Was the EU AI Act delayed? What Article 50 means for your business in 2026.

The short answer

No. Not for you.

If your website has a chatbot, a live chat powered by AI, or any AI assistant that responds to visitors in real time — you are required by law to disclose that to users. That obligation takes effect 2 August 2026. It was not delayed. It is not under review. It is not optional.

You have 50 days.

What actually got delayed

The EU AI Act is a large piece of legislation — hundreds of articles covering everything from facial recognition at borders to loan approval algorithms to hiring software. Some of those provisions are genuinely complex, affect major industries, and require years of preparation.

In May 2026, the EU agreed to push back the timelines for those high-risk obligations — things like AI used in job hiring decisions, credit scoring, and critical infrastructure. Those systems need independent audits, technical documentation, and regulatory registration. Postponing those made sense.

That delay affected Articles 6–15 of the AI Act. Not Article 50.

The confusion is understandable. "EU AI Act delayed" is a headline that ran everywhere. Most journalists, most blog posts, most LinkedIn summaries focused on the high-risk story — because that's where the enterprise lobbying money was. Small business owners read the same headline and drew the wrong conclusion.

What Article 50 is

Article 50 is the transparency chapter. It says: when a person interacts with an AI system, they have a right to know they're talking to AI. It is not about safety audits or technical certification. It is about a notice. A disclosure. A simple statement at the start of the conversation.

"You are talking with an AI assistant."

That's the core of it.

The regulation specifies that this disclosure must be:

• Clear. Not hidden in a footer or buried in a privacy policy.
• Timely. At the latest at the very first interaction.
• Distinguishable. Formatted so users actually notice it — not three-point grey text under a chatbot window.

The EU Commission published 40 pages of draft guidelines in May 2026 specifically interpreting what this means in practice. One thing they made explicit: disclosures shown only once and then never again may not be sufficient for AI systems where users develop ongoing relationships. Buried disclaimers don't count.

Who this applies to

Article 50 applies to any business that deploys an AI system interacting with people — regardless of where the business is based. If your customers are in the EU, the rule applies to you.

In practice, this means:

• A Shopify store using an AI chatbot for customer service
• A WordPress site with an AI assistant answering product questions
• A SaaS tool where an AI helps users accomplish tasks
• Any live chat powered by ChatGPT, Claude, Gemini, or any other model
• Phone agents and IVR systems driven by AI

You do not need to be a large company. You do not need to be based in Europe. You do not need to be in a regulated industry. If EU users interact with your AI, you are in scope.

The four obligations, in plain English

Article 50 actually contains four separate obligations. Most businesses only need to worry about one, but here they are:

Article 50(1) — Chatbot disclosure.

Applies to you if you use any AI system that interacts directly with people. The deadline is 2 August 2026. No exceptions. No grace period.

Article 50(2) — Machine-readable marking.

Applies to AI systems that generate content — images, video, audio, text. For systems already on the market before August 2026, there's a grace period until 2 December 2026 to implement the technical marking standard. Systems launched after August 2026 must comply immediately.

Article 50(3) — Emotion recognition.

Applies if your AI detects or infers emotional states. Must disclose this to people being processed.

Article 50(4) — Deepfake labelling.

Applies if you publish AI-generated video or audio depicting real people or realistic events. Requires clear labelling as AI-generated.

Most small businesses need to focus on 50(1). That's the chatbot rule. That's the August deadline.

The fine structure

Non-compliance fines are calculated as a percentage of global annual turnover — up to 3%. Not European turnover. Not revenue from EU customers. Global turnover.

For a business turning over €500,000 per year, the maximum exposure is €15,000.

No one expects mass enforcement on day one. But regulators enforce examples. And the businesses most likely to be made examples of are the ones who were publicly, obviously non-compliant after the deadline had been publicly, widely publicised.

That is exactly the situation you are in right now, reading this in June 2026.

What you need to do

Three things. In this order.

1. Check whether you're actually in scope. Not every website that uses AI is a chatbot deployer under Article 50. An AI tool that only helps you as an operator — not your users — may not be covered. The lines are worth understanding before you spend any time or money.

2. Draft the correct disclosure. "Powered by AI" is probably not enough. The regulation and the draft guidelines set specific expectations around clarity, timing, and format. The disclosure text needs to name the AI nature of the system, appear at first interaction, and be impossible to miss.

3. Keep a record. This is the part most businesses will miss. Having a compliant disclosure is not the same as being able to prove you had a compliant disclosure on a specific date. If a complaint is filed or a regulator asks, you need to show: the disclosure existed, it was shown, it was shown before the first interaction, and it was shown consistently. A screenshot saved on 1 August 2026 does not prove ongoing compliance in October 2026.

What happens when an authority actually contacts you?

Most small businesses think about the EU AI Act fine as an abstract number — 3% of turnover, up to €15 million. What they do not picture is the process that produces that number.

When a national competent authority opens a case under Article 99, they issue a formal production request. You typically have 14 calendar days to provide documented evidence of compliance. Not a promise that you were compliant. Not a copy of your current website. Evidence that was in place at the time.

Article 99(7) requires the authority to consider calibration factors when setting the actual fine within the ceiling. The relevant ones for a small business owner:

• Article 99(7)(f): Degree of cooperation with the authority to remedy the infringement and mitigate adverse effects
• Article 99(7)(g): Degree of responsibility — taking into account technical and organisational measures implemented
• Article 99(7)(i): Whether the infringement was intentional or negligent
• Article 99(7)(j): Any action taken to mitigate harm

In practice: a business that had a compliant disclosure in place, can produce a timestamped log showing the notice fired, and cooperates promptly with the authority will face a materially lower fine than one that had nothing and scrambles to patch it after the fact. GDPR enforcement history shows documented good-faith compliance programmes reduce fine exposure significantly. Article 99(7) is written in deliberate parallel to GDPR Article 83(2).

The cheapest moment to build your compliance record is before the email arrives. Once you receive it, you are already assembling evidence under time pressure — and anything you do after the fact does not count as proactive good-faith.

This is general guidance, not legal advice. Consult a qualified EU technology lawyer for your specific situation.

What happens if you do not comply — Article 99 and real enforcement

Article 50 is enforced under Article 99 of the EU AI Act. The fines are not theoretical.

For violations of Article 50 transparency obligations, the maximum fine is the higher of: 15 million euros, or 3 percent of global annual turnover. The turnover figure is global — not EU-only. A business with 500,000 euros in annual revenue has a maximum fine exposure of 15,000 euros. A business with 2 million euros in annual revenue faces up to 60,000 euros. The fine calculator on the Disclo home page lets you put a real number on your specific exposure in seconds.

Enforcement is handled by national market surveillance authorities in each EU member state. Each country designates its own authority. They do not need to coordinate across borders to act against a single business. A Dutch authority can fine a Spanish-registered company serving Dutch customers. A German authority can act on an Irish-registered company serving German users. Where you are based does not protect you from where your customers are.

How fast will enforcement ramp? Regulators rarely fine on day one. The realistic pattern, based on GDPR precedent, is that enforcement starts slowly, picks up speed after 12 to 18 months, and then becomes routine. The businesses fined in that ramp-up period are almost always those who made no effort at all — no disclosure text, no record, nothing to show. Having documentation that you understood the obligation and took steps to meet it meaningfully reduces your risk even if the documentation is not perfect. Having nothing is the highest-risk position.

The Article 50 chatbot disclosure obligation is also not the kind of rule where technical complexity gives you cover. It is simple: tell users they are talking to AI, at first interaction, clearly. A regulator inspecting a website can check this in 30 seconds. Non-compliance is not hard to find.

The window is right now

Most businesses that need to comply haven't started. The confusion about whether the deadline applies to them is the exact reason they haven't. That confusion is understandable — but it doesn't protect you legally.

The businesses that act in June and July will spend €59 and 15 minutes. The businesses that wait until late July will spend the same €59 and 15 minutes, except they'll be doing it in a panic, probably getting something wrong, and definitely losing the low-stress option.

Find out whether Article 50 applies to your business — it takes two minutes and it's free.

Disclo provides guidance based on official EU Commission materials, including the draft Article 50 guidelines published 8 May 2026. This article is for informational purposes only and does not constitute legal advice. For complex compliance situations, consult a qualified EU technology lawyer.