct and develop a compliance strategy\n- Revise copyright policies, data usage policies, and reporting procedures\n- Incorporate clauses on AI roles and responsibilities into contracts with EU customers and partners\n\n### Security and Risk Team\n\n- Develop scenarios for model misuse\n- Assess risks related to synthetic identities, fraud, misinformation, and election/public interest information\n- Designate incident reporting channels and responsible personnel\n- Establish systems for log retention, access controls, and audit trails\n\n### Executive Management\n\n- Finalize budget and responsible organizations by August 2026\n- Prioritize high-risk product lines and GPAI-related product lines\n- Approve explanatory materials to address inquiries from regulatory agencies, customer due diligence, and investor questions\n\n## Quick Self-Assessment Checklist\n\n| Question | Yes | No | Next Steps |\n|---|---:|---:|---|\n| Can EU users access the service? |  |  | Review EU scope of application |\n| Are text, image, audio, and video outputs labeled as AI-generated? |  |  | Design labeling UI and metadata |\n| Are AI-generated texts related to matters of public interest managed separately? |  |  | Record responsibility for human review and editing |\n| Do you offer GPAI models under your own brand? |  |  | Review GPAI provider obligations |\n| Do you provide fine-tuned models to external customers? |  |  | Role Reclassification and Documentation |\n| Are training data and copyright policies documented? |  |  | Establishment of a Data and Rights Review System |\n| Are there system risk assessments and incident reporting procedures in place? |  |  | Establishment of a Risk Management System |\n\n## Common Misconceptions in Practice\n\n### Misconception 1: Code of Conducts Are Voluntary and Can Be Ignored\n\nWhile codes of conduct are voluntary in nature, the legal obligations under the AI Act exist separately. Codes of conduct can serve as a reference point for demonstrating how those obligations are met.\n\n### Misconception 2: It is sufficient to display labels on the screen only once\n\nLabels may disappear as content is downloaded, shared, re-uploaded, or edited. It is safer to design both human-readable and machine-readable labels.\n\n### Misconception 3: Companies in South Korea or the U.S. are not subject to the EU AI Act\n\nEven companies based outside the EU may be subject to the Act if their services are connected to the EU market or EU users. In particular, for APIs, SaaS, app stores, open-source models, and cloud deployment structures, the actual location of use must be verified.\n\n### Misconception 4: Fine-tuning is always merely a form of use\n\nIf you provide the results of fine-tuning to third parties or offer them as a service under your own brand, you may face greater liability depending on the extent of the modifications and the method of provision.\n\n## Conclusion\n\nAs the EU AI Act takes effect in August 2026, the first step for companies is to clarify their labeling system for AI-generated content and the classification of GPAI roles. Labeling is not merely the insertion of text but an operational framework that combines UI, metadata, watermarks, editorial responsibility, and log retention. Companies that provide or fine-tune and deploy GPAI models must review their technical documentation, copyright policies, training data summaries, and system risk assessments before August 2026.","content_html":"\u003ch2\u003e\u003ca href=\"#conclusion-at-a-glance\" class=\"anchor\" id=\"conclusion-at-a-glance\"\u003e\u003c/a\u003eConclusion at a Glance\u003c/h2\u003e\n\u003cp\u003eThe European Union’s AI Act will enter a phase where the marking and labeling of generative AI content, along with certain transparency obligations, will take full effect starting August 2, 2026. On June 10, 2026, the European Commission published implementing rules regarding the identification and labeling of AI-generated content, which serve as practical guidelines for companies to refer to when incorporating these legal obligations into their actual product and service operations.\u003c/p\u003e\n\u003cp\u003eThis article is not legal advice but rather a knowledge resource for compliance review. Actual applicability may vary depending on service structure, user location, model delivery methods, contractual roles, and interpretations by local regulatory authorities.\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"#key-dates-and-implementation-points\" class=\"anchor\" id=\"key-dates-and-implementation-points\"\u003e\u003c/a\u003eKey Dates and Implementation Points\u003c/h2\u003e\n\u003cdiv class=\"overflow-x-auto\"\u003e\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eItem\u003c/th\u003e\n\u003cth\u003eKey Details\u003c/th\u003e\n\u003cth\u003ePoints for Companies to Check\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003eJune 10, 2026\u003c/td\u003e\n\u003ctd\u003eEuropean Commission publishes Code of Practice on the identification and labeling of AI-generated content\u003c/td\u003e\n\u003ctd\u003eReview whether product UI, metadata, watermarks, and public disclosure methods comply with the Code of Practice\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eAugust 2, 2026\u003c/td\u003e\n\u003ctd\u003eRelevant transparency obligations under the AI Act take effect\u003c/td\u003e\n\u003ctd\u003ePrepare labeling policies and logs for text, images, audio, and video\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eAugust 2, 2026\u003c/td\u003e\n\u003ctd\u003eDesignated as the date when enforcement powers against GPAI model providers take full effect\u003c/td\u003e\n\u003ctd\u003eReview technical documentation, copyright policies, training data summaries, and risk management systems\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eContinued Application\u003c/td\u003e\n\u003ctd\u003eMay also apply to non-EU businesses connected to the EU market or EU users\u003c/td\u003e\n\u003ctd\u003eEven for entities based in South Korea or the U.S., scope must be assessed based on whether they provide services to the EU\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\u003c/div\u003e\n\u003ch2\u003e\u003ca href=\"#glossary\" class=\"anchor\" id=\"glossary\"\u003e\u003c/a\u003eGlossary\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"#ai-generated-content\" class=\"anchor\" id=\"ai-generated-content\"\u003e\u003c/a\u003eAI-Generated Content\u003c/h3\u003e\n\u003cp\u003eThis refers to text, images, audio, video, or combinations thereof created by AI systems. The transparency obligations under the AI Act are particularly significant for content that appears to have been created by a human or that could mislead users into believing that real people, events, or statements are factual.\u003c/p\u003e\n\u003ch3\u003e\u003ca href=\"#generative-ai-labeling\" class=\"anchor\" id=\"generative-ai-labeling\"\u003e\u003c/a\u003eGenerative AI Labeling\u003c/h3\u003e\n\u003cp\u003eGenerative AI labeling is the process of indicating to users or recipients whether content has been generated or manipulated by AI. From a practical standpoint, it is safest to consider labeling methods in the following two tiers.\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eHuman-readable labels\u003c/strong\u003e: On-screen text, icons, subtitles, description fields, post notices, etc.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMachine-readable indicators\u003c/strong\u003e: Metadata, content source information, watermarks, content authentication and provenance information, etc.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3\u003e\u003ca href=\"#gpai-models\" class=\"anchor\" id=\"gpai-models\"\u003e\u003c/a\u003eGPAI Models\u003c/h3\u003e\n\u003cp\u003eGPAI stands for “general-purpose AI” and refers to AI models that can be widely used for various subtasks and application services. This includes large language models, multimodal models, and image generation models. The level of compliance required differs between companies that simply use AI functions and those that provide GPAI models themselves.\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"#generative-ai-labeling-requirements-changing-starting-august-2026\" class=\"anchor\" id=\"generative-ai-labeling-requirements-changing-starting-august-2026\"\u003e\u003c/a\u003eGenerative AI Labeling Requirements Changing Starting August 2026\u003c/h2\u003e\n\u003cp\u003eThe transparency framework of the AI Act aims to ensure that users can determine whether they are interacting with AI or whether the content they encounter has been generated or manipulated by AI. In particular, the clarity of labeling is crucial when AI-generated content relates to public interest information, news, elections, health, finance, safety, or legal judgments.\u003c/p\u003e\n\u003ch3\u003e\u003ca href=\"#labeling-checklist-by-media-type\" class=\"anchor\" id=\"labeling-checklist-by-media-type\"\u003e\u003c/a\u003eLabeling Checklist by Media Type\u003c/h3\u003e\n\u003cdiv class=\"overflow-x-auto\"\u003e\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eContent Type\u003c/th\u003e\n\u003cth\u003ePractical Labeling Method\u003c/th\u003e\n\u003cth\u003ePoints to Note\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003eText\u003c/td\u003e\n\u003ctd\u003eNotices at the top or bottom of posts, editor’s notes, or explanations of the generation method in the Terms of Service or Help section\u003c/td\u003e\n\u003ctd\u003eFor text intended to provide information on matters of public interest, clearly document whether human review and editorial responsibility apply\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eImage\u003c/td\u003e\n\u003ctd\u003eNotices surrounding the image, metadata in downloadable files, watermarks, or source information\u003c/td\u003e\n\u003ctd\u003eEstablish policies to distinguish between simple editing and heavily distorted合成 images\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eAudio\u003c/td\u003e\n\u003ctd\u003eAudio notices before and after playback, description fields, and file metadata\u003c/td\u003e\n\u003ctd\u003eSynthetic voices that sound like those of real people must be evaluated separately for the potential to mislead\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eVideo\u003c/td\u003e\n\u003ctd\u003eOn-screen captions, description fields, notices at the beginning and end, metadata, and watermarks\u003c/td\u003e\n\u003ctd\u003eHigher transparency standards are required for deepfakes, recreations of political or social statements, and videos featuring合成人物\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eMultimodal Content\u003c/td\u003e\n\u003ctd\u003eComposite labeling tailored to text, images, audio, and video\u003c/td\u003e\n\u003ctd\u003eVerify whether a single label is sufficient or if there remains a risk of misperception across each medium\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\u003c/div\u003e\n\u003ch2\u003e\u003ca href=\"#the-relationship-between-voluntary-codes-of-conduct-and-legal-obligations\" class=\"anchor\" id=\"the-relationship-between-voluntary-codes-of-conduct-and-legal-obligations\"\u003e\u003c/a\u003eThe Relationship Between Voluntary Codes of Conduct and Legal Obligations\u003c/h2\u003e\n\u003cp\u003eThe European Commission’s Code of Conduct is a practical tool that specifies how companies can fulfill their legal obligations. Although it is called a voluntary code of conduct, its significance should not be underestimated.\u003c/p\u003e\n\u003ch3\u003e\u003ca href=\"#the-significance-of-signing-the-code-of-conduct\" class=\"anchor\" id=\"the-significance-of-signing-the-code-of-conduct\"\u003e\u003c/a\u003eThe Significance of Signing the Code of Conduct\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe Code of Practice does not replace the AI Act itself.\u003c/li\u003e\n\u003cli\u003eSignatory companies may find it easier to demonstrate to regulators that they have established a compliance framework.\u003c/li\u003e\n\u003cli\u003eNon-signatory companies are not exempt from the legal obligations of the AI Act.\u003c/li\u003e\n\u003cli\u003eThe Code of Practice can serve as a reference document to explain compliance standards in communications with supervisory authorities and the AI Office.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"#items-to-include-in-internal-company-documents\" class=\"anchor\" id=\"items-to-include-in-internal-company-documents\"\u003e\u003c/a\u003eItems to Include in Internal Company Documents\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDefinition and scope of AI-generated content\u003c/li\u003e\n\u003cli\u003eLabeling criteria by content type\u003c/li\u003e\n\u003cli\u003eExceptions where labeling may be omitted and the approval procedures for such exceptions\u003c/li\u003e\n\u003cli\u003eTechnical labeling methods, such as metadata and watermarks\u003c/li\u003e\n\u003cli\u003eProcedures to verify that labeling is maintained when content is posted on external platforms\u003c/li\u003e\n\u003cli\u003eProcedures for handling user reports and correcting labeling errors\u003c/li\u003e\n\u003cli\u003eLog retention periods and responsible departments\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"#gpai-role-classification-providers-distributors-and-fine-tuning-operators\" class=\"anchor\" id=\"gpai-role-classification-providers-distributors-and-fine-tuning-operators\"\u003e\u003c/a\u003eGPAI Role Classification: Providers, Distributors, and Fine-Tuning Operators\u003c/h2\u003e\n\u003cp\u003eWhen reviewing GPAI obligations, the first step is to classify your own role. Even within the same company, one may be a simple user for one product and a model provider for another.\u003c/p\u003e\n\u003cdiv class=\"overflow-x-auto\"\u003e\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eRole\u003c/th\u003e\n\u003cth\u003eGeneral Definition\u003c/th\u003e\n\u003cth\u003eKey Responsibilities\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003eGPAI Model Provider\u003c/td\u003e\n\u003ctd\u003eAn entity that develops a GPAI model or makes it available on the EU market under its own name\u003c/td\u003e\n\u003ctd\u003eTechnical documentation, information for downstream providers, copyright policy, training data summary\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eAI System Provider\u003c/td\u003e\n\u003ctd\u003eAn entity that places an AI system on the market or provides it as a service to perform specific functions\u003c/td\u003e\n\u003ctd\u003eRisk classification of the AI system, transparency, user guidance, and whether a conformity assessment has been conducted\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eDistributor\u003c/td\u003e\n\u003ctd\u003eAn entity that provides or distributes AI systems or models within the supply chain\u003c/td\u003e\n\u003ctd\u003eCommunicating product information, verifying changes, and retaining supply chain documentation\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eDeployer or User\u003c/td\u003e\n\u003ctd\u003eAn entity that uses an AI system for business purposes\u003c/td\u003e\n\u003ctd\u003eUser notifications, responsibility for output usage, internal controls, human oversight\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eFine-Tuning Provider\u003c/td\u003e\n\u003ctd\u003eAn entity that further trains or adjusts an existing model to provide it for a specific purpose or under a specific brand\u003c/td\u003e\n\u003ctd\u003eMay incur provider or sub-provider obligations depending on the extent of modifications\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\u003c/div\u003e\n\u003ch3\u003e\u003ca href=\"#key-questions-for-fine-tuning-providers\" class=\"anchor\" id=\"key-questions-for-fine-tuning-providers\"\u003e\u003c/a\u003eKey Questions for Fine-Tuning Providers\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eIs this for internal use only, or is it provided to external customers?\u003c/li\u003e\n\u003cli\u003eHave the original model’s functions, risks, or intended use been substantially altered?\u003c/li\u003e\n\u003cli\u003eAre you offering the model or service under your own brand?\u003c/li\u003e\n\u003cli\u003eAre you maintaining the documentation and restrictions received from the original model provider?\u003c/li\u003e\n\u003cli\u003eDo you have records of reviews regarding the source, rights, personal information, and copyright of the fine-tuning data?\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"#gpai-provider-obligations-checklist\" class=\"anchor\" id=\"gpai-provider-obligations-checklist\"\u003e\u003c/a\u003eGPAI Provider Obligations Checklist\u003c/h2\u003e\n\u003cp\u003eGPAI model providers may bear heavier documentation and transparency obligations than general AI application operators. The following items constitute a practical checklist that should be reviewed as a priority around August 2026.\u003c/p\u003e\n\u003ch3\u003e\u003ca href=\"#1-technical-documentation\" class=\"anchor\" id=\"1-technical-documentation\"\u003e\u003c/a\u003e1. Technical Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral capabilities and limitations of the model\u003c/li\u003e\n\u003cli\u003eGeneral information regarding training, validation, and testing\u003c/li\u003e\n\u003cli\u003eKey architectural and design choices\u003c/li\u003e\n\u003cli\u003eInformation necessary for downstream providers to integrate the model safely\u003c/li\u003e\n\u003cli\u003eModel update and version history\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"#2-information-for-downstream-providers\" class=\"anchor\" id=\"2-information-for-downstream-providers\"\u003e\u003c/a\u003e2. Information for Downstream Providers\u003c/h3\u003e\n\u003cp\u003eWhen providing a GPAI model via an API, open-source, license, or cloud service, sufficient information must be provided to enable downstream providers to design and evaluate their own AI systems. This may include performance limitations, prohibited uses, recommended safeguards, known risks, and integration guidelines.\u003c/p\u003e\n\u003ch3\u003e\u003ca href=\"#3-copyright-policy\" class=\"anchor\" id=\"3-copyright-policy\"\u003e\u003c/a\u003e3. Copyright Policy\u003c/h3\u003e\n\u003cp\u003eThe AI Act requires GPAI providers to establish copyright-related policies. Companies must, at a minimum, document the following:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePolicies for the collection and use of training data\u003c/li\u003e\n\u003cli\u003eProcedures for handling copyright-protected content\u003c/li\u003e\n\u003cli\u003eProcedures for identifying opt-out requests or usage restriction signals from rights holders\u003c/li\u003e\n\u003cli\u003eMethods for verifying dataset sources and licenses\u003c/li\u003e\n\u003cli\u003eProcedures for receiving and responding to infringement reports\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"#4-training-data-summary\" class=\"anchor\" id=\"4-training-data-summary\"\u003e\u003c/a\u003e4. Training Data Summary\u003c/h3\u003e\n\u003cp\u003eGPAI providers must provide a sufficiently detailed summary of the content used for training. While this does not mean that the entire source data must be disclosed, it must be possible to understand what types of data were used and to what extent.\u003c/p\u003e\n\u003ch3\u003e\u003ca href=\"#5-system-risk-assessment\" class=\"anchor\" id=\"5-system-risk-assessment\"\u003e\u003c/a\u003e5. System Risk Assessment\u003c/h3\u003e\n\u003cp\u003eSome powerful GPAI models may be classified as posing systemic risks. In such cases, companies must consider the following enhanced obligations:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eModel evaluation and adversarial testing\u003c/li\u003e\n\u003cli\u003eIdentification, analysis, and mitigation of systemic risks\u003c/li\u003e\n\u003cli\u003eProcedures for monitoring and reporting serious incidents\u003c/li\u003e\n\u003cli\u003eCybersecurity safeguards\u003c/li\u003e\n\u003cli\u003ePost-launch monitoring and iterative improvement\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"#assessing-the-scope-of-eu-application-for-korean-and-us-companies\" class=\"anchor\" id=\"assessing-the-scope-of-eu-application-for-korean-and-us-companies\"\u003e\u003c/a\u003eAssessing the Scope of EU Application for Korean and U.S. Companies\u003c/h2\u003e\n\u003cp\u003eThe EU AI Act is not a regulation that applies exclusively to EU companies. Non-EU companies must also assess their potential subjection to the Act if they provide AI systems or GPAI models to the EU market, offer services to users within the EU, or have a structure where the outputs of their AI systems are used in the EU.\u003c/p\u003e\n\u003ch3\u003e\u003ca href=\"#checklist-for-non-eu-companies\" class=\"anchor\" id=\"checklist-for-non-eu-companies\"\u003e\u003c/a\u003eChecklist for Non-EU Companies\u003c/h3\u003e\n\u003col\u003e\n\u003cli\u003eCan EU users sign up, make payments, or use the service?\u003c/li\u003e\n\u003cli\u003eAre the service language, pricing, customer support, and marketing targeted at the EU market?\u003c/li\u003e\n\u003cli\u003eDo API customers or B2B customers use the model in the EU?\u003c/li\u003e\n\u003cli\u003eDo the outputs generated by the AI affect EU consumers, workers, citizens, or voters?\u003c/li\u003e\n\u003cli\u003eIs the service provided through an EU legal entity, representative, reseller, or cloud partner?\u003c/li\u003e\n\u003cli\u003eEven if EU users are explicitly excluded in the terms of service, is actual access and use controlled?\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003e\u003ca href=\"#internal-action-plan-to-be-prepared-by-august-2026\" class=\"anchor\" id=\"internal-action-plan-to-be-prepared-by-august-2026\"\u003e\u003c/a\u003eInternal Action Plan to Be Prepared by August 2026\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"#product-and-technology-teams\" class=\"anchor\" id=\"product-and-technology-teams\"\u003e\u003c/a\u003eProduct and Technology Teams\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDesign UI components that allow for the application of default labels to generative AI outputs\u003c/li\u003e\n\u003cli\u003eTest the preservation of metadata in image, audio, and video files\u003c/li\u003e\n\u003cli\u003eVerify that watermarks and content source information are retained after compression and re-upload\u003c/li\u003e\n\u003cli\u003eImplement logic to distinguish between AI-generated content and human-edited content\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"#legal-and-policy-team\" class=\"anchor\" id=\"legal-and-policy-team\"\u003e\u003c/a\u003eLegal and Policy Team\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDraft a memo outlining the scope of application and classification of roles under the AI Act\u003c/li\u003e\n\u003cli\u003eReview whether to sign the Code of Conduct and develop a compliance strategy\u003c/li\u003e\n\u003cli\u003eRevise copyright policies, data usage policies, and reporting procedures\u003c/li\u003e\n\u003cli\u003eIncorporate clauses on AI roles and responsibilities into contracts with EU customers and partners\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"#security-and-risk-team\" class=\"anchor\" id=\"security-and-risk-team\"\u003e\u003c/a\u003eSecurity and Risk Team\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDevelop scenarios for model misuse\u003c/li\u003e\n\u003cli\u003eAssess risks related to synthetic identities, fraud, misinformation, and election/public interest information\u003c/li\u003e\n\u003cli\u003eDesignate incident reporting channels and responsible personnel\u003c/li\u003e\n\u003cli\u003eEstablish systems for log retention, access controls, and audit trails\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"#executive-management\" class=\"anchor\" id=\"executive-management\"\u003e\u003c/a\u003eExecutive Management\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFinalize budget and responsible organizations by August 2026\u003c/li\u003e\n\u003cli\u003ePrioritize high-risk product lines and GPAI-related product lines\u003c/li\u003e\n\u003cli\u003eApprove explanatory materials to address inquiries from regulatory agencies, customer due diligence, and investor questions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"#quick-self-assessment-checklist\" class=\"anchor\" id=\"quick-self-assessment-checklist\"\u003e\u003c/a\u003eQuick Self-Assessment Checklist\u003c/h2\u003e\n\u003cdiv class=\"overflow-x-auto\"\u003e\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eQuestion\u003c/th\u003e\n\u003cth\u003eYes\u003c/th\u003e\n\u003cth\u003eNo\u003c/th\u003e\n\u003cth\u003eNext Steps\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003eCan EU users access the service?\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003eReview EU scope of application\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eAre text, image, audio, and video outputs labeled as AI-generated?\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003eDesign labeling UI and metadata\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eAre AI-generated texts related to matters of public interest managed separately?\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003eRecord responsibility for human review and editing\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eDo you offer GPAI models under your own brand?\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003eReview GPAI provider obligations\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eDo you provide fine-tuned models to external customers?\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003eRole Reclassification and Documentation\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eAre training data and copyright policies documented?\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003eEstablishment of a Data and Rights Review System\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eAre there system risk assessments and incident reporting procedures in place?\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003e\u003c/td\u003e\n\u003ctd\u003eEstablishment of a Risk Management System\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\u003c/div\u003e\n\u003ch2\u003e\u003ca href=\"#common-misconceptions-in-practice\" class=\"anchor\" id=\"common-misconceptions-in-practice\"\u003e\u003c/a\u003eCommon Misconceptions in Practice\u003c/h2\u003e\n\u003ch3\u003e\u003ca href=\"#misconception-1-code-of-conducts-are-voluntary-and-can-be-ignored\" class=\"anchor\" id=\"misconception-1-code-of-conducts-are-voluntary-and-can-be-ignored\"\u003e\u003c/a\u003eMisconception 1: Code of Conducts Are Voluntary and Can Be Ignored\u003c/h3\u003e\n\u003cp\u003eWhile codes of conduct are voluntary in nature, the legal obligations under the AI Act exist separately. Codes of conduct can serve as a reference point for demonstrating how those obligations are met.\u003c/p\u003e\n\u003ch3\u003e\u003ca href=\"#misconception-2-it-is-sufficient-to-display-labels-on-the-screen-only-once\" class=\"anchor\" id=\"misconception-2-it-is-sufficient-to-display-labels-on-the-screen-only-once\"\u003e\u003c/a\u003eMisconception 2: It is sufficient to display labels on the screen only once\u003c/h3\u003e\n\u003cp\u003eLabels may disappear as content is downloaded, shared, re-uploaded, or edited. It is safer to design both human-readable and machine-readable labels.\u003c/p\u003e\n\u003ch3\u003e\u003ca href=\"#misconception-3-companies-in-south-korea-or-the-us-are-not-subject-to-the-eu-ai-act\" class=\"anchor\" id=\"misconception-3-companies-in-south-korea-or-the-us-are-not-subject-to-the-eu-ai-act\"\u003e\u003c/a\u003eMisconception 3: Companies in South Korea or the U.S. are not subject to the EU AI Act\u003c/h3\u003e\n\u003cp\u003eEven companies based outside the EU may be subject to the Act if their services are connected to the EU market or EU users. In particular, for APIs, SaaS, app stores, open-source models, and cloud deployment structures, the actual location of use must be verified.\u003c/p\u003e\n\u003ch3\u003e\u003ca href=\"#misconception-4-fine-tuning-is-always-merely-a-form-of-use\" class=\"anchor\" id=\"misconception-4-fine-tuning-is-always-merely-a-form-of-use\"\u003e\u003c/a\u003eMisconception 4: Fine-tuning is always merely a form of use\u003c/h3\u003e\n\u003cp\u003eIf you provide the results of fine-tuning to third parties or offer them as a service under your own brand, you may face greater liability depending on the extent of the modifications and the method of provision.\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"#conclusion\" class=\"anchor\" id=\"conclusion\"\u003e\u003c/a\u003eConclusion\u003c/h2\u003e\n\u003cp\u003eAs the EU AI Act takes effect in August 2026, the first step for companies is to clarify their labeling system for AI-generated content and the classification of GPAI roles. Labeling is not merely the insertion of text but an operational framework that combines UI, metadata, watermarks, editorial responsibility, and log retention. Companies that provide or fine-tune and deploy GPAI models must review their technical documentation, copyright policies, training data summaries, and system risk assessments before August 2026.\u003c/p\u003e\n","tags":["EU AI Act","General purpose AI","Compliance","Generative AI","AI labeling"],"faqs":[{"question":"When will the generative AI labeling requirements under the EU AI Act take effect?","answer":"Based on the information provided, the relevant transparency requirements will take effect on August 2, 2026. Companies must prepare their labeling methods for text, images, audio, and video, as well as their internal approval procedures, before that date."},{"question":"Does signing a voluntary code of conduct exempt one from legal obligations?","answer":"No. Codes of conduct do not replace legal obligations. However, signing and implementing them can help demonstrate that a company has established a system of diligent compliance."},{"question":"Does all text generated by AI have to be labeled in the same way?","answer":"In practice, the level of disclosure can be tailored based on the content’s purpose, scope of distribution, relevance to matters of public interest, and whether it has been reviewed by a human. However, clear and consistent standards are necessary to ensure that users do not misinterpret whether the content was generated by AI."},{"question":"Is text on the screen alone sufficient for labeling images or videos?","answer":"On-screen text is important, but it may disappear during the sharing or downloading process. Whenever possible, it’s safer to also check for machine-readable markers such as metadata, watermarks, and content source information."},{"question":"What is the difference between a GPAI model provider and a user of basic AI services?","answer":"A GPAI model provider is an entity that develops general-purpose AI models or markets them under its own name. A simple user is an entity that uses such models for internal operations or specific services, and may be subject to different levels of obligations."},{"question":"Does fine-tuning automatically make me a GPAI provider?","answer":"This is not always the case. However, if a fine-tuned model is provided to external customers or distributed under the provider’s own brand in a way that substantially alters the functionality or risks of the original model, the provider’s or sub-provider’s liability must be examined."},{"question":"Do Korean companies need to comply with the EU AI Act?","answer":"This may apply if you provide AI services to EU users or supply AI systems or GPAI models to the EU market. The fact that a company is based in South Korea does not mean it is exempt from compliance with the EU AI Act."},{"question":"Does this also apply to cases where a U.S. AI company provides APIs to EU customers?","answer":"That is possible. If an EU customer uses a GPAI model or AI system via an API and the output is used within the EU, the role and scope of application must be reviewed."},{"question":"What are the key documents that GPAI providers need to prepare?","answer":"Technical documentation, information for sub-providers, copyright policies, training data summaries, model update histories, risk assessments, and incident response procedures are key. For models that pose systemic risks, evaluation and mitigation measures are even more important."},{"question":"What are the priorities for preparing for the EU AI Act?","answer":"First, companies should define the scope of EU regulations and their own roles, and incorporate the generative AI labeling system into their products. Next, it is practically appropriate to revise documentation related to GPAI, copyright policies, system risk assessments, and contract clauses in that order."}],"sources":[{"url":"https://digital-strategy.ec.europa.eu/en/news/commission-publishes-code-practice-marking-and-labelling-ai-generated-content","title":"European Commission: Commission Publishes Code of Practice on Marking and Labeling AI-Generated Content","type":"source"},{"url":"https://digital-strategy.ec.europa.eu/en/policies/code-practice-ai-generated-content","title":"European Commission: Code of Practice for AI-Generated Content","type":"source"},{"url":"https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai","title":"European Commission: Contents of the Code of Practice on General-Purpose AI","type":"source"},{"url":"https://ai-act-service-desk.ec.europa.eu/en/faq","title":"AI Act Service Desk FAQ","type":"source"}],"images":[{"id":110,"url":"https://injoys.com/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTA2MCwicHVyIjoiYmxvYl9pZCJ9fQ==--07095cda3aa6661cf4b523c79f1e912e1ba9cdda/ai-d0dbd2b7.webp","is_representative":true,"generation_method":"ai_image","license":"ai_generated","mime_type":"image/webp","translations":{"ko":{"alt":"유럽 지도 위 AI 방패와 이미지·음성·영상·문서 카드의 체크 표시","caption":"EU AI Act에 따른 생성형 AI 콘텐츠 표시와 GPAI 의무 준수를 시각화한 일러스트입니다.","description":null},"en":{"alt":"Europe map with an AI shield and checked image, audio, video, and document cards","caption":"The illustration shows EU AI Act checks for generative AI labels and GPAI duties.","description":null},"ja":{"alt":"欧州地図にAIシールドとチェック付きの画像・音声・動画・文書カード","caption":"EU AI法における生成AI表示とGPAI義務の確認を示すイラストです。","description":null},"es":{"alt":"Mapa de Europa con escudo de IA y tarjetas verificadas de imagen, audio, video y documento","caption":"La ilustración contextualiza las comprobaciones del Reglamento de IA de la UE para etiquetado generativo y GPAI.","description":null},"id":{"alt":"Peta Eropa dengan perisai AI dan kartu gambar, audio, video, serta dokumen bertanda centang","caption":"Ilustrasi ini menggambarkan pemeriksaan EU AI Act untuk label AI generatif dan kewajiban GPAI.","description":null},"pt":{"alt":"Mapa da Europa com escudo de IA e cartões verificados de imagem, áudio, vídeo e documento","caption":"A ilustração mostra verificações do EU AI Act para rotulagem de IA generativa e obrigações de GPAI.","description":null},"zh-hant":{"alt":"歐洲地圖上的 AI 盾牌與已勾選的圖片、音訊、影片和文件卡片","caption":"這幅插圖呈現 EU AI Act 對生成式 AI 標示與 GPAI 義務的查核。","description":null}}},{"id":111,"url":"https://injoys.com/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTA2NiwicHVyIjoiYmxvYl9pZCJ9fQ==--54be3660f71e1d99412c1901e67320b99aaee584/ai-d17b76b0.webp","is_representative":false,"generation_method":"ai_image","license":"ai_generated","mime_type":"image/webp","translations":{"ko":{"alt":"EU 깃발을 중심으로 AI 모델, 데이터베이스, 보안, 위험도와 체크리스트가 연결된 인포그래픽","caption":"EU AI Act 준수를 위한 데이터, 보안, 위험 관리, 체크리스트 요소를 시각화한 그림입니다.","description":null},"en":{"alt":"EU flag hub connected to an AI cube, databases, security lock, risk gauge, warning sign, and checklists","caption":"The illustration visualizes key EU AI Act compliance areas such as data, security, risk, and documentation.","description":null},"ja":{"alt":"EU旗を中心にAIキューブ、データベース、鍵、リスク計、警告、チェックリストがつながる図","caption":"EU AI Act対応に必要なデータ、セキュリティ、リスク管理、文書化を示すイラストです。","description":null},"es":{"alt":"Centro con bandera de la UE conectado a IA, bases de datos, candado, medidor de riesgo, alerta y listas","caption":"La ilustración resume áreas de cumplimiento del EU AI Act como datos, seguridad, riesgo y documentación.","description":null},"id":{"alt":"Bendera UE sebagai pusat terhubung ke kubus AI, basis data, kunci, pengukur risiko, peringatan, dan daftar cek","caption":"Ilustrasi ini menampilkan area kepatuhan EU AI Act seperti data, keamanan, risiko, dan dokumentasi.","description":null},"pt":{"alt":"Bandeira da UE ao centro ligada a cubo de IA, bancos de dados, cadeado, medidor de risco, alerta e checklists","caption":"A ilustração destaca áreas de conformidade do EU AI Act, como dados, segurança, risco e documentação.","description":null},"zh-hant":{"alt":"以歐盟旗幟為中心，連接 AI 方塊、資料庫、鎖頭、風險儀表、警示與檢查清單","caption":"這張插圖呈現 EU AI Act 合規所涉及的資料、安全、風險與文件管理重點。","description":null}}}],"published_at":"2026-07-09T19:41:54+09:00","updated_at":"2026-07-09T19:41:54+09:00","license":"cc_by","translation_status":"reviewed","available_locales":["ko","en","ja","es"],"data_locales":["ko","en","ja","es","id","pt","zh-hant"],"url":"https://injoys.com/en/articles/eu-ai-act-2026-generative-ai-labeling-gpai-checklist"}