EU AI Act Article 50: What UK SME Websites Need to Know Before 2 August 2026

What is EU AI Act Article 50?

Article 50 sits inside the transparency obligations of the EU AI Act, the European Union's headline regulation on artificial intelligence. It is the part that affects almost every business with a website, not just companies building their own models.

Article 50 covers four practical scenarios. First, chatbots and AI assistants: users interacting with one must be told they are dealing with AI, unless that fact is already obvious from the context. Second, synthetic content: any AI-generated image, video, audio or text put out by your business must be marked as artificially generated or manipulated, in a machine-readable form. Third, deepfakes: where AI is used to generate or manipulate content depicting real people, that must be disclosed. Fourth, AI-generated text on matters of public interest: unless a human editor has reviewed it and taken editorial responsibility, it must be labelled as AI-generated.

The rule of thumb: if a user could be misled about whether they are interacting with AI, or whether content was produced by AI, your business has to disclose it.

Does this apply to UK businesses after Brexit?

Yes, where your AI system's output reaches the EU. The AI Act applies extraterritorially, in the same way the GDPR does. The trigger is the output of the AI system being used within the European Union, regardless of where your business is established.

In practice this means a UK small business is in scope of Article 50 if any of the following are true:

• Your website sells to EU customers, or markets to EU users in their language.
• Your website hosts a chatbot or AI assistant that an EU visitor can interact with.
• You publish AI-generated text, images, audio or video that reach EU readers.
• You use AI to produce communications that you then send to EU contacts.

Brexit does not insulate you. If you would have been worried about GDPR, you should be tracking the AI Act.

What does my UK SME website actually need to do?

There are five things to put in place. None of them are technically complex, and most of them are sensible practice anyway.

1. Disclose any chatbot or AI assistant up front

Every chatbot, support widget or AI assistant on your site needs to make clear, at the start of the interaction, that the user is dealing with an AI. A simple opening line — "Hi, I'm an AI assistant; I'll connect you to a person if you need one" — covers this. The disclosure should not be buried in a terms of service link.

2. Mark AI-generated content as AI-generated

If your business publishes AI-written articles, AI-generated images, AI-narrated videos or AI-synthesised audio, label them visibly and ensure the label is machine-readable wherever reasonable. A short byline note ("Content generated with AI assistance and reviewed by [editor name]") is fine. For images and video, embedded metadata or watermarks satisfy the machine-readable side.

3. Use the human-review carve-out properly, or label by default

Article 50 carves out AI-generated text on matters of public interest where a human editor has reviewed and taken responsibility. The carve-out is real but narrow: it requires genuine editorial review, not a rubber stamp. If you are not certain a piece has had meaningful human review, label it.

4. Be explicit about deepfakes and altered imagery

If you are using AI to generate or manipulate content showing real people — including yourself, your team, or any third party — disclose it. This is the area regulators are most alert to, because it is the area most likely to cause harm.

5. Update your privacy policy and terms of service

Add a short, plain-English section explaining where AI is used on your site, what it does, and how users can ask for a human instead. This is good UX as well as a compliance signal.

What are the penalties for non-compliance?

Under Article 99 of the EU AI Act, breaches of transparency obligations can attract fines of up to 15 million euros or 3 percent of global annual turnover, whichever is higher. For a small business the realistic short-term risk is low — enforcement will focus on bigger players first — but the work to be compliant is cheap, and the website changes also tend to improve trust, conversion and AI search citation rates at the same time.

How does this connect to AEO and AI search visibility?

This is the part most owners do not expect: a lot of Article 50 compliance is the same work as good Answer Engine Optimisation.

Clear disclosure of who or what produced a piece of content is something AI search engines actively look for when they decide whether to cite you. Schema markup that says "this is the author, this is when it was published, this is the publisher" is both a compliance signal and a citation signal. Structured, machine-readable content is both Article 50-friendly and ChatGPT-friendly. The work that gets you cited by AI is the same work that proves you are being honest about AI.

If you are already investing in being recommended by ChatGPT, Perplexity, Gemini and Google AI Overviews, you are most of the way to Article 50 compliance on the website side. The remaining steps are mostly disclosure language and a privacy policy update.

Frequently asked questions

Does the EU AI Act apply if I only sell in the UK?

Only if your AI system's output reaches EU users in some way — for example through an EU-facing site, EU-resident customers, or content distributed in the EU. If you are genuinely UK-only with no EU touchpoints, Article 50 does not bite. The safer assumption for most online businesses is that some EU traffic exists, in which case it does.

Do I need to label every AI-generated blog post?

Where a human editor has genuinely reviewed and taken responsibility for the piece, no. Where a model wrote it and shipped without meaningful human review, yes. If in doubt, label it — the disclosure costs nothing and reads as integrity to your audience.

What about a chatbot built by someone else? Whose problem is compliance?

Both the provider (the vendor that built the chatbot) and the deployer (you, the business using it on your site) have separate obligations. Buying a chatbot from a vendor does not transfer your Article 50 duties to them. You still have to make sure your users are told they are talking to an AI.

I do not use any AI on my website yet. Am I exempt?

For now, yes — Article 50 obligations only attach when you are actually deploying AI. The moment you add a chatbot, use an AI writer for content, or generate images with AI, the obligations apply.

Will the UK pass its own version of the AI Act?

The UK has so far signalled a more sector-specific, pro-innovation approach to AI regulation rather than a single horizontal Act. That does not change the picture for SMEs with EU touchpoints, because the EU Act's extraterritorial reach applies regardless of UK domestic law.

The takeaway

Article 50 is not a reason to panic and it is not a reason to ignore. It is a website-structure project: disclose the AI you use, label the content AI produces, document it in your policies, and you have covered the basics that matter. The deadline is 2 August 2026. Doing the work now is cheap; doing it in July is rushed; doing it after a complaint is expensive.

The good news is that the same machine-readable, clearly-attributed, well-structured content that satisfies Article 50 is also the content AI search engines like to cite. Treat it as one project, not two.

Get your website AI-compliance-ready

AEO-REX runs structural audits of UK SME websites against the Article 50 requirements and the broader EU AI Act timeline, then implements the disclosures, schema, and policy updates needed. We are not a law firm and we do not issue legal compliance certificates — but the website-engineering side of compliance is what we do every day.

See AI Compliance-Ready packages →