The practical issue is not only law. Platforms have been reading AI-related metadata and applying automated labels since 2023. What changes in August 2026 is that the disclosure expectation behind those labels gets legal backing — meaning the metadata ecosystem will grow more entrenched, not less.
For creators, the necessary response is visibility. Understanding what is embedded in your files, why platforms read it, and when keeping or removing it is the right decision is more useful than waiting to see how enforcement develops.
What Article 50 of the EU AI Act requires
Article 50 of the EU AI Act covers transparency obligations for AI systems that interact with humans and for AI systems that generate synthetic content. The provisions most relevant to creators are in Article 50(4) and 50(5), which address AI-generated and AI-manipulated content:
In practice, this means AI image generators — tools like Midjourney, DALL-E, Adobe Firefly, and Stable Diffusion — must embed machine-readable provenance markers in outputs they produce for users in the EU. The C2PA standard is the dominant technical implementation of this requirement.
The obligation in Article 50(4) falls on the AI system provider, not the end user. A creator using Midjourney is not directly liable for whether Midjourney embeds C2PA credentials — Midjourney is. However, once those credentials are in the file, every platform that reads them may apply a label regardless of who uploaded the image.
Article 50(5) addresses disclosure to the audience: when AI-generated content is published, there should be a disclosure that the content is artificially generated. This is where creator responsibility becomes more direct, particularly for professionally produced or commercially distributed content.
The enforcement timeline
The EU AI Act (Regulation 2024/1689) was published in the Official Journal of the EU on July 12, 2024. Its provisions apply in phased stages:
- August 2, 2025: Prohibited AI practices provisions become enforceable.
- August 2, 2026: General-purpose AI model obligations and transparency obligations under Article 50 become enforceable. This is the most significant date for content creators.
- August 2, 2027: Obligations for high-risk AI systems covered under specific EU directives become enforceable.
- August 2, 2030: Remaining high-risk AI system obligations under Annex I become enforceable.
The August 2, 2026 date does not introduce new legal obligations for most individual creators. What it does is formalise the framework under which AI system providers must mark their outputs — which in turn makes the metadata infrastructure that platforms already use legally expected rather than optional.
What C2PA content credentials are and how they work
C2PA (Coalition for Content Provenance and Authenticity) is a technical standard developed by Adobe, Microsoft, Google, OpenAI, and major platforms including the BBC, Reuters, and Truepic. The standard defines how to embed a cryptographic provenance manifest inside an image, audio, or video file.
A C2PA manifest contains:
- Digital source type — whether the content is trainedAlgorithmicMedia, compositeSynthetic, or humanEdited, using the IPTC Digital Source Type vocabulary
- Generating software — the tool that created or modified the file (e.g., Adobe Firefly, DALL-E 3, Midjourney)
- Actions history — a log of edits applied to the file, such as cropping, colour adjustment, or generative fill operations
- Timestamps — when the content was created and when specific actions were applied
- Cryptographic hash — a fingerprint of the file content, allowing platforms to detect if the file has been modified after signing
The manifest is stored as an additional segment within the file, separate from the pixel data. Removing it does not change what the image looks like.
Which platforms already auto-detect and label content
Platform-level AI labeling has been active since 2023 and is expanding:
- Instagram and Facebook (Meta): Apply "AI Info" labels to images and videos that contain C2PA credentials or that Meta's own detection system identifies as AI-generated. Disclosure is required for realistic synthetic content in ads and political content.
- Pinterest: Detects C2PA credentials and applies AI labels to affected content. Creators have reported false positives from AI-assisted editing tools like Photoshop generative features.
- TikTok: Requires creators to disclose AI-generated content using in-app labels. TikTok also reads embedded metadata to auto-apply labels in some cases.
- LinkedIn: Applies labels to images identified as AI-generated using metadata signals.
- YouTube: Requires disclosure for realistic-looking synthetic content in descriptions or comments. Is building toward metadata-based detection.
Platform behaviour is not standardised. The same file may be labeled on one platform and not another. Detection sensitivity changes without notice. This is why file-level metadata visibility matters more than any individual platform's current policy.
When you should keep AI metadata
Transparency has legitimate value in many contexts. Reasons to preserve C2PA credentials and AI provenance metadata:
- Commercial and advertising content: Platform policies increasingly require AI disclosure in ads. Removing metadata that would provide that disclosure while continuing to run the ad as undisclosed is the wrong approach.
- News and editorial content: Media organisations are adopting C2PA credentials as a provenance signal for authenticity. If your content is produced for editorial use, preservation may be a contractual or professional requirement.
- Client deliverables with disclosure requirements: Some clients or contracts explicitly require AI provenance to be preserved. Always check client terms before cleaning metadata.
- Content for which disclosure is legally required: Depending on jurisdiction and content type, disclosure may be mandatory. If the EU AI Act's Article 50(5) applies to your content, removing disclosure metadata without another disclosure mechanism in place is not the right response.
When you might want to remove AI metadata
There are legitimate reasons to remove AI content credentials from files you have the right to modify:
- False positives from AI-assisted editing: Photoshop's generative fill, Denoise, and Sky Replacement features embed C2PA credentials even when used lightly on predominantly human-captured photography. The resulting label may not accurately represent how the image was produced.
- Privacy: C2PA credentials can contain information about the software and workflow used to produce a file — information the creator may not want to share publicly.
- Platform compatibility: Some legacy platforms or publishing systems do not handle C2PA manifest blocks correctly and may corrupt or reject files that contain them.
- Workflow provenance you want to keep private: The actions log in a C2PA manifest may reveal commercial relationships, software subscriptions, or production details the creator considers confidential.
How PrivyClean helps
PrivyClean reads C2PA manifests, IPTC Digital Source Type fields, XMP AI generation markers, and related provenance metadata from image files. It shows you what is embedded before you decide what to do with it.
The workflow is: inspect, decide, then export. PrivyClean processes everything locally on your iPhone or Mac — no upload, no cloud service, no file leaves your device. This is particularly important for professional or commercially sensitive files.
Related guides
- EU AI Act for content creators: practical steps before August 2026
- EU AI Act for photographers: do AI-edited photos need disclosure?
- What is C2PA? Content credentials explained in plain English
- How to remove AI labels and content credentials from images
- Why Instagram labels your photos as AI-generated