Checklist for the EU AI Act, Effective August 2026: Generative AI Labeling and GPAI Requirements ================================================================================================ This document summarizes the EU AI Act’s requirements for the disclosure and labeling of generative AI content, as well as key enforcement points regarding providers of GPAI models, which take effect on August 2, 2026. It provides a checklist covering role definitions, documentation, copyright, and risk management that Korean and U.S. companies should review when providing AI services to users in the EU. - Starting August 2, 2026, key transparency obligations under the EU AI Act—such as the identification and labeling of AI-generated content—will take effect. - Signing a voluntary code of conduct does not eliminate legal obligations, but it can help demonstrate to regulatory authorities that a company is making a sincere effort to comply. - GPAI model providers must review their separate documentation requirements, including technical documentation, information for sub-providers, copyright policies, and training data summaries. - GPAI models that pose systemic risks require a strengthened management framework, including assessment, risk mitigation, reporting of major incidents, and cybersecurity measures. - Companies in South Korea and the United States—which are outside the EU—must also assess whether they fall within the scope of the regulation if they provide AI systems or GPAI models to the EU market or if their outputs are used within the EU. Conclusion at a Glance The European Union’s AI Act will enter a phase where the marking and labeling of generative AI content, along with certain transparency obligations, will take full effect starting August 2, 2026. On June 10, 2026, the European Commission published implementing rules regarding the identification and labeling of AI-generated content, which serve as practical guidelines for companies to refer to when incorporating these legal obligations into their actual product and service operations. This article is not legal advice but rather a knowledge resource for compliance review. Actual applicability may vary depending on service structure, user location, model delivery methods, contractual roles, and interpretations by local regulatory authorities. Key Dates and Implementation Points Item Key Details Points for Companies to Check June 10, 2026 European Commission publishes Code of Practice on the identification and labeling of AI-generated content Review whether product UI, metadata, watermarks, and public disclosure methods comply with the Code of Practice August 2, 2026 Relevant transparency obligations under the AI Act take effect Prepare labeling policies and logs for text, images, audio, and video August 2, 2026 Designated as the date when enforcement powers against GPAI model providers take full effect Review technical documentation, copyright policies, training data summaries, and risk management systems Continued Application May also apply to non-EU businesses connected to the EU market or EU users Even for entities based in South Korea or the U.S., scope must be assessed based on whether they provide services to the EU Glossary AI-Generated Content This refers to text, images, audio, video, or combinations thereof created by AI systems. The transparency obligations under the AI Act are particularly significant for content that appears to have been created by a human or that could mislead users into believing that real people, events, or statements are factual. Generative AI Labeling Generative AI labeling is the process of indicating to users or recipients whether content has been generated or manipulated by AI. From a practical standpoint, it is safest to consider labeling methods in the following two tiers. Human-readable labels: On-screen text, icons, subtitles, description fields, post notices, etc. Machine-readable indicators: Metadata, content source information, watermarks, content authentication and provenance information, etc. GPAI Models GPAI stands for “general-purpose AI” and refers to AI models that can be widely used for various subtasks and application services. This includes large language models, multimodal models, and image generation models. The level of compliance required differs between companies that simply use AI functions and those that provide GPAI models themselves. Generative AI Labeling Requirements Changing Starting August 2026 The transparency framework of the AI Act aims to ensure that users can determine whether they are interacting with AI or whether the content they encounter has been generated or manipulated by AI. In particular, the clarity of labeling is crucial when AI-generated content relates to public interest information, news, elections, health, finance, safety, or legal judgments. Labeling Checklist by Media Type Content Type Practical Labeling Method Points to Note Text Notices at the top or bottom of posts, editor’s notes, or explanations of the generation method in the Terms of Service or Help section For text intended to provide information on matters of public interest, clearly document whether human review and editorial responsibility apply Image Notices surrounding the image, metadata in downloadable files, watermarks, or source information Establish policies to distinguish between simple editing and heavily distorted合成 images Audio Audio notices before and after playback, description fields, and file metadata Synthetic voices that sound like those of real people must be evaluated separately for the potential to mislead Video On-screen captions, description fields, notices at the beginning and end, metadata, and watermarks Higher transparency standards are required for deepfakes, recreations of political or social statements, and videos featuring合成人物 Multimodal Content Composite labeling tailored to text, images, audio, and video Verify whether a single label is sufficient or if there remains a risk of misperception across each medium The Relationship Between Voluntary Codes of Conduct and Legal Obligations The European Commission’s Code of Conduct is a practical tool that specifies how companies can fulfill their legal obligations. Although it is called a voluntary code of conduct, its significance should not be underestimated. The Significance of Signing the Code of Conduct The Code of Practice does not replace the AI Act itself. Signatory companies may find it easier to demonstrate to regulators that they have established a compliance framework. Non-signatory companies are not exempt from the legal obligations of the AI Act. The Code of Practice can serve as a reference document to explain compliance standards in communications with supervisory authorities and the AI Office. Items to Include in Internal Company Documents Definition and scope of AI-generated content Labeling criteria by content type Exceptions where labeling may be omitted and the approval procedures for such exceptions Technical labeling methods, such as metadata and watermarks Procedures to verify that labeling is maintained when content is posted on external platforms Procedures for handling user reports and correcting labeling errors Log retention periods and responsible departments GPAI Role Classification: Providers, Distributors, and Fine-Tuning Operators When reviewing GPAI obligations, the first step is to classify your own role. Even within the same company, one may be a simple user for one product and a model provider for another. Role General Definition Key Responsibilities GPAI Model Provider An entity that develops a GPAI model or makes it available on the EU market under its own name Technical documentation, information for downstream providers, copyright policy, training data summary AI System Provider An entity that places an AI system on the market or provides it as a service to perform specific functions Risk classification of the AI system, transparency, user guidance, and whether a conformity assessment has been conducted Distributor An entity that provides or distributes AI systems or models within the supply chain Communicating product information, verifying changes, and retaining supply chain documentation Deployer or User An entity that uses an AI system for business purposes User notifications, responsibility for output usage, internal controls, human oversight Fine-Tuning Provider An entity that further trains or adjusts an existing model to provide it for a specific purpose or under a specific brand May incur provider or sub-provider obligations depending on the extent of modifications Key Questions for Fine-Tuning Providers Is this for internal use only, or is it provided to external customers? Have the original model’s functions, risks, or intended use been substantially altered? Are you offering the model or service under your own brand? Are you maintaining the documentation and restrictions received from the original model provider? Do you have records of reviews regarding the source, rights, personal information, and copyright of the fine-tuning data? GPAI Provider Obligations Checklist GPAI model providers may bear heavier documentation and transparency obligations than general AI application operators. The following items constitute a practical checklist that should be reviewed as a priority around August 2026. 1. Technical Documentation General capabilities and limitations of the model General information regarding training, validation, and testing Key architectural and design choices Information necessary for downstream providers to integrate the model safely Model update and version history 2. Information for Downstream Providers When providing a GPAI model via an API, open-source, license, or cloud service, sufficient information must be provided to enable downstream providers to design and evaluate their own AI systems. This may include performance limitations, prohibited uses, recommended safeguards, known risks, and integration guidelines. 3. Copyright Policy The AI Act requires GPAI providers to establish copyright-related policies. Companies must, at a minimum, document the following: Policies for the collection and use of training data Procedures for handling copyright-protected content Procedures for identifying opt-out requests or usage restriction signals from rights holders Methods for verifying dataset sources and licenses Procedures for receiving and responding to infringement reports 4. Training Data Summary GPAI providers must provide a sufficiently detailed summary of the content used for training. While this does not mean that the entire source data must be disclosed, it must be possible to understand what types of data were used and to what extent. 5. System Risk Assessment Some powerful GPAI models may be classified as posing systemic risks. In such cases, companies must consider the following enhanced obligations: Model evaluation and adversarial testing Identification, analysis, and mitigation of systemic risks Procedures for monitoring and reporting serious incidents Cybersecurity safeguards Post-launch monitoring and iterative improvement Assessing the Scope of EU Application for Korean and U.S. Companies The EU AI Act is not a regulation that applies exclusively to EU companies. Non-EU companies must also assess their potential subjection to the Act if they provide AI systems or GPAI models to the EU market, offer services to users within the EU, or have a structure where the outputs of their AI systems are used in the EU. Checklist for Non-EU Companies Can EU users sign up, make payments, or use the service? Are the service language, pricing, customer support, and marketing targeted at the EU market? Do API customers or B2B customers use the model in the EU? Do the outputs generated by the AI affect EU consumers, workers, citizens, or voters? Is the service provided through an EU legal entity, representative, reseller, or cloud partner? Even if EU users are explicitly excluded in the terms of service, is actual access and use controlled? Internal Action Plan to Be Prepared by August 2026 Product and Technology Teams Design UI components that allow for the application of default labels to generative AI outputs Test the preservation of metadata in image, audio, and video files Verify that watermarks and content source information are retained after compression and re-upload Implement logic to distinguish between AI-generated content and human-edited content Legal and Policy Team Draft a memo outlining the scope of application and classification of roles under the AI Act Review whether to sign the Code of Conduct and develop a compliance strategy Revise copyright policies, data usage policies, and reporting procedures Incorporate clauses on AI roles and responsibilities into contracts with EU customers and partners Security and Risk Team Develop scenarios for model misuse Assess risks related to synthetic identities, fraud, misinformation, and election/public interest information Designate incident reporting channels and responsible personnel Establish systems for log retention, access controls, and audit trails Executive Management Finalize budget and responsible organizations by August 2026 Prioritize high-risk product lines and GPAI-related product lines Approve explanatory materials to address inquiries from regulatory agencies, customer due diligence, and investor questions Quick Self-Assessment Checklist Question Yes No Next Steps Can EU users access the service? Review EU scope of application Are text, image, audio, and video outputs labeled as AI-generated? Design labeling UI and metadata Are AI-generated texts related to matters of public interest managed separately? Record responsibility for human review and editing Do you offer GPAI models under your own brand? Review GPAI provider obligations Do you provide fine-tuned models to external customers? Role Reclassification and Documentation Are training data and copyright policies documented? Establishment of a Data and Rights Review System Are there system risk assessments and incident reporting procedures in place? Establishment of a Risk Management System Common Misconceptions in Practice Misconception 1: Code of Conducts Are Voluntary and Can Be Ignored While codes of conduct are voluntary in nature, the legal obligations under the AI Act exist separately. Codes of conduct can serve as a reference point for demonstrating how those obligations are met. Misconception 2: It is sufficient to display labels on the screen only once Labels may disappear as content is downloaded, shared, re-uploaded, or edited. It is safer to design both human-readable and machine-readable labels. Misconception 3: Companies in South Korea or the U.S. are not subject to the EU AI Act Even companies based outside the EU may be subject to the Act if their services are connected to the EU market or EU users. In particular, for APIs, SaaS, app stores, open-source models, and cloud deployment structures, the actual location of use must be verified. Misconception 4: Fine-tuning is always merely a form of use If you provide the results of fine-tuning to third parties or offer them as a service under your own brand, you may face greater liability depending on the extent of the modifications and the method of provision. Conclusion As the EU AI Act takes effect in August 2026, the first step for companies is to clarify their labeling system for AI-generated content and the classification of GPAI roles. Labeling is not merely the insertion of text but an operational framework that combines UI, metadata, watermarks, editorial responsibility, and log retention. Companies that provide or fine-tune and deploy GPAI models must review their technical documentation, copyright policies, training data summaries, and system risk assessments before August 2026. FAQ Q. When will the generative AI labeling requirements under the EU AI Act take effect? A. Based on the information provided, the relevant transparency requirements will take effect on August 2, 2026. Companies must prepare their labeling methods for text, images, audio, and video, as well as their internal approval procedures, before that date. Q. Does signing a voluntary code of conduct exempt one from legal obligations? A. No. Codes of conduct do not replace legal obligations. However, signing and implementing them can help demonstrate that a company has established a system of diligent compliance. Q. Does all text generated by AI have to be labeled in the same way? A. In practice, the level of disclosure can be tailored based on the content’s purpose, scope of distribution, relevance to matters of public interest, and whether it has been reviewed by a human. However, clear and consistent standards are necessary to ensure that users do not misinterpret whether the content was generated by AI. Q. Is text on the screen alone sufficient for labeling images or videos? A. On-screen text is important, but it may disappear during the sharing or downloading process. Whenever possible, it’s safer to also check for machine-readable markers such as metadata, watermarks, and content source information. Q. What is the difference between a GPAI model provider and a user of basic AI services? A. A GPAI model provider is an entity that develops general-purpose AI models or markets them under its own name. A simple user is an entity that uses such models for internal operations or specific services, and may be subject to different levels of obligations. Q. Does fine-tuning automatically make me a GPAI provider? A. This is not always the case. However, if a fine-tuned model is provided to external customers or distributed under the provider’s own brand in a way that substantially alters the functionality or risks of the original model, the provider’s or sub-provider’s liability must be examined. Q. Do Korean companies need to comply with the EU AI Act? A. This may apply if you provide AI services to EU users or supply AI systems or GPAI models to the EU market. The fact that a company is based in South Korea does not mean it is exempt from compliance with the EU AI Act. Q. Does this also apply to cases where a U.S. AI company provides APIs to EU customers? A. That is possible. If an EU customer uses a GPAI model or AI system via an API and the output is used within the EU, the role and scope of application must be reviewed. Q. What are the key documents that GPAI providers need to prepare? A. Technical documentation, information for sub-providers, copyright policies, training data summaries, model update histories, risk assessments, and incident response procedures are key. For models that pose systemic risks, evaluation and mitigation measures are even more important. Q. What are the priorities for preparing for the EU AI Act? A. First, companies should define the scope of EU regulations and their own roles, and incorporate the generative AI labeling system into their products. Next, it is practically appropriate to revise documentation related to GPAI, copyright policies, system risk assessments, and contract clauses in that order. Sources - European Commission: Commission Publishes Code of Practice on Marking and Labeling AI-Generated Content: https://digital-strategy.ec.europa.eu/en/news/commission-publishes-code-practice-marking-and-labelling-ai-generated-content - European Commission: Code of Practice for AI-Generated Content: https://digital-strategy.ec.europa.eu/en/policies/code-practice-ai-generated-content - European Commission: Contents of the Code of Practice on General-Purpose AI: https://digital-strategy.ec.europa.eu/en/policies/contents-code-gpai - AI Act Service Desk FAQ: https://ai-act-service-desk.ec.europa.eu/en/faq Images - Europe map with an AI shield and checked image, audio, video, and document cards: https://injoys.com/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTA2MCwicHVyIjoiYmxvYl9pZCJ9fQ==--07095cda3aa6661cf4b523c79f1e912e1ba9cdda/ai-d0dbd2b7.webp - EU flag hub connected to an AI cube, databases, security lock, risk gauge, warning sign, and checklists: https://injoys.com/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTA2NiwicHVyIjoiYmxvYl9pZCJ9fQ==--54be3660f71e1d99412c1901e67320b99aaee584/ai-d17b76b0.webp --- Category: How-to Source: https://injoys.com/en/articles/eu-ai-act-2026-generative-ai-labeling-gpai-checklist License: cc_by Translation-Status: reviewed