AI Act: Mandatory AI Transparency from 2 August 2026 — What Changes for Italian SMEs

On 2 August 2026, Article 50 of Regulation (EU) 2024/1689 (AI Act) becomes directly applicable: any Italian company using chatbots, generating synthetic content, or employing emotion recognition systems is already a "deployer" with concrete legal obligations — regardless of revenue or company size.

Regulation (EU) 2024/1689 applies directly across all EU Member States without national transposition. The date of 2 August 2026 is set by Article 113 of the Regulation and cannot be deferred by Italian legislation or administrative action. If your company uses a chatbot for customer care, generates AI-produced images or videos for marketing, or has activated a voice tone analysis system for HR interviews, you are already a deployer subject to Article 50 — and less than two months remain.

What Kicks In on 2 August 2026

Article 50 — Four Operational Obligations

Article 50 establishes four categories of transparency obligations, all effective from the same date.

Paragraph 1 — Interactive systems: anyone deploying a chatbot, a voice assistant, or any AI system that interacts directly with users must inform them — clearly, at first contact — that they are interacting with an artificial intelligence system. Exception: systems authorised for criminal law enforcement.

Paragraph 2 — Synthetic content: anyone generating or distributing AI-produced images, audio, video, or text must apply machine-readable marking (digital watermarking). The obligation applies "where technically feasible", but the burden of proof for technical infeasibility falls on the deployer.

Paragraph 3 — Emotion recognition and biometrics: anyone using AI systems to detect emotions or biometrically categorise individuals must inform those individuals in advance. Exception: criminal detection systems with specific statutory safeguards.

Paragraph 4 — Deepfakes and AI text for public information: deepfake content (AI-generated realistic images, video, or audio of real people) must be labelled as artificial. AI-generated text used to inform the public on matters of general interest must be identified as AI-generated. Exceptions: artistic, satirical, and creative works with appropriate disclosure; text editorially reviewed by a human who assumes editorial responsibility.

Who Is a "Deployer" Under the Regulation

The Regulation distinguishes providers (those who develop or place an AI system on the market) and deployers (those who put it into use in a professional context). For Article 50, obligations fall on the deployer — with no turnover or size thresholds.

Practical examples for an Italian SME with €5–20M in revenue:

• LLM-based customer care or e-commerce chatbot (par. 1)
• AI image generator for social media campaigns, newsletters, or product catalogues (par. 2)
• HR system with emotion recognition or voice tone analysis during recruitment (par. 3)
• Promotional videos featuring AI-generated synthetic presenters (par. 4)

You do not need to have built the system in-house: deploying it in a professional context is sufficient. We covered the regulatory simplification angle in the AI Act Omnibus package; here the focus is on the transparency obligation taking effect now.

The Operational Timeline

Consultations Already Closed (June 2026)

The European Commission conducted two public consultations to develop operational guidelines for the AI Act:

• Transparency guidelines (Art. 50): consultation closed 3 June 2026.
• Guidelines on high-risk AI system classification: consultation closed 23 June 2026 (22:00 CET).

Final guidelines — expected before 2 August — will specify technical requirements for content marking and user disclosure.

Code of Practice on Transparency (Art. 50 par. 7)

Article 50 par. 7 provides for a voluntary Code of Practice specifically on AI content labelling and transparency, with its final version expected in June 2026. This is distinct from the General-Purpose AI Code of Practice (adopted July–August 2025 for foundation model providers such as GPT, Gemini, Claude): that code does not apply to SME deployers.

Adhering to the transparency Code of Practice offers a streamlined pathway to demonstrate compliance with lower administrative burden. Adherence is not mandatory, but it is a strategic choice for organisations seeking to document compliance with limited resources.

2 August 2026 — A Non-Extendable Deadline

Article 113 of the Regulation sets the date of application of Article 50 as 2 August 2026. No European or national mechanism allows a deferral: the Regulation is directly applicable in all 27 Member States.

What to Do Now

Less than two months to the deadline: it is tight but sufficient to establish a basic compliance posture.

1. Map your AI systems in use. Inventory your chatbots, content generators, and AI-enabled HR tools. For each, verify whether you are a provider or a deployer — the distinction is often clarified by the supplier contract.
2. Update user disclosures. Do your interfaces (chatbots, forms, web pages) already inform users that they are interacting with AI? Is that information visible "at first contact"? Update privacy notices and T&Cs where needed.
3. Verify synthetic content marking. For AI-generated images, audio, and video, does the technology in use produce machine-readable watermarks? If not, assess alternative or supplementary tools.
4. Train the people involved. Those who approve marketing content, manage HR recruitment, or supervise customer care chatbots need to understand their specific obligations. This does not require extensive training: a 2–3 hour session with precise regulatory references is sufficient.
5. Document the measures taken. Maintain a register of AI use cases (system, supplier, applicable paragraph of Art. 50, compliance measures adopted). In the event of an inspection by ACN or AgID, internal documentation is the first line of defence.

Sanctions

Violations of Article 50 fall under Tier 2 of Article 99 of the Regulation: a fine of up to €15,000,000 or 3% of annual global turnover, whichever is higher — for large companies. For SMEs and start-ups, the Regulation introduces a mitigating mechanism: the lower of the two figures applies.

For an Italian SME with €10 million in turnover, 3% amounts to €300,000. Not €15 million — but not a negligible sum for a mid-sized company. For an SME with €5 million in turnover, the figure drops to €150,000: still higher than any reasonable cost of compliance.

In Italy, Law 132/2025 (Official Gazette, 23 September 2025) has designated ACN as the authority with inspection and sanctioning powers, and AgID for notifications and compliance. The Privacy Guarantor (Garante), AGCM, and AGCOM have jurisdiction over fundamental rights protection (Art. 77 AI Act). The implementing legislative decrees delegated by Law 132/2025 are due by October 2026: some aspects of enforcement may not be fully operational by 2 August.

Sources

• Regulation (EU) 2024/1689, Art. 50 — EUR-Lex (official IT text)
• Regulation (EU) 2024/1689, Art. 113 — artificialintelligenceact.eu (date of application)
• Regulation (EU) 2024/1689, Art. 99 — artificialintelligenceact.eu (sanctions)
• Law of 23 September 2025, n. 132 — Italian Official Gazette (national AI Act authority)
• Transparency guidelines consultation — EC Digital Strategy (closed 3 June 2026)
• High-risk AI classification guidelines consultation — EC Digital Strategy (closed 23 June 2026)
• AI Act implementation — EC AI Office