79 Days Left: Your Week-by-Week EU AI Act Transparency Compliance Plan

74days until August 2, 2026. That is the date the EU AI Act's transparency obligations become enforceable. Not "sometime in 2026." Not "when regulators get around to it." August 2.

If you deploy AI systems that interact with EU users, generate content, or process biometric data, you have obligations under Article 50. This post is a concrete plan for meeting them in 8 weeks.

The reality check

Transparency compliance is not the hard part of the EU AI Act. The high-risk Annex III obligations — technical documentation, risk management systems, conformity assessment — are the heavy lift, and those have been extended to December 2, 2027.

Transparency is the achievable win. The work is well-defined: tell users they're interacting with AI, label synthetic content, disclose emotion recognition. Most of this is product changes, not paperwork. But "achievable" does not mean "trivial." You need to identify which obligations apply, build the disclosures, test them, and document everything — and you have 74 days.

Weeks 1–2: Classify and scope

Everything depends on knowing what you're dealing with. Before you build anything, you need answers to two questions:

• What risk tier is each AI system? Use the free classifier at getactready.com/classify. Run every AI feature through it — your chatbot, recommendation engine, content generator, moderation tool. Each one may have a different risk level.
• Which Article 50 categories apply? There are four: AI interaction disclosure (chatbots, virtual assistants), emotion recognition, biometric categorisation, and synthetic content (deepfakes, AI-generated text/images/audio). Most companies hit at least one.

The output of this phase is a simple spreadsheet: each AI system, its risk tier, and which transparency categories apply. This scopes all the work that follows.

Common mistake

Forgetting embedded AI. If you use a third-party SaaS tool with AI features (support chatbots, AI-powered search, automated email responses), you are a deployer under the Act. Your vendor's compliance does not cover your deployment context. List these too.

Weeks 3–4: Build disclosures

Now you know what needs disclosing. Build it.

AI interaction disclosure

If users interact with an AI system (chatbots, virtual assistants, AI-powered support), they must be told before the interaction begins. This means a clear notice — not buried in terms of service, not a footnote. A visible, unambiguous statement that they are interacting with AI.

• Add a banner or label at the start of AI-powered conversations
• Update your product UI to show an AI indicator on automated responses
• Review your onboarding flows — if a user's first interaction is with AI, the disclosure must come first

Emotion recognition and biometric categorisation

If your system infers emotions from biometric data (facial expressions, voice tone) or categorises people based on biometric or personal data (age estimation, gender classification), affected individuals must be informed. This requires explicit, timely notification — before processing begins, not after.

What "clear and distinguishable" means

The Act requires disclosures to be "clear and distinguishable" and provided "at the latest at the time of the first interaction or exposure." In practice: visible labels in the product UI, not legal text in a privacy policy. If a reasonable user could miss it, it does not count.

Weeks 5–6: Content labeling

Article 50(2) requires that AI-generated or manipulated content (images, audio, video, text) be labeled in a machine-readable format. This is the technical piece.

• Images and video: embed metadata using C2PA (Coalition for Content Provenance and Authenticity) or equivalent standards. The AI Office has indicated C2PA as the expected approach.
• Audio: same principle — watermarking or metadata indicating AI generation.
• Text: if your product generates text that could reasonably be mistaken for human-written content (reports, articles, summaries, emails), it must be disclosed. The mechanism is less standardised here — visible labels in the UI are the current practical approach.

The labeling must be "effective, interoperable, robust and reliable" and must survive normal use (sharing, light editing). Putting "AI generated" in a filename that gets stripped on upload does not count.

The exception

AI-generated content that undergoes "substantial human review" where a person has editorial control over the final output does not require synthetic content labeling. But the bar for "substantial" is high — minor edits to AI-generated text likely do not qualify.

Weeks 7–8: Test and document

Disclosures built. Labels implemented. Now verify it all works and create the paper trail.

• User testing. Have someone unfamiliar with your product go through every AI-powered flow. Can they tell they're interacting with AI? Is it obvious before the interaction starts? If they have to look for it, it's not compliant.
• Technical testing. Verify content labels survive the full lifecycle — generation, storage, delivery, download. Check that metadata persists after common transformations (resizing, format conversion).
• Documentation. Record what you implemented, when, and why. Screenshot your disclosures. Save the technical specs for your labeling approach. This is your evidence of compliance if regulators ask.

You should also update your privacy policy and terms of service to reflect the new disclosures, though this alone is not sufficient — the in-product disclosures are what the Act requires.

What if you're high-risk?

If your classification revealed a high-risk system, you have two compliance tracks running in parallel. Transparency obligations still hit August 2, 2026. The heavier Annex III obligations (technical documentation, risk management, conformity assessment) are due December 2, 2027 — 561 days from now.

Do the transparency work first using this plan. Then immediately start scoping the high-risk work — it takes 3 to 6 months and involves substantially more documentation and process changes. ActReady can auto-generate your Annex IV technical documentation, risk management plans, and human oversight plans to compress that timeline.

74 days is enough time if you start now. It is not enough time if you start in July. Pick a week, open the classifier at getactready.com/classify, and start.