EU AI Act · Guide for WordPress

The EU AI Act & WordPress: what Article 50 means for AI images — and the 2 August 2026 deadline

If your WordPress site publishes AI-generated or AI-edited images, the EU AI Act's transparency rules start applying to you on 2 August 2026. Here's what the law asks in plain English, who it covers, and exactly how to comply — for free.

Practical guide · last reviewed July 2026

The short version

  • From 2 August 2026, if you publish AI-generated or AI-manipulated images (deep fakes), you must disclose that they're AI — a duty on you as the deployer (Article 50(4)).
  • AI outputs are also meant to carry a machine-readable mark (Article 50(2)) — primarily a duty on the AI provider. A provisional 2026 agreement gives systems already on the market until 2 December 2026 for that specific marking.
  • Non-compliance can mean fines up to €15 million or 3% of global annual turnover.
  • On WordPress, the practical fix is three layers: a visible badge, embedded IPTC/XMP metadata, and schema.org JSON-LD — which the free AIM Transparency plugin does automatically.
This is a practical guide, not legal advice. The EU AI Act's detailed technical marking standards are still being finalised through the Commission's Code of Practice and standardisation work ahead of August 2026. Whether a specific image is in scope — and what your organisation must do — depends on your circumstances; consult a qualified advisor for your case.

What is Article 50?

The EU AI Act (Regulation 2024/1689) entered into force in August 2024, with obligations phasing in over several years. Article 50 is the part about transparency: making sure people know when they're dealing with AI, and that AI-generated content can be recognised as such. Its transparency obligations become applicable on 2 August 2026.

Article 50 splits into duties on two kinds of party: providers (who build/supply the AI system) and deployers (who use it — that's most WordPress site owners).

Does it apply to my WordPress site?

If you use an AI tool (Midjourney, DALL·E, Firefly, Stable Diffusion, and so on) to generate or edit images that you then publish — on a blog, a news site, a shop, a portfolio — you're acting as a deployer, and Article 50(4)'s disclosure duty is aimed at you. The obligation is strongest for "deep fakes": image, audio or video content that's been artificially generated or manipulated to resemble real people, objects, places or events.

It's an EU regulation, but its reach is broad: it applies where the AI system's output is used within the EU, so non-EU sites with EU audiences are generally caught too. Purely artistic, satirical or fictional work has lighter, context-appropriate disclosure — but "we're a small blog" is not, by itself, an exemption.

The deadlines

  • 2 February 2025 — Article 4 (AI literacy) is already in force.
  • 2 August 2026 — Article 50 transparency obligations become applicable. This is the date to plan for.
  • 2 December 2026 — under a provisional 2026 agreement, generative-AI systems already on the market before 2 August get until this date to meet the Article 50(2) machine-readable marking requirement specifically. (Provisional and still developing — don't rely on it for your own disclosure.)

The four duties — and how to meet each on WordPress

Article 50(1)

Tell people when they're talking to an AI

If your site runs a chatbot or AI assistant, visitors must be told they're interacting with AI, not a human. On WordPress: a small persistent disclosure notice near the chat widget (AIM Transparency ships a notice + an [aim_ai_notice] shortcode for this).

Article 50(2)

Mark AI outputs so machines can detect them

AI-generated audio, image, video and text should be marked in a machine-readable way (e.g. embedded metadata / provenance) so detection tools can recognise it. Primarily a provider duty, but embedding the mark in the files you host is good practice and future-proofs you. On WordPress: write the IPTC/XMP DigitalSourceType tag into the image file, plus schema.org JSON-LD on the page.

Article 50(4)

Disclose AI-generated / manipulated images to people

As a deployer publishing AI-generated or manipulated visual content (especially deep fakes), you must clearly disclose that it's artificial. On WordPress: a visible badge on the image ("AI Generated" / "AI Modified") that a human can plainly see.

Article 4

AI literacy for your team

Already in force: organisations must take steps so staff dealing with AI have a sufficient level of AI literacy. On WordPress: keep a simple record — which AI tools you use, who's responsible, a review cadence. (AIM Transparency includes an Article 4 checklist and a readiness score.)

Penalties

The AI Act carries real teeth. Failure to meet the transparency obligations can lead to administrative fines of up to €15 million, or 3% of total worldwide annual turnover, whichever is higher (figures vary with the specific infringement and are set by national authorities). The point isn't the maximum — it's that "we didn't know" won't be a defence after 2 August 2026.

What you actually need to do

  • Identify which published images are AI-generated or AI-edited.
  • Add a clear, human-visible disclosure to each (a badge).
  • Embed a machine-readable mark in the files and the page.
  • Disclose any AI chatbot/assistant.
  • Keep a short AI-literacy / tooling record for Article 4.

How AIM Transparency handles it

AIM Transparency is a free WordPress plugin built for exactly this. You flag an image as AI, and it applies all three disclosure layers at once — the visible badge, the embedded IPTC/XMP metadata, and the schema.org JSON-LD — across your galleries, featured images and content, on any standard theme. It adds the chatbot notice and an Article 4 readiness checklist too. The core is free forever; Pro adds automatic detection on upload, more image formats, a library scanner and compliance reports.

Frequently asked questions

Do I really have to label AI images on my WordPress site?

If you publish AI-generated or AI-manipulated images to an audience (particularly deep-fake-style content), Article 50(4) asks you to disclose it, from 2 August 2026. Small size doesn't exempt you; genuinely artistic/satirical work gets context-appropriate, lighter disclosure.

Does it apply to non-EU websites?

Generally yes if the AI output is used within the EU or reaches EU users — the Act's scope is not limited to EU-registered companies.

Isn't a visible label enough? Why embedded metadata too?

They serve different parts of Article 50: the visible badge is the human disclosure (50(4)); the embedded IPTC/XMP mark + JSON-LD make it machine-readable (50(2)). Doing both is the robust approach — and a visible badge still works even when a platform strips metadata on re-upload.

What happens if I do nothing?

You risk administrative fines (up to €15M / 3% of global turnover for transparency breaches) and reputational harm. Acting early is cheap; retrofitting under enforcement pressure isn't.

Get compliant in minutes — free

Install AIM Transparency, flag your AI images, and the badge, embedded metadata and JSON-LD are applied automatically. Free forever for the core disclosure stack.

Download the free plugin