Overview
On June 10, 2026, the European Commission's AI Office published the final Code of Practice on Transparency of AI-Generated Content. The Code is a voluntary framework that helps providers and deployers comply with Article 50 of the EU AI Act, the part of the law that covers transparency obligations for AI-generated and manipulated content.
The Code does not create new legal obligations on its own. Instead it sets out a practical way to meet the Article 50 requirement that AI-generated or manipulated outputs — including images — be marked so they are detectable as artificial.
What the Code Asks Providers to Do
Under the Code, providers of generative AI systems are expected to mark their outputs in a machine-readable format and make them detectable as artificially generated or manipulated. The guidance describes recording whether content is AI-generated in the file's metadata, with that information digitally signed and time-stamped so it can be verified later.
The framework deliberately avoids mandating one single technology. It calls for approaches that are effective and interoperable "as far as technically feasible," and it pairs machine-readable marking with separate provisions for labelling deepfakes so that ordinary viewers, not just software, can tell when content has been synthesised or altered.
Where Signed Metadata and C2PA Fit
The Code's requirements — machine-readable, digitally-signed, time-stamped provenance embedded in the file — line up closely with how C2PA Content Credentials already work. Industry bodies covering the announcement, including the IPTC, noted that C2PA is currently the main standard meeting those criteria, with CAWG metadata as a complementary layer.
That matters because provenance is carried in the image's metadata, the same kind of data that already records camera model, capture time, and GPS location. Signed Content Credentials add a tamper-evident record of how a file was created or edited. The catch is the same one that affects all image metadata: it can be stripped. Many platforms and re-encoding steps discard metadata blocks, which removes provenance along with everything else.
Timeline and Enforcement
The Article 50 transparency obligations become applicable on August 2, 2026. Signing the Code is voluntary, but it is intended as the reference path to demonstrate compliance with those obligations. The Code also points toward future interoperability work so that detection mechanisms from different providers can recognise each other's markings rather than each vendor building an isolated system.
The publication continues a steady run of provenance milestones over the past year, from camera makers building C2PA capture into hardware to AI image providers adopting Content Credentials and watermarking on their outputs.
Why It Matters for Image Handling
For anyone who works with images on the web, the direction of travel is clear: provenance metadata is becoming part of how images are expected to travel, especially for AI-generated or AI-edited pictures destined for EU audiences.
It is worth understanding what your tools do to that metadata. Conversion, compression, and resizing can all drop metadata blocks unless the tool is built to preserve them. PhotoTools processes images locally in your browser and does not upload them to a server; if you need to keep — or deliberately remove — embedded metadata, do it knowingly rather than by accident, and check the output before you publish.