If your SaaS uses AI to interact with users, generate content, or analyze faces and voices, August 2, 2026 is the date you cannot ignore. That is when Article 50 of the EU AI Act starts to apply, and it changes the rules for how AI must be disclosed to users in the European Union. This guide walks through what Article 50 actually says, the four cases that apply to most SaaS companies, why burying the disclosure in your terms of service is no longer enough, and a practical checklist to be ready before the deadline.

What Article 50 actually says

Article 50 sits inside Chapter IV of the EU AI Act and creates transparency obligations for providers and deployers of certain AI systems. It does not regulate the AI itself. It regulates how users are informed that AI is in play. The article comes into application on 2 August 2026 under Article 113 of the same Act, alongside the rest of the transparency provisions.

The legal standard is short and demanding. Per Article 50(5):

Information shall be provided to the natural persons concerned in a clear and distinguishable manner at the latest at the time of the first interaction or exposure.

Penalties for non-compliance are not in Article 50 itself. They live in Chapter XII (Articles 99 to 101) and stack on top of the financial risk SaaS companies already face under the GDPR, where European regulators levied roughly EUR 1.2 billion in fines during 2025 alone.

The four transparency cases that apply to SaaS

Article 50 covers four distinct scenarios. Most SaaS products will fall into one or two of them, not all four.

1. Direct AI interaction (Article 50, paragraph 1)

If your product lets users talk to an AI system, whether that is a chatbot, an AI writing assistant, a customer support bot, or any conversational interface, you must inform the user that they are interacting with an AI system. The European Commission's draft guidelines from May 2026 carve out an "obvious" exception, but it is narrower than most teams assume. An AI code assistant aimed at professional developers may qualify as obvious. A chatbot embedded in an online helpdesk for consumers does not.

2. Synthetic content marking (Article 50, paragraph 2)

If your SaaS outputs AI-generated or AI-manipulated text, images, audio, or video, those outputs must be marked in a machine-readable format so they are detectable as artificially generated. The Commission has signaled that multi-layered marking techniques are expected: a single, fragile watermark will not survive scrutiny. Technical feasibility is judged objectively, not based on the size of the company.

3. Emotion recognition and biometric categorization (Article 50, paragraph 3)

If you deploy systems that infer emotions or categorize people based on biometric data, you must inform the affected persons of the system's operation. Disclosure formats are flexible, but the obligation sits with the deployer, not just the upstream provider.

4. Deepfakes and AI-generated text published as information (Article 50, paragraph 4)

If your platform generates or manipulates audio, image, or video content that constitutes a deepfake, you must disclose that the content is artificially generated. The intent to deceive is irrelevant. Even artistic or creative use requires disclosure, although the form can be attenuated to preserve the work.

Why burying AI disclosure in your terms of service is no longer enough

For years, the default move when a regulator added a disclosure obligation was to add a clause to the privacy policy or terms of service and call it done. Article 50 closes that door explicitly.

The Commission's May 2026 draft guidelines state that a disclosure "buried in terms and conditions, manuals, or layered menu options" does not satisfy the requirement. Information must be:

  • Noticeable and easy to understand by the person concerned, including persons with accessibility needs
  • Easy to identify as separate from other information and the environment in which the content is presented
  • Provided at the latest at the time of the first interaction or exposure, individually, for each user

In practice that means three changes most SaaS teams have to make:

  1. The privacy policy needs a dedicated, plainly titled section on AI usage, not a sentence hidden in a longer paragraph.
  2. The product UI itself needs to announce "this is an AI" the first time a user opens the AI surface, in language that an average consumer can recognize.
  3. For synthetic content, the output itself carries the disclosure (label or watermark), not just the documentation about the output.

The August 2, 2026 deadline is the same for all four cases. There is no extended runway for synthetic content marking or for biometric categorization. Teams that are still planning watermarking pilots in mid-2026 are already running out of time.

A practical checklist before August 2, 2026

Whether you are a one-person SaaS or a 50-person company selling into the EU, the work breaks down into the same steps. The order matters because each step depends on the previous one.

  1. Map every AI surface in your product. Anywhere your software talks to a user with AI, generates content, or analyzes images of people, write it down. Include features in beta and behind feature flags.
  2. Classify each surface against the four cases. Most SaaS lands on case 1 and sometimes case 2. Cases 3 and 4 are common for video, audio, and media tools.
  3. Apply the "obvious" test honestly. If your buyer is a professional developer using an AI code assistant, the exception is plausible. If your end user is a consumer in a helpdesk widget, it is not.
  4. Update the privacy policy. Add a section titled something like "How we use AI" and describe each surface, what the AI does, what data it processes, and the legal basis. Keep the language plain.
  5. Update the product UI. Add a first-run disclosure on every AI surface. A small banner saying "You are chatting with an AI assistant" satisfies the rule. Burying it in a tooltip does not.
  6. Implement synthetic content marking. If you generate text, follow the human-review exception narrowly. If you generate images or audio, plan for at least one watermarking layer plus C2PA metadata.
  7. Snapshot the new policy. Keep a public, dated record of the policy version that is in force on August 2, 2026. EU procurement teams will ask.

Where Termerly fits in

Termerly is a free AI generator and host for legal pages. It does not provide legal advice and it does not classify your AI systems for you under the AI Act. What it does, that is useful for this deadline, is three concrete things.

  • The editor handles a dedicated AI disclosure section cleanly, with callouts and headings, so the content reads as separate from the rest of the privacy policy rather than buried inside an existing clause.
  • The version history takes an immutable snapshot every time you publish. That gives you a permanent, link-shareable record of the policy that was live on August 2, 2026, which is exactly the artifact a procurement team or a regulator will ask for.
  • If you run several SaaS products from the same account, each project keeps its own policies and its own version history, so updating six sites at once is mechanical rather than chaotic.

Conclusion

Article 50 of the EU AI Act is short, but the way it lands on a SaaS team is not. The change is not "add a clause to your terms of service." It is "treat AI disclosure as a first-class part of the user experience and the legal record." August 2, 2026 is fixed. The cost of doing nothing is not only the fine framework in Chapter XII, but also the practical friction of every EU procurement team asking you for an AI disclosure artifact and finding nothing.

The good news is that the work is bounded. Map the surfaces, classify, update the policy, update the UI, mark synthetic outputs, snapshot. Then you have something to point to. Open a free Termerly project and draft the AI disclosure section for your privacy policy. The cutover will be quieter that way.