The AI watermarking deadline, explained for the people who have to build it
Buried inside the EU AI Act's transparency chapter is the obligation with the most engineering weight: Article 50(2) requires providers of generative AI systems to ensure their outputs are marked in a machine-readable format and detectable as artificially generated. The Digital Omnibus gave some companies a short extension on this — and quietly made it urgent for everyone launching anything new.
The two-track deadline
Track one — legacy systems
Generative AI systems already on the EU market before 2 August 2026 must comply by 2 December 2026.
Track two — new systems
Systems placed on the market from 2 August 2026 onward must comply from the day they ship. There is no grace period. If your generative feature launches this autumn, watermarking is a launch requirement, not a fast-follow.
Note who carries this duty: providers — the party that develops the system and offers it under their name. If you only deploy someone else's generative system, your duties are disclosure-side (labelling deepfakes and AI text you publish), but you should verify your provider is handling marking, and get their commitment into the contract.
What the obligation actually requires
The standard is that solutions be effective, interoperable, robust, and reliable "as far as technically feasible," taking into account content type, implementation cost, and the state of the art. Translated into an engineering plan, that means per-content-type decisions:
- Images and video: C2PA Content Credentials — cryptographically signed provenance metadata attached at generation — has emerged as the interoperability baseline. Because platforms routinely strip metadata, robust implementations pair it with an invisible watermark in the pixel domain.
- Audio: provenance metadata plus inaudible watermarking where the state of the art supports it.
- Text: the hard case — metadata doesn't survive copy-paste, and statistical text watermarking remains fragile. Current defensible practice: provenance at the point of delivery, clear interface disclosure, and documented reasoning about feasibility. "Technically feasible" is the legal standard, and your documentation of why full robustness isn't achievable for text is itself part of compliance.
Detectability matters as much as marking: your scheme needs a working verification path — C2PA verify tooling, a published detection method, or an endpoint you provide. And marking must happen server-side at generation, where it can't be bypassed by a client.
A voluntary code worth watching
The Commission has been finalising a Code of Practice on Transparency of AI-Generated Content — a voluntary implementation benchmark for exactly these obligations. When it publishes, it becomes the practical definition of "state of the art"; adopting it is the lowest-risk route to demonstrable compliance. Build your implementation now, and assign an owner to review it against the Code when it lands.
The realistic timeline from July
Counting back from 2 December: technique selection and vendor evaluation this month; implementation through August and September; pipeline-survival testing (compression, resizing, format conversion, CDN transforms) in October; documentation, API terms updates, and contract clauses in November; buffer to the deadline. Teams that start in October will ship something fragile. Teams that start now get to do it once.
The checklist version, ready to hand to your team
The Statute Press EU AI Act Transparency Compliance Pack includes the full watermarking readiness checklist — scoping, technique selection, integration, detection, and documentation — alongside the disclosure templates and inventory register for the rest of Article 50. Free updates through 2 December 2026, including when the Code of Practice publishes.
Get the pack — €79 Free deadline map