← Back to blog

EU AI Act, August 2: what really changes for creators

On August 2, 2026 a piece of the EU AI Act starts applying that concerns nearly anyone publishing content with AI assistance. The noise around the date is loud, but it tends to blur two very different things: the high-risk obligations — which have been postponed — and the Article 50 transparency duties, which are still confirmed. Anyone creating or selling AI content online needs to separate the two, because they involve different regimes, timelines and costs.

This is not legal advice: it is practical orientation. For your specific situation, consult a qualified technology lawyer or a compliance professional.

What starts on August 2, 2026, and what has been postponed

The AI Act — Regulation (EU) 2024/1689 — entered into force on August 1, 2024 and applies in phases. On August 2, 2026 most of the remaining regulation was supposed to kick in, including the high-risk system rules. Then the Digital Omnibus arrived — the package of technical amendments the Commission proposed in November 2025, on which Council and Parliament reached political agreement on May 7, 2026. The Parliament endorsed it on June 16, and the Council adopted the final text on June 29, 2026. Publication in the EU Official Journal is expected in the weeks before August 2.

What the Digital Omnibus postpones:

  • obligations for stand-alone high-risk systems (Annex III: credit scoring, HR management, education-related systems and similar) to December 2, 2027;
  • obligations for high-risk systems embedded in already-regulated products (Annex I: medical devices, machinery, automotive) to August 2, 2028.

What it does not postpone: the Article 50 transparency duties, the activation of national supervisory authorities, and the penalty regime. Anyone who only read the "AI Act delayed" headline is walking away with half the story.

The Digital Omnibus also cuts the grace period for the "machine-readable marking" of generative systems from six months to three. In practice, a generative system already on the market before August 2, 2026 has until December 2, 2026 to comply. A system placed on the market from August 2 onward has no grace period at all. And it adds an explicit new prohibition to Article 5 covering non-consensual intimate AI-generated imagery and AI-generated child sexual abuse material: a specifically forbidden use band, distinct from ordinary creator duties.

The distinction that untangles the whole thing: provider vs deployer

Article 50 splits the world into two roles, and understanding which side of the table you sit on completely changes how the rules read.

  • The provider is whoever develops and places an AI system on the market. OpenAI, Anthropic, Google, Mistral, Alibaba, Stability AI. They are the ones who must design their chatbot so the user knows they are talking to an AI, and they are the ones who must mark synthetic outputs (images, video, audio, text) in a machine-readable format — the "watermarking" the headlines talk about.
  • The deployer is whoever uses the system to produce and publish content. The vast majority of creators, small businesses and agencies live here. They do not build the models: they use them.

The deployer's duties are short and specific:

  1. Label deepfakes. AI-generated or manipulated content that credibly resembles real people, objects or events must be clearly marked as artificial or manipulated. A lighter regime exists for openly artistic or satirical work, but a label can still be required as long as it does not undermine the enjoyment of the work.
  2. Label AI text on matters of public interest. If you publish AI-generated or AI-assisted text on public interest topics, it must be flagged — with one important carve-out: if there is substantial human editorial review, the duty does not trigger. What "substantial" means is not defined numerically, and interpretations will land here.
  3. Disclose AI interaction. If a chatbot or voice assistant talks to a user, it must be clear it is an AI system, unless it is obvious from context.

This is not a hostile framework toward creators. It asks for one honest gesture: when what you publish is artificial in a non-obvious way, say so.

What "labeling" looks like in practice

The Commission published the Code of Practice on Transparency of AI-Generated Content on June 10, 2026. It is voluntary, but it is effectively the operational reference — anyone looking to comply prudently will use it. The Code is split into two sections: one for providers (machine-readable marking, robustness against removal, metadata + multi-layer watermarking), one for deployers (label placement and design).

The Code's practical prescriptions for publishers:

  • Static image → permanently visible icon, consistently placed (the corner of the image is the canonical choice).
  • Recorded video → opening disclaimer + persistent visible label during playback.
  • Livestream → non-intrusive continuous icon + disclaimer at the start of exposure.
  • Audio → audible notice.
  • AI text of public interest → text disclaimer associated with the content.

Alongside, the Commission released the official EU Icons for AI content: a standardized symbolic icon, in four variants (black, white, and the same at 50% transparency). Their use is optional, but it is the safest route to complying consistently and recognizably.

The penalties in headlines, and the penalties in SME reality

The three brackets in Article 99 are:

  • up to €35 M or 7% of global annual turnover, whichever is higher, for breaching the Article 5 prohibitions;
  • up to €15 M or 3% of global annual turnover for non-compliance with obligations (including Article 50 transparency);
  • up to €7.5 M or 1% of global annual turnover for incorrect information provided to authorities.

The big number goes on the front page. But there is a detail that flips the picture for anyone reading as a founder: for SMEs and startups, Article 99 sets the penalty at the lower of the fixed amount and the percentage of turnover, not the higher. A startup with €500,000 in turnover that breaches a transparency duty is not exposed to €15 M: it is exposed to at most 3% of that turnover — €15,000. That is a real number, not trivial, but it is orders of magnitude away from the headline. The obligations must be met; the "AI Act = end of small operators" narrative must not.

There are also tools built for SMEs and startups: the regulatory sandboxes (Art. 57–62) let you test AI systems in a controlled environment with simplified documentation and a regime of substantial immunity for good-faith participants.

Who supervises in Italy

Law 132/2025, of September 23, 2025, is the first national law in the EU to integrate and implement the AI Act. It assigns competences like this:

  • AgID is the notifying authority: it designates and supervises conformity assessment bodies, with a promotional role.
  • ACN — the National Cybersecurity Agency — is the general market surveillance authority, with inspection and sanction powers. It becomes operational on August 3, 2026.
  • Garante Privacy remains the contact point for GDPR and personal data.
  • Banca d'Italia, IVASS, AGCOM keep their sector-specific competences.

What to do now, concretely

A reasonable path for anyone creating with AI who wants to arrive at August 2 in order has a few steps:

  1. Map yourself as deployer or provider. In almost all cases you are a deployer. If you sell a fine-tuned AI system as a product or service, the line gets blurrier — assess this with a professional.
  2. Inventory your published AI content. Separate: (a) images/videos/audio that could fall under the deepfake definition, (b) text touching public interest matters, (c) chatbots or assistants that talk to users.
  3. Adopt a consistent labeling system. The EU Icon or a coherent icon of your own, opening disclaimers on videos, audible notices on audio, text disclaimers on pieces where AI played a generative role — kept stable across every channel.
  4. Write a transparency page. A public policy on your site describing how and where you use AI, which models, with what human review. It is not formally required per piece, but it is the most solid way to handle edge cases.

I publish through a declared AI persona: iamyukimori.com carries a visible AI disclaimer and is a case of applied transparency from before it became a duty. It is not a badge, it is what the regulation is starting to ask of everyone — and the calmest way to arrive at August 2 is to start doing it now.


This article is informational and does not constitute legal advice. For your specific situation, please consult a lawyer specialized in technology law or a compliance professional. Regulatory references: Regulation (EU) 2024/1689 (AI Act), Digital Omnibus package adopted by the EU Council on June 29, 2026, Italian Law 132/2025. This content is produced with AI assistance and editorially reviewed by a human before publication.