What the EU’s Deepfake Labelling Rules Actually Require
Article 50 Takes Effect August 2nd, But Regulators, Companies, and Civil Society Still Disagree on What Counts as a “Deep Fake.” Here Is What the Marking Requirement Technically Involves, and Why the Definition Fight Is Not Just Bureaucratic Hairsplitting.
Ground Truth, Episode 29, covered the business and political stakes of the EU's AI content-labelling deadline arriving August 2nd with its core definition still unresolved. This series takes the technical question underneath that story: what does the marking and labelling requirement actually involve at a mechanical level, why is the "deep fake" definition genuinely hard to draw rather than merely bureaucratically slow, and how do content provenance standards like C2PA differ from a simple visible watermark? Day 39 goes underneath the headline deadline.
A watermark tells you an image was generated by a specific tool, right up until someone crops it, screenshots it, or runs it through a second AI system that strips metadata as a side effect. A regulation built to survive that is a much harder engineering problem than a regulation built to require a small logo in the corner, and the fight over the EU's definition is really a fight over which of those two problems Europe is actually trying to solve.
Neal Lloyd · Inside The Machine, Day 39Ground Truth Episode 29 covered the political and business stakes of the EU AI Act's Article 50 deadline: content-labelling obligations taking effect August 2nd, with the underlying "deep fake" definition still genuinely contested between regulators, technology companies, and civil society groups. This series takes the harder technical question: what does marking and labelling AI-generated content actually require at a mechanical level, and why is drawing the definition’s boundary a genuinely hard problem rather than simple bureaucratic slowness? This is Day 39 of Inside The Machine.
A Metadata Tag, a Visible Watermark, and a Provenance Chain Are Three Different Things
The simplest form of AI content labelling is a visible marker: a small watermark or on-screen tag indicating that an image, video, or audio clip was AI-generated. This is the version most people picture when they hear "labelling requirement," and it is also the weakest technically — a visible watermark can be cropped out, painted over, or simply absent from a re-upload, and it carries no information once removed. Regulators know this, which is why Article 50’s actual technical requirements go further than a visible tag alone.
Embedded metadata is a step up: information about a file’s AI-generated origin stored inside the file itself, in a standardized format a downstream system can read programmatically rather than a human having to notice a visible mark. The trouble is that metadata is fragile in a specific, predictable way — most social media platforms and messaging apps strip metadata on upload as a routine part of processing images for their own systems, meaning content genuinely labelled at creation frequently arrives at its destination with no label at all.
Content provenance standards like C2PA (Coalition for Content Provenance and Authenticity) attempt something more durable: a cryptographically signed chain of custody that records not just that content was AI-generated, but the tool that generated it, when, and what edits occurred afterward, designed specifically to survive some, though not all, of the transformations that strip simple metadata. This series flagged C2PA in an earlier entry on AI and democracy; the EU's draft guidelines are, in effect, trying to decide how much of this heavier infrastructure to mandate versus how much lighter-weight labelling to accept as sufficient.
Visible watermark: cheapest to implement, easiest to remove or crop out, carries no information once stripped. Embedded metadata: machine-readable, but routinely stripped by platforms processing uploads for unrelated reasons. Cryptographic provenance (C2PA-style): most durable, survives more transformations, but requires broader industry adoption and infrastructure investment to work at scale.
Why “Deep Fake” Is Genuinely Hard to Define, Not Just Slow to Define
The straightforward cases are easy: a photorealistic video of a person saying something they never said is a deepfake by any reasonable definition, and everyone drafting this regulation agrees it should be covered. The dispute is at the edges, and the edges cover a lot of ground. Does a photo with AI-assisted background removal count? Does a video with AI-upscaled resolution but no altered content? Does a voice memo run through AI noise reduction? Each of these uses AI in the production pipeline without creating the kind of deceptive synthetic content the rule is actually aimed at.
The draft guidelines' broad definition drew pushback specifically because a wide reading could sweep in the kind of routine, non-deceptive AI-assisted editing that has become standard in ordinary photo and video production — noise reduction, colour correction, minor object removal — alongside the genuinely deceptive synthetic media the rule is meant to target. A narrow definition risks the opposite failure: leaving real deceptive content technically uncovered because it does not meet an overly specific technical threshold.
This is not a problem unique to the EU or solvable by simply writing a more careful sentence. Any line drawn between "AI-assisted" and "AI-generated," or between "deceptive" and "routine editing," will have genuine edge cases on both sides, because the underlying technology exists on a continuum rather than in the two clean categories the law wants to sort it into. The consultation pushback the Commission received is best read as evidence the problem is hard, not evidence the Commission did the drafting carelessly.
A law needs a clean line. A production pipeline that runs fifteen different AI-assisted tools across one video, only one of which meaningfully changes what it depicts, does not offer one. That mismatch, not bureaucratic sloth, is why the definition is still being fought over two weeks before the deadline.Neal Lloyd · Inside The Machine, Day 39
Prepare for the Broadest Plausible Reading, Adjust When Clarity Arrives
The single most useful thing a business can do before August 2nd is not to wait for definitional clarity that may not arrive in time. It is to prepare for the broadest plausible reading of the regulation, so that whatever the final guidelines say, the gap between current practice and required practice is small rather than starting from zero. That means auditing which content pipelines involve any form of AI assistance, not just full AI generation, and having a labelling mechanism ready to apply even to borderline cases.
For content clearly and uncontroversially inside the regulation’s scope — synthetic video or audio depicting real people saying or doing things that did not happen — the practical answer is straightforward regardless of how the edge-case debate resolves: implement labelling now, using the most durable method available, since this category was never going to fall outside the rule under any plausible reading of the draft guidelines.
For the genuinely contested middle ground — AI-assisted editing that does not create deceptive synthetic content — the reasonable approach is to track what tools and techniques were used in production, even without applying a formal label yet, so that whichever way the Commission’s final guidance lands, the documentation needed to demonstrate compliance already exists. Waiting until the guidelines are finalised to start that internal tracking process risks a scramble against a deadline that, as of this writing, is not moving regardless of the definitional uncertainty still surrounding it.
A regulation with a fixed deadline and a moving definition puts the burden of uncertainty on whoever has to comply with it. The practical answer is not waiting for clarity. It is building the documentation and labelling infrastructure now, broadly enough to cover whatever the final rule turns out to require.Neal Lloyd · Inside The Machine, Day 39
Inside The Machine, Day 39 · July 22 2026
Neal Lloyd writes about technology, human adaptation, and the uncomfortable questions nobody wants to answer at dinner. Inside The Machine is his ongoing daily series on AI.
- Day 01What Is This Thing?
- Day 02Survive the Machine
- Day 03The Great Debate
- Day 04Who Gets Hurt?
- Day 05Who’s In Charge?
- Day 06The Industries That Win
- Day 07The Human Edge
- Day 08The Creativity Question
- Day 09Does AI Feel Anything?
- Day 10The Data Problem
- Day 11The Trust Question
- Day 12The Accountability Gap
- Day 13The Rewired Brain
- Day 14Open vs Closed
- Day 15The New Cold War
- Day 16Why AI Lies With Confidence
- Day 17AI Is Eating the Power Grid
- Day 18The Age of AI Agents
- Day 19AI Safety Was Never Just Theory
- Day 20The Surveillance Question
- Day 21AI and the Future of Education
- Day 22AI and Your Health
- Day 23What Is AGI and Are We Close?
- Day 24What Is Work For?
- Day 25AI and Democracy
- Day 26AI and the Future of Money
- Day 27Can the Planet Afford AI?
- Day 28Why AI Forgets Everything
- Day 29Can Anyone Actually Govern AI Now?
- Day 30Inside the Jailbreak Severity Framework
- Day 31Why No One Can Guarantee Your AI Agent Will Do What It Was Told
- Day 32Squidbleed: A 29-Year-Old Bug and the Same Capability That Got Fable 5 Recalled
- Day 33How Deterministic Tools Took AI Biology From 16.9% to 92.8%
- Day 34The Three Risks Hiding Inside Your Enterprise’s Chinese AI Traffic
- Day 35The LiteLLM Vulnerability Is a Preview of Gateway Security Done Wrong
- Day 36Why You Cannot Patch an Anti-Addiction Law Onto a Memory-Persistent Companion
- Day 37What It Actually Means to Mathematically Prove Code Is Correct
- Day 38What Your Coding Agent Actually Sends Home
- Day 39What the EU’s Deepfake Labelling Rules Actually RequireYou are here



