Skip to content

Field note

EU AI Act transparency checklist

The EU AI Act transparency date is close. UK businesses need an inventory of customer-facing AI, clear disclosures and evidence that each control works.

The next useful EU AI Act date for many ordinary businesses is 2 August 2026. That is when the Act's transparency rules apply. They cover specific situations, including people interacting with an AI system and exposure to certain AI-generated or manipulated content.

A UK address does not settle whether the rules matter. A business selling to, supporting or operating in the EU may still need to assess its role and reach. This is not a reason to label everything “made with AI”. It is a reason to identify the precise customer journeys and content types that may be in scope.

Start with an AI interaction inventory

Do not start with a policy template. Start with a list of live interactions.

For each website, app, support channel and campaign, record:

  1. where a person can interact directly with an AI system;
  2. whether the experience could reasonably be mistaken for a human;
  3. whether AI creates or alters images, audio or video;
  4. whether AI-generated text is published to inform the public on a matter of public interest;
  5. whether emotion recognition or biometric categorisation is used; and
  6. which supplier provides the model, interface and content-marking capability.

The European Commission distinguishes between providers, which develop or place systems on the market, and deployers, which use them. A company can have different roles in different workflows. A bought-in support chatbot and a customer tool built on an API should not be assumed to create the same duties.

Check the disclosure at the point of use

A privacy notice buried in the footer is not a working chatbot disclosure. The user should receive the relevant information when they encounter the AI interaction, unless the circumstances already make that obvious.

For a customer-service assistant, test the actual opening state on mobile and desktop. The disclosure should survive cookie choices, language changes and hand-off to a human. It should not use a fictional staff name or avatar that undermines the message.

Also write down what the system can and cannot do. “AI assistant” tells a customer very little if the tool can cancel an order, recommend a financial product or send personal data to a third-party service.

Separate visible labels from machine-readable marking

The Commission's summary describes two different control types:

  • providers of generative AI systems have duties around machine-readable marking and detectability of generated or manipulated outputs; and
  • deployers have visible disclosure duties for specified uses, including deepfakes and some public-interest text.

Do not collapse these into one watermark decision. Ask the supplier what marking is added, which output formats preserve it and what happens after an image is resized, a video is edited or text is copied into a content management system.

The voluntary Code of Practice on Transparency of AI-generated content was published on 10 June 2026. The Commission found it adequate on 8 July, and the AI Board adopted its assessment the next day. Signing can help demonstrate compliance, but the Commission says it is not conclusive evidence of compliance. Keep a dated note against the final code and re-check the supporting transparency guidelines when they are finalised.

Build evidence, not just wording

A small evidence pack is more useful than a long AI policy. Keep:

  • the inventory and the reason each use is in or out of scope;
  • screenshots of disclosures in the live customer journey;
  • supplier documentation for machine-readable marks;
  • test files showing whether marks survive normal publishing steps;
  • the owner who reviews changes to the AI system; and
  • the date the assessment will be reviewed.

If a vendor changes the model, adds voice, enables image generation or expands an agent's actions, run the assessment again. The use case has changed even if the product name has not.

A practical two-week route

In week one, map the customer journeys and identify the provider/deployer question for each one. In week two, add the disclosures, test the marking path and document gaps that require supplier or legal input.

This work fits naturally inside an AI governance review. The result should be a short control register that marketing, support and product owners can actually maintain. It is an operational starting point, not legal advice; questions about territorial scope or a specific Article 50 exception need qualified advice.

Source basis

Keep reading

Related notes

11 Jul 2026 · 4 min

AI agents and UK consumer law

An AI supplier does not take responsibility away from the business. Customer-facing agents need truthful wording, tested rules, monitoring and a stop route.