Self-assessment tool

Article 50 compliance checklist

25 questions to assess your organisation's readiness for EU AI Act Article 50 enforcement. Score yourself, identify gaps, and build a remediation plan before the 2 August 2026 deadline.

Get help with your gaps Read Article 50 breakdown

Scoring

How to use this checklist

20–25 points

Strong readiness. Continue monitoring the final Code of Practice for any late changes.

12–19 points

Gaps identified. Prioritise remediation before August 2026 — focus on multi-layer marking first.

Below 12 points

Significant risk. Immediate action required — contact us for an accelerated compliance review.

Part 1 of 5

Content marking and provenance

  1. Machine-readable marking — Do all AI-generated outputs from your system carry a machine-readable provenance marker (e.g. C2PA content credentials)?
  2. Interoperable standard — Is your marking format based on an open, vendor-neutral standard (C2PA, IPTC, or equivalent)?
  3. Generation-time signing — Are content credentials embedded at the moment of generation, before the content leaves your system?
  4. Generator identification — Does the marking include the identity of the AI system that generated the content (model name, version)?
  5. Timestamp accuracy — Does each credential include a cryptographically verifiable timestamp from a trusted time source?

Part 2 of 5

Multi-layer durability

  1. Secondary durability layer — Does your marking survive a screenshot, social-media re-upload, or metadata-stripping editor?
  2. Multi-layer architecture — Do you use at least two independent marking techniques (e.g. in-file metadata + on-chain registration)?
  3. Hash-based recovery — Can a third party recover provenance information from the content's fingerprint alone, even without embedded metadata?
  4. Format resilience — Does your marking survive common format conversions (JPEG to PNG, video transcoding, audio re-encoding)?
  5. Cross-platform verification — Can your marking be verified by independent tools not operated by your organisation?

Part 3 of 5

Consent and licensing

  1. Consent receipts — Do you log verifiable consent receipts for content used in AI training or generation?
  2. TDM policy — Do you publish a machine-readable TDM (text and data mining) policy at /.well-known/tdm-policy.json?
  3. Terms of service — Do your terms of service explicitly address AI-generated content disclosure obligations?
  4. Licensing chain — Can you demonstrate an auditable licensing chain from original creator to AI-generated derivative?
  5. Data processing records — Do you maintain Article 30 GDPR records of processing activities for content used in AI generation?

Part 4 of 5

Audit and verification

  1. Third-party verification — Can a third-party auditor verify your marking without contacting your team?
  2. Audit dashboard — Do you have a dashboard or reporting tool that exports compliance evidence on demand?
  3. C2PA validator — Have your engineers tested your marking with the official C2PA validator tool?
  4. Incident response — Do you have a documented response plan for Article 50 compliance incidents?
  5. Scheduled audit — Have you scheduled a third-party compliance audit before 2 August 2026?

Part 5 of 5

Organisational governance

  1. Compliance owner — Has your organisation designated a responsible person or team for Article 50 compliance?
  2. Staff training — Have relevant staff (engineering, legal, content teams) received training on AI Act transparency obligations?
  3. Vendor assessment — Have you evaluated your technology vendors for Article 50 compliance capability?
  4. Documentation — Do you maintain written policies and procedures specifically addressing AI content transparency?
  5. Multi-jurisdiction coverage — Does your compliance programme cover other AI transparency regulations (California SB 942, NIST AI RMF) alongside Article 50?

What Capture covers

Checklist items Capture addresses

15
Checklist items directly addressed by Capture
10
Items requiring organisation-specific governance
1-2 wks
Typical integration timeline

Capture directly addresses items 1-10 (content marking and multi-layer durability), items 11-12 and 14 (consent and licensing), and items 16-18 (audit and verification). The remaining items require organisation-specific policies that we help you design during the 30-day compliance POC.

Frequently asked

Checklist questions

Who should use this compliance checklist?

This checklist is designed for compliance officers, CTOs, and risk managers at organisations that develop or deploy AI systems generating synthetic content (images, video, audio, or text) that may reach users in the European Union. It is equally relevant for organisations based outside the EU if their AI-generated content is accessible to EU residents.

How is the scoring system calculated?

Each of the 25 items is scored as Yes (1 point), Partial (0.5 points), or No (0 points). A total score of 20 or above indicates strong readiness. A score of 12-19 indicates gaps that should be addressed before August 2026. Below 12 indicates significant compliance risk requiring immediate action.

Is this checklist a substitute for legal advice?

No. This checklist is an educational self-assessment tool to help organisations identify potential compliance gaps. It does not constitute legal advice. Organisations should consult qualified legal counsel familiar with the EU AI Act for formal compliance opinions.

How often should we repeat this assessment?

We recommend quarterly reassessments, especially as the Code of Practice is finalised in mid-2026. After enforcement begins on 2 August 2026, semi-annual reviews aligned with your internal audit cycle are sufficient, unless there are material changes to your AI systems.

Can Capture help with all 25 checklist items?

Capture directly addresses items related to content marking, multi-layer provenance, metadata durability, audit evidence, and consent receipts (approximately 15 of the 25 items). The remaining items cover organisational governance, legal documentation, and process controls that are specific to each organisation.

Need help closing your compliance gaps?

Our compliance team will review your assessment, identify the fastest path to Article 50 readiness, and set up a free 30-day proof-of-concept.

Schedule a compliance review See how Capture helps