Starting on August 2, 2026, new transparency obligations will apply across the European Union for certain types of content, particularly images that have been generated or manipulated using artificial intelligence.

At first glance, this sounds perfectly reasonable. After all, who wants to fall for deceptively realistic photos of stylishly furnished, spotless hotel rooms overlooking paradise – only to arrive at a run-down dump next to a major construction site? Or for apartment listings that leave you wondering, at the viewing, whether you’ve accidentally walked into the wrong building?

But look closer, and things get complicated. Very complicated.

People were manipulating images long before generative AI existed. Throughout history, those who controlled images could shape public opinion – and, with it, hold power. Stalin famously had purged officials airbrushed out of photographs: the picture changed, and with it the past.

Visual content occupies a special place in human perception. We trust images almost instinctively and rarely question their authenticity – far more than we trust written text. Or at least, that used to be the case. This is exactly why images have always been one of the most effective tools for deception and manipulation.

What has changed is the scale.

With generative AI, deceptively realistic images – so-called deepfakes – can now be created within seconds, in massive quantities and without any specialized skills. The EU AI Act is the European Union’s response to this new reality.

An estimated 80 million new AI-generated images are created every day worldwide.1

Unfortunately, these rules also leave many important questions unanswered. This article takes a closer look at these gray areas, contradictions and practical challenges, including questions such as:

  • What will still be allowed and what will not?
  • Where does image enhancement end and where does manipulation begin?
  • Why is the exact same visual result treated differently depending on whether it was created with Photoshop or with generative AI?

The legal framework

Article 50 of Regulation (EU) 2024/1689 is officially titled as «Transparency obligations for providers and deployers of certain AI systems»2

Its purpose is to regulate the use of artificial intelligence within the European internal market while protecting safety, fundamental rights, democracy and the rule of law.

Who does this regulation apply to?

One of the most common misunderstandings concerns exactly who these new rules apply to.

Group 1: AI providers

Under the AI Act, a provider is generally a person or organization that develops – or has developed – an AI system and places it on the market under its own name or brand.

Examples include:

  • Companies that develop generative image creation or editing software
  • Operators of platforms that generate images using artificial intelligence

According to Article 50(2), these providers must ensure that synthetic image, audio, video and text outputs are marked in a machine-readable format so they can be recognized as artificially generated or manipulated.

This typically refers to technical solutions such as provenance information (a record of where an image came from), embedded metadata, or other robust detection mechanisms.

Group 2: Professional users of AI

The AI Act calls this group «deployers» – a term that has caused considerable confusion. The German version of the law uses «Betreiber», which sounds like «operator of an AI service». It does not refer to companies operating AI services – that group has already been covered above.

Instead, it refers to natural or legal persons who use an AI system. In other words, professional users or deployers of AI, such as:

  • Advertising agencies and media companies
  • Commercial content creators (film studios, marketing departments, etc.)
  • Professional designers and photographers

According to Article 50(4), they must disclose when published image, audio, or video content has been generated or manipulated using an AI system.

Private use is exempt

These obligations do not apply to natural persons who publish AI-generated image, audio, or video content exclusively for personal and non-professional purposes.

For example, a private travel blog would most likely fall under this exemption.

Things become less clear, however, if the blog owner:

  • uses affiliate links,
  • publishes sponsored content, or
  • displays advertising.

This is one of many gray areas within the AI Act. «Making money» is not necessarily the same as acting in a professional capacity, and the law does not clearly define where that line should be drawn.

Disclosure requirements

Let’s now look at the actual obligation. Under the EU AI Act, both of the groups described above have a duty to disclose AI-generated or AI-manipulated image, video and audio content.

Obvious exceptions include clearly fictional, artistic, or satirical content, as long as it does not claim to truthfully represent real events or real people.

The first group, AI providers, must mark their content in a machine-readable format. The second group, users of AI systems, must label or identify the AI content they publish in a way that people can notice and understand right away, including those using assistive technology. They must also ensure that the machine-readable markings added by the AI generator are not removed, whether intentionally or accidentally.

It can be assumed that publishers are responsible if published content does not meet these requirements. They therefore need to check how the content is actually delivered to users. Image editing processes or the content management system (CMS) used to publish an image can easily remove the AI provider’s machine-readable metadata without anyone noticing.

Where does image enhancement end and manipulation begin?

The EU AI Act includes an exception for AI-based editing that only supports or improves an image and does not substantially alter its semantics.

The key question is therefore: Does the editing only improve the quality of the image, or does it change what the image communicates?

The following AI-based edits would most likely be considered enhancements and would not require disclosure:

  • Adjusting brightness, contrast, or color
  • Reducing noise or sharpening the image
  • Removing dust or correcting lens defects such as distortion or vignetting
  • Resizing or adjusting the crop

The following AI-based edits change the meaning or content of an image and would require disclosure:

  • Adding, moving, or removing people, clearly recognizable objects, or buildings within a landscape
  • Replacing the background
  • Removing damage from objects
  • Replacing clothing worn by a person
  • Changing facial expressions

Between these two groups lies a large area of unresolved gray zones.

What happens when AI …

  • opens eyes that were accidentally closed in a portrait?
  • makes someone look slightly younger?
  • makes a gray sky slightly bluer?
  • correctly reconstructs blurred text?
  • extends an image by one centimeter on one side?
  • removes unrecognizable, blurred people from the background?

We cannot answer these questions precisely, especially not in purely technical terms. There is no fixed number of changed pixels that tells us when the meaning of an image has been substantially altered.

After all:

  • removing a wedding ring,
  • changing a green traffic light to red, or
  • removing visible damage from a building

can seriously mislead viewers, depending on the context. By contrast, changing the color of a large part of an image may have almost no effect on its meaning.

Future guidelines, and perhaps soon also courts, will need to clarify where a «substantial» change in meaning actually begins.

And there is another question: In a dispute, how can anyone prove with certainty whether an image was generated by AI? Image generators have now become so advanced that even experts can no longer reliably distinguish AI-generated images from real photographs. Take a look at the following images, for example. Which of them are AI-generated? Can you say for sure?

Click here for see the solution …

Images 1, 3, and 6 are photographs; images 2, 4, and 5 are AI-generated.3

I consider this one of the regulation’s biggest practical weaknesses. Transparency requirements only work if it is possible to determine whether a piece of content falls under those requirements in the first place.

In many future cases, however, this may be difficult or even impossible if no reliable records of the creation process remain. This issue is likely to become a recurring subject in legal disputes over the coming years.

The deepfake

Article 3(60) of the EU AI Act defines a deepfake as an «AI-generated or manipulated image, audio or video content that resembles existing persons, objects, places, entities or events and would falsely appear to a person to be authentic or truthful.»

This definition contains several conditions:

  1. The content was generated or manipulated using AI.
  2. It resembles a real person, object, place, entity, or event.
  3. It could falsely appear to be authentic or truthful.

That sounds clearer than it actually is, because none of these terms has a precise technical boundary. For example, what exactly does “resembles” mean? Does an image have to depict a specific person or place accurately, or is a general similarity enough?

A synthetic image can be factually accurate even though it is not an authentic record of a real moment. Imagine, for example, that an AI system generates a photorealistic image of Zurich Main Station:

  • The architecture and visual appearance are accurate.
  • All visible signs are shown correctly.
  • Nothing fictional has been added.

Is this a deepfake? To answer this question, we need to distinguish between factual accuracy and documentary authenticity:

Factual accuracy: The image accurately depicts what a place, person, or object looks like.
Documentary authenticity: The image is a genuine record of a specific moment or event that actually occurred.

For the website of the Swiss Federal Railways, this distinction may not matter. The AI generated images shows correctly the Zurich Main Station.

For news reporting, legal evidence, or scientific documentation, however, the distinction is essential. The image does not document an actual moment.

So a synthetic image can be a useful illustration, but it cannot and should not be used as proof that the situation shown actually took place.

Therefore, the disclosure does not mean: This image is false. Instead, it means: This image is not a photographic documentation.

That’s because not every synthetic image of a real place or situation is intended to deceive. Therefore, it is questionable whether the negatively charged term ‘deepfake’ is appropriate for a harmless and factually accurate visualisation.

The accidental lookalike

Another unresolved question concerns entirely AI-generated people.

Imagine that an AI system creates a person without using any real reference image. Since billions of people are alive today or have lived in the past, it is statistically likely that someone somewhere looks very similar to this generated person – perhaps even several people.

Does that automatically turn the synthetic person into a deepfake?

An interpretation based only on resemblance to any random person would be impossible to apply in practice. No company could compare every AI-generated portrait with the entire world population.

A generic synthetic model therefore cannot become a deepfake simply because a very similar-looking person happens to exist somewhere in the world.

Other factors would need to be considered, such as:

  • Can the relevant audience recognize a specific, known person?
  • Is the person’s name, profession, or company mentioned?
  • Is a particular action or statement attributed to the person shown?
  • Was a reference image of a real person used to generate the image?

The Photoshop paradox

This is one of the biggest contradictions in the regulation.

Let’s take a simple example: imagine that a relevant person has been removed from a photograph.

Version A: The person was removed using generative AI.
Version B: The person was removed in Photoshop by a human image editor.

In both cases, the visible result is identical. Yet only the image from Version A must be disclosed as AI-generated or AI-manipulated – the image from Version B does not. Two identical images are treated differently simply because different tools were used.

The same applies to:

  • replacing a background with generative AI versus replacing it with traditional image editing
  • an AI-generated food image versus a food photograph staged with plastic, paint and glue

In all of these cases, viewers are deliberately misled. But only the AI-generated images must be disclosed.

The EU gives the following reasons for this unequal treatment:

  • AI-generated manipulation requires less effort and little specialist knowledge
  • deceptive content can therefore be produced automatically and at large scale

These risks are real. Yet, the new EU rules do not explain why an AI visualization must be disclosed while an identical manual manipulation can remain unlabeled.

A regulation focused on real-world impact should ask more often: Does this image mislead the audience about something that matters? And less often: Which technology was used to create the misleading result?

The official EU icons

The EU also provides three optional icons:

  • a neutral base symbol «AI»
  • Fully AI-generated
  • Partially AI-modified

Using these icons is voluntary. They are not official seals of approval and do not prove legal compliance. Anyone who uses them remains responsible for making sure that the disclosure is sufficient in the specific context.

From a UX perspective, several questions remain:

  • Will people understand these new symbols without accompanying text?
  • Will the icons still be recognizable on small thumbnails?
  • How small can the icons be displayed before they stop being useful?

Unfortunately, the EU guidance does not answer these questions in enough detail.

Always visible, portable and accessible: an almost impossible combination

The EU AI Act and its accompanying guidance try to achieve several goals at the same time:

  • The label should be clearly visible when users first encounter the content.
  • It should appear directly alongside the content.
  • On digital devices, it should never be cut off or hidden by other elements in any responsive layout.
  • It should remain attached to the content when it is shared or downloaded.
  • It should be accessible to people with disabilities.

Each of these requirements makes sense on its own. Taken together, however, they are extremely difficult to achieve from a technical perspective, especially on the web.

Solution 1: HTML/CSS labeling

A label or icon is displayed above or below the image.

Pros

  • Accessible to screen readers
  • Works well in responsive layouts
  • Can be linked to additional information

Cons

  • The label is lost when the image is downloaded or shared separately

Solution 2: Embed the label directly into the image

The label is permanently burned into the image itself.

Pros

  • Remains visible when the image is shared or downloaded
  • Works independently of websites, platforms, or media

Cons

  • Not accessible to screen readers
  • May become unreadable or disappear in small responsive views or cropped versions
  • Language-specific and cannot be translated automatically

Solution 3: Metadata and Content Credentials

The information is stored inside the file in a machine-readable format.

Pros

  • Can be processed automatically
  • Remains with the file when it is shared or downloaded

Cons

  • Not visible to people
  • Can accidentally be removed during export or file conversion
  • Cannot be read without appropriate software

None of these solutions satisfies all of the requirements. In practice, they will probably need to be combined.

It will be interesting to see how the industry approaches this challenge. One thing is already becoming clear: AI disclosure is not just another step during image export. It is evolving into a multi-layered publishing workflow.

For an international media company, that may be acceptable. For a small business, a nonprofit organization, or a single content manager, however, the required workflow seems disproportionately complex – almost absurd.

Preserved after download – really?

Even if all of these requirements are met, we still cannot prevent third parties from:

  • cropping the image so that the embedded label disappears,
  • covering or removing the visible label,
  • taking a screenshot that removes all machine-readable information,
  • intentionally or unintentionally removing metadata during file conversion or compression.

For this reason, the EU’s goal of permanent labeling cannot realistically be achieved from a technical point of view.

The most realistic objective is simply this: the disclosure should remain intact throughout the export, download and sharing processes that are under the publisher’s control.

But what happens beyond that point?

Who is responsible if a perfectly reasonable image compression process removes all metadata? Or if a content management system automatically generates a thumbnail without the required label?

Perhaps the most dangerous side effect

An AI disclosure system does more than simply provide information.

It also creates a mental model. Over time, people may begin to assume that any image without a label must be authentic. That conclusion is both unintended and potentially dangerous.

An unlabeled image may:

  • have been manipulated using traditional, non-AI editing techniques,
  • not yet have been labeled or have been labeled incorrectly,
  • have been deliberately mislabeled,
  • have lost its label during downloading or cropping,
  • come from private, non-commercial use,
  • have been created outside the scope of the EU AI Act,
  • be considered artistic or fictional content that does not require disclosure.

From a consumer protection perspective, this creates a classic false sense of security.

As a result, unlabeled images may appear more trustworthy than they actually are.

In journalism and political communication, this could have serious consequences. A traditionally manipulated photograph might appear more credible simply because it does not carry an AI disclosure label.

The AI Act is intended to build trust. Ironically, it may also create a new form of misplaced trust.

What does the EU AI Act mean for countries outside the EU?

The EU AI Act applies within the European Union. In most countries outside the EU, there is currently no comparable legal requirement to disclose AI-generated or AI-manipulated images. And simply making a website technically accessible from within the EU is not enough for the AI Act to apply.

However, being based outside the EU does not automatically put a company beyond the reach of these rules. The AI Act is generally relevant for non-EU companies if at least one of the following conditions applies:

  • their content is directed at customers or potential customers in the EU,
  • they offer products or services within the EU,
  • their website or service is operated from servers located in the EU.

At the same time, many countries are working on their own AI regulations. Switzerland, for example, has decided to implement the Council of Europe’s AI Convention: a consultation draft is expected by the end of 2026 and is likely to address issues such as transparency, data protection, non-discrimination and regulatory oversight. Companies outside the EU should therefore also keep an eye on upcoming rules in their own country.

Legal risks for companies that fail to comply

Regulatory fines

Within the European Union, violations of the AI Act can be enforced by the competent authorities through administrative fines.

For companies outside the EU without offices or legal entities inside the EU, enforcing such fines across borders is likely to be difficult and often not worth the administrative effort. Being located outside the EU does not provide complete legal protection – but in practice, it seems highly unlikely that a company without any EU presence would actually receive an administrative fine from an EU authority.

Injunctions and corrective measures

Competitors or organizations that are legally entitled to sue may seek to stop the continued use of non-compliant content.

In most cases, companies would first be given an opportunity to correct the issue. Yet, they would still be responsible for the legal costs associated with the complaint.

In some situations, having to stop a marketing campaign or replace published content at short notice may be far more expensive than the fine itself.

Note that even without an EU presence, European competitors may still be able to pursue civil claims before courts in a company’s home country.

Claims for damages

Claims for damages are generally possible, but they normally require proof of actual financial harm, causation and the other legal requirements for liability. A mere competitive advantage gained through non-compliance is usually not enough on its own.

Copyright implications

The new disclosure requirements do not change copyright law.

The current legal situation for AI-generated content can be summarized as follows:

  • Content created largely autonomously by AI – whether text, audio, video, or images such as a logo – generally does not receive copyright protection. A person who asks an AI system to create content through a prompt does not automatically become the author of the result. In principle, this means that purely AI-generated content may be copied and republished by others.
  • If AI is used as a tool within a substantial human creative process, however, the final result may be protected by copyright. The boundary is unclear and difficult to define. At what point does the final expression contain enough individual human creative decisions? Who can assess this reliably? Legal disputes will likely require human experts to evaluate these highly interpretive cases.

The main lesson is that we should be cautious before assuming that AI-generated content is free to use. Such content may still be protected by copyright if it has later been integrated into an independent human creative process. It would therefore be risky to assume that an image carrying an AI disclosure label can automatically be used without permission.

A practical guide

Until the EU – and possibly the courts – provides clearer answers to the open questions, companies should act carefully and use a transparent decision-making process.

The following six questions should be considered for every image before publication. Only if all six questions are answered with «yes» would disclosure be required:

  1. Was an AI system used at all?
  2. If an existing photograph was edited using AI, did the AI alter recognizable content or add, remove, move, or substantially change any elements?
  3. Could viewers understand the image as a photograph because it refers to the real world?
  4. Does the image make an implicit claim to truthfulness? This should generally be assumed for portraits of real people and product images.
  5. Is the image being published in a commercial or professional context?
  6. Is the content – or the medium in which it is published – also directed at audiences in the EU?

My conclusion

The EU AI Act responds to a real problem: AI-generated images can no longer be reliably distinguished from photographs. Highly realistic image manipulation can now be created by almost anyone and distributed with very little effort. In journalism, legal contexts, education and science, transparency about the origin of visual content is clearly useful and can provide real value.

But the current approach in the EU AI Act remains unsatisfactory.

The technical implementation of image disclosure on the web has not been properly considered. A label embedded directly in an image remains attached when the file is downloaded, but it is not accessible. An HTML label can be accessible, but it becomes separated from the image when the file is shared.

Small companies, in particular, face the disproportionate challenge of having to manage legal requirements, UX, accessibility, image production and complex technical processes at the same time.

I am especially concerned about the possible side effect of the entire labeling system. Once people expect AI-generated images to carry a label, the absence of a label may be wrongly interpreted as proof that an image is authentic.

The EU AI Act may therefore create new legal uncertainty, major implementation challenges and possibly a dangerous false sense of security.

The rules have several major weaknesses:

  1. They do not clearly distinguish between content-related and technological aspects
  2. They treat manipulation and deception differently depending on the technology used.
  3. Key terms such as «resembles», «authentic», «truthful» or «significant change in semantics» are ambiguous and lead to significant gray areas.
  4. The new AI labels, at best, tell us something about the method used to create the image, but not whether the image is true.

What should be regulated more clearly?

Useful improvements would include:

  • reliable criteria for permitted and prohibited uses,
  • binding technical standards,
  • accessible reference implementations,
  • and, where appropriate, simplified requirements for smaller companies.

Above all, the EU AI Act is a response to a technology that society mainly perceives as a threat. Regulation tends to emerge where uncertainty, loss of control and public pressure come together.

That is precisely why such regulation should be clear, precise and easy to implement.

Note

This article reflects the state of information as of July 2026 and does not constitute legal advice. The European Commission’s final guidelines, as well as future regulatory and court practice, may clarify or change individual assessments.

Sources and further reading

  1. https://imagera.ai/blog/ai-image-generation-statistics-2026 ↩︎
  2. https://artificialintelligenceact.eu ↩︎
  3. https://www.watson.ch/quiz/digital/138696182-erkennst-du-die-ki-generierten-fake-fotos-hier-kannst-du-dich-testen ↩︎