Article 50 control matrix
Article 50 and Code of Practice control matrix.
Operational mapping of Article 50 transparency scenarios and the 10 June 2026 Code of Practice to SUNURA controls, evidence outputs, and customer responsibilities.
Legal boundary
The Code of Practice is voluntary and subject to Commission and AI Board adequacy assessment. SUNURA supports operational evidence for Article 50(2), 50(4), and 50(5). It does not provide legal advice or certify legal compliance.
| Area | Requirement | Trigger | SUNURA control | Evidence generated | Customer responsibility | Status |
|---|---|---|---|---|---|---|
| Article 50(1) | AI interaction disclosure | A person interacts with an AI system such as a chatbot or AI assistant. | Disclosure policy, persistent notice, runtime API, acknowledgement, and gate evidence. | Notice hash, render event, acknowledgement evidence, and gate event. | Embed and operate the notice in the real product. | Supported operational workflow |
| Article 50(2) / Code Section 1 | Provider-side machine-readable marking | A provider generates or manipulates text, image, audio, or video output. | Watermark/provenance workflow, C2PA-compatible evidence model, machine-readable metadata, and marking evidence route. | Watermark ID, provenance record, C2PA status, detection or verification evidence, and state-of-the-art review log. | Configure production marking, signing, and detection stack where claimed. | Supported where configured |
| Article 50(2) / Code Section 1 | Detection reliability and robustness | Generated media should remain detectable as far as technically feasible. | Detector-assurance flags, verification APIs, watermark verification, and robustness evidence records. | Detector method, limitations, tamper test, and versioned evidence. | Select and validate trusted detector or marking providers for production claims. | Readiness support only |
| Article 50(4) / Code Section 2 | Deepfake labelling | AI-generated or manipulated image, audio, or video could falsely appear authentic. | Deepfake review workflow, publication workflow, EU icon or equivalent label profile, and public verification page. | Classification, label profile, first-exposure evidence, accessibility evidence, and publication review. | Human review and lawful publication decision. | Supported operational workflow |
| Article 50(4) / Code Section 2 | Public-interest AI text | AI-generated or manipulated text informs the public on matters of public interest. | Publication workflow, public-interest classifier, and editorial-control exception record. | Editorial owner, reviewer rationale, notice snippet, or exception evidence. | Record editorial responsibility and publish the notice where required. | Supported operational workflow |
| Article 50(4) / Code Section 2 | Creative, satirical, or fictional deepfake context | Creative or satirical synthetic media is published. | Limited-disclosure workflow that records non-hampering placement. | Creative-context rationale, limited notice, and review record. | Make a lawful contextual decision and avoid hiding the disclosure entirely. | Evidence organisation only |
| Article 50(5) | Clear, distinguishable, and accessible notices | Natural persons first see AI-generated or manipulated content. | Runtime evidence capture, DOM or screenshot evidence, ARIA or alt fields, and label-placement proof. | First-exposure evidence, accessibility evidence, and visibility evidence. | Check the actually implemented surface. | Supported where configured |
| Code signatory readiness | Provider/deployer section selection | An organisation may sign Section 1, Section 2, or both depending on its role. | Role classifier, readiness mapping, and signatory evidence pack. | Role decision, section mapping, and unresolved-gap register. | Senior authorised signatory and legal review. | Readiness support only |
| Adequate other means | Non-signatory evidence position | A non-signatory may need to demonstrate adequate measures if asked. | Code gap register, evidence exports, control matrix, and public verification. | Evidence pack, control map, and audit trail. | Maintain evidence and respond to authority or customer requests. | Evidence organisation only |
