Conclusion at a Glance

The European Union’s AI Act will enter a phase where the marking and labeling of generative AI content, along with certain transparency obligations, will take full effect starting August 2, 2026. On June 10, 2026, the European Commission published implementing rules regarding the identification and labeling of AI-generated content, which serve as practical guidelines for companies to refer to when incorporating these legal obligations into their actual product and service operations.

This article is not legal advice but rather a knowledge resource for compliance review. Actual applicability may vary depending on service structure, user location, model delivery methods, contractual roles, and interpretations by local regulatory authorities.

Key Dates and Implementation Points

Item Key Details Points for Companies to Check
June 10, 2026 European Commission publishes Code of Practice on the identification and labeling of AI-generated content Review whether product UI, metadata, watermarks, and public disclosure methods comply with the Code of Practice
August 2, 2026 Relevant transparency obligations under the AI Act take effect Prepare labeling policies and logs for text, images, audio, and video
August 2, 2026 Designated as the date when enforcement powers against GPAI model providers take full effect Review technical documentation, copyright policies, training data summaries, and risk management systems
Continued Application May also apply to non-EU businesses connected to the EU market or EU users Even for entities based in South Korea or the U.S., scope must be assessed based on whether they provide services to the EU

Glossary

AI-Generated Content

This refers to text, images, audio, video, or combinations thereof created by AI systems. The transparency obligations under the AI Act are particularly significant for content that appears to have been created by a human or that could mislead users into believing that real people, events, or statements are factual.

Generative AI Labeling

Generative AI labeling is the process of indicating to users or recipients whether content has been generated or manipulated by AI. From a practical standpoint, it is safest to consider labeling methods in the following two tiers.

  1. Human-readable labels: On-screen text, icons, subtitles, description fields, post notices, etc.
  2. Machine-readable indicators: Metadata, content source information, watermarks, content authentication and provenance information, etc.

GPAI Models

GPAI stands for “general-purpose AI” and refers to AI models that can be widely used for various subtasks and application services. This includes large language models, multimodal models, and image generation models. The level of compliance required differs between companies that simply use AI functions and those that provide GPAI models themselves.

Generative AI Labeling Requirements Changing Starting August 2026

The transparency framework of the AI Act aims to ensure that users can determine whether they are interacting with AI or whether the content they encounter has been generated or manipulated by AI. In particular, the clarity of labeling is crucial when AI-generated content relates to public interest information, news, elections, health, finance, safety, or legal judgments.

Labeling Checklist by Media Type

Content Type Practical Labeling Method Points to Note
Text Notices at the top or bottom of posts, editor’s notes, or explanations of the generation method in the Terms of Service or Help section For text intended to provide information on matters of public interest, clearly document whether human review and editorial responsibility apply
Image Notices surrounding the image, metadata in downloadable files, watermarks, or source information Establish policies to distinguish between simple editing and heavily distorted合成 images
Audio Audio notices before and after playback, description fields, and file metadata Synthetic voices that sound like those of real people must be evaluated separately for the potential to mislead
Video On-screen captions, description fields, notices at the beginning and end, metadata, and watermarks Higher transparency standards are required for deepfakes, recreations of political or social statements, and videos featuring合成人物
Multimodal Content Composite labeling tailored to text, images, audio, and video Verify whether a single label is sufficient or if there remains a risk of misperception across each medium

The European Commission’s Code of Conduct is a practical tool that specifies how companies can fulfill their legal obligations. Although it is called a voluntary code of conduct, its significance should not be underestimated.

The Significance of Signing the Code of Conduct

  • The Code of Practice does not replace the AI Act itself.
  • Signatory companies may find it easier to demonstrate to regulators that they have established a compliance framework.
  • Non-signatory companies are not exempt from the legal obligations of the AI Act.
  • The Code of Practice can serve as a reference document to explain compliance standards in communications with supervisory authorities and the AI Office.

Items to Include in Internal Company Documents

  • Definition and scope of AI-generated content
  • Labeling criteria by content type
  • Exceptions where labeling may be omitted and the approval procedures for such exceptions
  • Technical labeling methods, such as metadata and watermarks
  • Procedures to verify that labeling is maintained when content is posted on external platforms
  • Procedures for handling user reports and correcting labeling errors
  • Log retention periods and responsible departments

GPAI Role Classification: Providers, Distributors, and Fine-Tuning Operators

When reviewing GPAI obligations, the first step is to classify your own role. Even within the same company, one may be a simple user for one product and a model provider for another.

Role General Definition Key Responsibilities
GPAI Model Provider An entity that develops a GPAI model or makes it available on the EU market under its own name Technical documentation, information for downstream providers, copyright policy, training data summary
AI System Provider An entity that places an AI system on the market or provides it as a service to perform specific functions Risk classification of the AI system, transparency, user guidance, and whether a conformity assessment has been conducted
Distributor An entity that provides or distributes AI systems or models within the supply chain Communicating product information, verifying changes, and retaining supply chain documentation
Deployer or User An entity that uses an AI system for business purposes User notifications, responsibility for output usage, internal controls, human oversight
Fine-Tuning Provider An entity that further trains or adjusts an existing model to provide it for a specific purpose or under a specific brand May incur provider or sub-provider obligations depending on the extent of modifications

Key Questions for Fine-Tuning Providers

  • Is this for internal use only, or is it provided to external customers?
  • Have the original model’s functions, risks, or intended use been substantially altered?
  • Are you offering the model or service under your own brand?
  • Are you maintaining the documentation and restrictions received from the original model provider?
  • Do you have records of reviews regarding the source, rights, personal information, and copyright of the fine-tuning data?

GPAI Provider Obligations Checklist

GPAI model providers may bear heavier documentation and transparency obligations than general AI application operators. The following items constitute a practical checklist that should be reviewed as a priority around August 2026.

1. Technical Documentation

  • General capabilities and limitations of the model
  • General information regarding training, validation, and testing
  • Key architectural and design choices
  • Information necessary for downstream providers to integrate the model safely
  • Model update and version history

2. Information for Downstream Providers

When providing a GPAI model via an API, open-source, license, or cloud service, sufficient information must be provided to enable downstream providers to design and evaluate their own AI systems. This may include performance limitations, prohibited uses, recommended safeguards, known risks, and integration guidelines.

The AI Act requires GPAI providers to establish copyright-related policies. Companies must, at a minimum, document the following:

  • Policies for the collection and use of training data
  • Procedures for handling copyright-protected content
  • Procedures for identifying opt-out requests or usage restriction signals from rights holders
  • Methods for verifying dataset sources and licenses
  • Procedures for receiving and responding to infringement reports

4. Training Data Summary

GPAI providers must provide a sufficiently detailed summary of the content used for training. While this does not mean that the entire source data must be disclosed, it must be possible to understand what types of data were used and to what extent.

5. System Risk Assessment

Some powerful GPAI models may be classified as posing systemic risks. In such cases, companies must consider the following enhanced obligations:

  • Model evaluation and adversarial testing
  • Identification, analysis, and mitigation of systemic risks
  • Procedures for monitoring and reporting serious incidents
  • Cybersecurity safeguards
  • Post-launch monitoring and iterative improvement

Assessing the Scope of EU Application for Korean and U.S. Companies

The EU AI Act is not a regulation that applies exclusively to EU companies. Non-EU companies must also assess their potential subjection to the Act if they provide AI systems or GPAI models to the EU market, offer services to users within the EU, or have a structure where the outputs of their AI systems are used in the EU.

Checklist for Non-EU Companies

  1. Can EU users sign up, make payments, or use the service?
  2. Are the service language, pricing, customer support, and marketing targeted at the EU market?
  3. Do API customers or B2B customers use the model in the EU?
  4. Do the outputs generated by the AI affect EU consumers, workers, citizens, or voters?
  5. Is the service provided through an EU legal entity, representative, reseller, or cloud partner?
  6. Even if EU users are explicitly excluded in the terms of service, is actual access and use controlled?

Internal Action Plan to Be Prepared by August 2026

Product and Technology Teams

  • Design UI components that allow for the application of default labels to generative AI outputs
  • Test the preservation of metadata in image, audio, and video files
  • Verify that watermarks and content source information are retained after compression and re-upload
  • Implement logic to distinguish between AI-generated content and human-edited content
  • Draft a memo outlining the scope of application and classification of roles under the AI Act
  • Review whether to sign the Code of Conduct and develop a compliance strategy
  • Revise copyright policies, data usage policies, and reporting procedures
  • Incorporate clauses on AI roles and responsibilities into contracts with EU customers and partners

Security and Risk Team

  • Develop scenarios for model misuse
  • Assess risks related to synthetic identities, fraud, misinformation, and election/public interest information
  • Designate incident reporting channels and responsible personnel
  • Establish systems for log retention, access controls, and audit trails

Executive Management

  • Finalize budget and responsible organizations by August 2026
  • Prioritize high-risk product lines and GPAI-related product lines
  • Approve explanatory materials to address inquiries from regulatory agencies, customer due diligence, and investor questions

Quick Self-Assessment Checklist

Question Yes No Next Steps
Can EU users access the service? Review EU scope of application
Are text, image, audio, and video outputs labeled as AI-generated? Design labeling UI and metadata
Are AI-generated texts related to matters of public interest managed separately? Record responsibility for human review and editing
Do you offer GPAI models under your own brand? Review GPAI provider obligations
Do you provide fine-tuned models to external customers? Role Reclassification and Documentation
Are training data and copyright policies documented? Establishment of a Data and Rights Review System
Are there system risk assessments and incident reporting procedures in place? Establishment of a Risk Management System

Common Misconceptions in Practice

Misconception 1: Code of Conducts Are Voluntary and Can Be Ignored

While codes of conduct are voluntary in nature, the legal obligations under the AI Act exist separately. Codes of conduct can serve as a reference point for demonstrating how those obligations are met.

Misconception 2: It is sufficient to display labels on the screen only once

Labels may disappear as content is downloaded, shared, re-uploaded, or edited. It is safer to design both human-readable and machine-readable labels.

Misconception 3: Companies in South Korea or the U.S. are not subject to the EU AI Act

Even companies based outside the EU may be subject to the Act if their services are connected to the EU market or EU users. In particular, for APIs, SaaS, app stores, open-source models, and cloud deployment structures, the actual location of use must be verified.

Misconception 4: Fine-tuning is always merely a form of use

If you provide the results of fine-tuning to third parties or offer them as a service under your own brand, you may face greater liability depending on the extent of the modifications and the method of provision.

Conclusion

As the EU AI Act takes effect in August 2026, the first step for companies is to clarify their labeling system for AI-generated content and the classification of GPAI roles. Labeling is not merely the insertion of text but an operational framework that combines UI, metadata, watermarks, editorial responsibility, and log retention. Companies that provide or fine-tune and deploy GPAI models must review their technical documentation, copyright policies, training data summaries, and system risk assessments before August 2026.